Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BraveBrowserSetup-BRV010.exe

Overview

General Information

Sample name:BraveBrowserSetup-BRV010.exe
Analysis ID:1410747
MD5:e3e7498c2436a1570109fbe755af1d40
SHA1:d7fb79f465d2c87ef22088327b5bfb73899fdf7e
SHA256:498e27ed4e5bb584672992f459c0e51cd1e7345889dff1521ccf577b13ed6313
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Benign windows process drops PE files
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Creates an undocumented autostart registry key
Downloads suspicious files via Chrome
Found evasive API chain checking for user administrative privileges
Maps a DLL or memory area into another process
Changes image file execution options
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to debug other processes
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential browser exploit detected (process start blacklist hit)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • BraveBrowserSetup-BRV010.exe (PID: 4072 cmdline: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe MD5: E3E7498C2436A1570109FBE755AF1D40)
    • BraveUpdate.exe (PID: 964 cmdline: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 3300 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 644 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
        • BraveUpdateComRegisterShell64.exe (PID: 1096 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" MD5: F2CA542F38E6B51EDB9790369117F54A)
        • BraveUpdateComRegisterShell64.exe (PID: 2896 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" MD5: F2CA542F38E6B51EDB9790369117F54A)
        • BraveUpdateComRegisterShell64.exe (PID: 2036 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" MD5: F2CA542F38E6B51EDB9790369117F54A)
      • BraveUpdate.exe (PID: 7052 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntEMjYwODU5My01MUZGLTQxOTItQUQwMC00REI0OEQwMTQ2NTB9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MzZCODVENjMtODczMS00NjUxLUEzNUQtMjBCQTE2OTU2QkY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzOTg0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 6824 cmdline: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{D2608593-51FF-4192-AD00-4DB48D014650} MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
  • BraveUpdate.exe (PID: 6308 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
    • BraveUpdate.exe (PID: 368 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
    • BraveCrashHandler.exe (PID: 6536 cmdline: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe MD5: 565DAF0070618C3BBB1D486B0D5A70FA)
    • BraveCrashHandler64.exe (PID: 2448 cmdline: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe MD5: 22DB9D0D4FEC050C0420274D3073994B)
  • BraveUpdate.exe (PID: 6312 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
    • BraveUpdate.exe (PID: 5536 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
    • BraveUpdateOnDemand.exe (PID: 5536 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
      • BraveUpdate.exe (PID: 5464 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
        • iexplore.exe (PID: 7632 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • BraveUpdate.exe (PID: 3164 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
  • svchost.exe (PID: 2580 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • BraveUpdateOnDemand.exe (PID: 3652 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
    • BraveUpdate.exe (PID: 4364 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • iexplore.exe (PID: 5700 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
        • iexplore.exe (PID: 2748 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:9474 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
          • ie_to_edge_stub.exe (PID: 5616 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4 MD5: 473F645F28F5CF7E02FA17D3EB361298)
          • ssvagent.exe (PID: 7076 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
        • ie_to_edge_stub.exe (PID: 3656 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4 MD5: 473F645F28F5CF7E02FA17D3EB361298)
          • msedge.exe (PID: 5308 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4 MD5: BF154738460E4AB1D388970E1AB13FAB)
            • msedge.exe (PID: 6308 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
            • msedge.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5136 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
            • identity_helper.exe (PID: 7932 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
            • identity_helper.exe (PID: 5564 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
        • ssvagent.exe (PID: 3472 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
        • iexplore.exe (PID: 7772 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75012 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
          • ssvagent.exe (PID: 8076 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
        • ssvagent.exe (PID: 8084 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
        • iexplore.exe (PID: 7952 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75018 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
        • iexplore.exe (PID: 7548 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:1840396 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
  • BraveUpdateOnDemand.exe (PID: 8176 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
    • BraveUpdate.exe (PID: 6128 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • iexplore.exe (PID: 7780 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:9474 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 2748, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 7076, ProcessName: ssvagent.exe
Source: Registry Key setAuthor: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 5700, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2580, ProcessName: svchost.exe
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Source: BraveBrowserSetup-BRV010.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: BraveBrowserSetup-BRV010.exeStatic PE information: certificate valid
Source: BraveBrowserSetup-BRV010.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: goopdateres_unsigned_ms.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FCD000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037E4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157400514.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036E4000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036C0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152866231.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003820000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003843000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2159227011.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000378B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037AE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2156432712.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000366E000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003692000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151630843.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040A7000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2161845467.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.0.dr
Source: Binary string: goopdateres_unsigned_de.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E6E000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003684000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151445703.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_de.dll.0.dr
Source: Binary string: psuser_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.0000000001104000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psuser_arm64.dll.2.dr
Source: Binary string: goopdateres_unsigned_mr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037B2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157207887.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E2A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003640000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150566777.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdbS source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149167722.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149408945.000000000139D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149506852.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000000.2174935123.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000002.2178560711.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000000.2176905550.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.2179290534.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.2180997044.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe.2.dr
Source: Binary string: goopdateres_unsigned_gu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000371A000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153838895.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.0.dr
Source: Binary string: goopdateres_unsigned_th.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000388D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038B0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2161524462.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003848000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000386B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160166368.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149167722.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149408945.000000000139D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149506852.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000000.2174935123.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000002.2178560711.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000000.2176905550.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.2179290534.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.2180997044.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe.2.dr
Source: Binary string: psmachine_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2166214471.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165437854.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.0000000001104000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psuser_arm64.dll.2.dr
Source: Binary string: goopdateres_unsigned_am.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150161097.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\x64-release\src\out\Release\mini_installer.exe.pdb source: brave_installer-x64.exe.12.dr
Source: Binary string: goopdateres_unsigned_lv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FA4000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037BB000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2156657000.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_lv.dll.2.dr
Source: Binary string: goopdateres_unsigned_cs.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003669000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E53000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151083979.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003894000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.000000000407E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160974153.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ta.dll.2.dr
Source: Binary string: goopdate_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F11000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003727000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154047326.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hi.dll.0.dr
Source: Binary string: psuser_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165067511.000000000138E000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source: Binary string: goopdateres_unsigned_es-419.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003EB2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036C8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152336366.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: BraveBrowserSetup-BRV010.exe, BraveUpdateSetup.exe.0.dr
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000381A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000004004000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2158173052.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-BR.dll.2.dr, goopdateres_pt-BR.dll.0.dr
Source: Binary string: goopdateres_unsigned_hr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003712000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003735000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154255091.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hr.dll.0.dr
Source: Binary string: BraveUpdate_unsigned.pdb source: BraveUpdate.exe, BraveUpdate.exe, 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000004.00000000.2173315738.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000008.00000002.2197444047.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000009.00000000.2183235142.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000A.00000000.2184936699.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000B.00000000.2185763295.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000C.00000000.2187994734.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000D.00000002.2254137868.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000E.00000002.2196401959.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000013.00000000.2245230288.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000001F.00000002.2337125761.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000028.00000002.2395895068.00000000008C1000.00000020.00000001.01000000.00000007.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F3A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003750000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154702691.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_id.dll.0.dr
Source: Binary string: psuser_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165437854.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040EA000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.00000000010FF000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003901000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2164673576.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveCrashHandlerArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148861920.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149079572.000000000138D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveCrashHandler64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler64.exe, 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp, BraveCrashHandler64.exe, 00000010.00000000.2196178837.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: BraveUpdateCore_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148289286.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.2.dr
Source: Binary string: BraveCrashHandler_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148524143.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler.exe, 0000000F.00000000.2192574201.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmp, BraveCrashHandler.exe, 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmp, BraveCrashHandler.exe.0.dr
Source: Binary string: goopdateres_unsigned_sw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003863000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003887000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160703216.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveCrashHandler64_unsigned.pdb~ source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler64.exe, 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp, BraveCrashHandler64.exe, 00000010.00000000.2196178837.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003748000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000376B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155138477.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_it.dll.2.dr
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000004011000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003828000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2158465477.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038E6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2163469446.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000364D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150747542.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bn.dll.2.dr, goopdateres_bn.dll.0.dr
Source: Binary string: goopdateres_unsigned_sv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003856000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003879000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160478209.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003763000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003787000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155644310.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ja.dll.0.dr
Source: Binary string: BraveUpdateBroker_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2169025060.000000000138D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036BB000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003698000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152158399.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es.dll.0.dr
Source: Binary string: psmachine_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateCore_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148289286.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.2.dr
Source: Binary string: goopdateres_unsigned_is.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000373B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000375E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154927753.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_is.dll.0.dr
Source: Binary string: goopdateres_unsigned_fr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000370C000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153577648.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003812000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003835000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2158736501.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ro.dll.2.dr
Source: Binary string: goopdateres_unsigned_uk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040B5000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2162163916.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_uk.dll.2.dr
Source: Binary string: goopdateres_unsigned_ca.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000365B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150917407.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037CE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037F2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157590368.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.0.dr
Source: Binary string: goopdateres_unsigned_ko.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037A0000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F8A000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2156209410.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ko.dll.2.dr
Source: Binary string: goopdateres_unsigned_et.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036B3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036D6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152576424.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038D9000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2162565051.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ur.dll.0.dr
Source: Binary string: goopdateres_unsigned_te.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038A2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000387F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2161246403.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_te.dll.2.dr
Source: Binary string: goopdateres_unsigned_iw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003779000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155318165.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_iw.dll.2.dr, goopdateres_iw.dll.0.dr
Source: Binary string: goopdateres_unsigned_no.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FE9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157786237.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_no.dll.0.dr, goopdateres_no.dll.2.dr
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149940022.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149690509.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShellArm64.exe.2.dr
Source: Binary string: goopdateres_unsigned_fil.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036FE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036DB000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153347223.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037E9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000380D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157984805.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pl.dll.2.dr
Source: Binary string: goopdate_unsigned.pdbz source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000368A000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151984894.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_en-GB.dll.2.dr
Source: Binary string: goopdateres_unsigned_ml.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FB2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037C8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157023380.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ml.dll.2.dr
Source: Binary string: goopdateres_unsigned_sk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.000000000403A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003851000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2159461818.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036CE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153051975.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fi.dll.2.dr
Source: Binary string: psuser_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165067511.000000000138E000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source: Binary string: goopdateres_unsigned_hu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003720000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003743000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154484396.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hu.dll.2.dr
Source: Binary string: BraveUpdateOnDemand_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2169285825.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateOnDemand.exe, 00000012.00000002.2245614001.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 00000012.00000000.2244792107.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 0000001C.00000000.2309146965.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 0000001C.00000002.2331148391.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 00000027.00000000.2387645526.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 00000027.00000002.2394224321.000000000058E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000367C000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036A0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151808039.000000000139C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000002.2859336072.0000000002F00000.00000002.00000001.00040000.0000001D.sdmp, BraveUpdate.exe, 00000003.00000002.2172272511.0000000000500000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000A.00000002.2195360901.0000000001E30000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000B.00000002.2799499670.0000000002DD0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000C.00000002.2799678506.00000000012E0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000013.00000002.2247807218.0000000001080000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000001F.00000002.2336161792.00000000004D0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000028.00000002.2396625003.0000000002930000.00000002.00000001.00040000.00000009.sdmp, goopdateres_en.dll.2.dr, goopdateres_en.dll.0.dr
Source: Binary string: goopdateres_unsigned_da.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E60000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003677000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151255082.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_da.dll.0.dr
Source: Binary string: psmachine_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2166214471.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149940022.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149690509.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShellArm64.exe.2.dr
Source: Binary string: psmachine_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003633000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003610000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150385144.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.0.dr
Source: Binary string: goopdateres_unsigned_sl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000383B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000385E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2159788477.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038F3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040DD000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2163858357.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_zh-CN.dll.2.dr
Source: Binary string: goopdateres_unsigned_kn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003794000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003770000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155905757.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_kn.dll.2.dr
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DE0D2 FindFirstFileExW,0_2_004DE0D2
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E8D8FF FindFirstFileExW,2_2_00E8D8FF
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008CD8FF FindFirstFileExW,3_2_008CD8FF
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE21D68 FindFirstFileExW,5_2_00007FF77FE21D68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7FDDF FindFirstFileExW,15_2_00B7FDDF
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EE368 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,16_2_00007FF6AF3EE368
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_00586405 FindFirstFileExW,18_2_00586405
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe
Source: Joe Sandbox ViewIP Address: 204.79.197.200 204.79.197.200
Source: Joe Sandbox ViewIP Address: 13.107.21.200 13.107.21.200
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <URL>http://www.facebook.com/</U equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000014.00000002.4007430684.000001478A819000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4007430684.000001478A810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x8bf92250,0x01da7916</date><accdate>0x8bf92250,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000014.00000002.4002613640.00000147884E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/favicon.ico equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico equals www.myspace.com (Myspace)
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/Q equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icot equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000014.00000002.4002613640.00000147884E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000014.00000002.4007768177.000001478ACC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazon.fr/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://br.search.yahoo.com/F
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/C
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.icoKX
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br/CY
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.orange.es/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/favicon.icoU
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.es/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscar.ya.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: iexplore.exe, 00000014.00000002.4000783223.000001478699C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cerca.lycos.it/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/W
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnet.search.com/
Source: iexplore.exe, 00000014.00000002.4002270406.0000014786CA6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345642758.0000014786CA5000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2336694363.00000147884E3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002613640.00000147884E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: svchost.exe, 00000011.00000003.3046465702.0000023348E88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.4003150425.0000023348E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: iexplore.exe, 00000014.00000002.4000783223.000001478699C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: goopdateres_no.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: iexplore.exe, 00000014.00000002.4000783223.000001478699C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://de.search.yahoo.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://es.ask.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://es.search.yahoo.com/b
Source: iexplore.exe, 00000014.00000003.2341652337.0000014786C96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/f
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
Source: svchost.exe, 00000011.00000003.2198512050.0000023348BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/)
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fr.search.yahoo.com/(
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/favicon.icoCY
Source: iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.icoCY
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.icoS
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.monster.com/favicon.icoe
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.atlas.cz/favicon.icoJX
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://in.search.yahoo.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/favicon.icoCY
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jobsearch.monster.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.icoC
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/favicon.icoK
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rover.ebay.com
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ru.search.yahoo.comL
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sads.myspace.com/z
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search-dyn.tiscali.it/M
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.about.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.co.uk/I
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.in/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.atlas.cz/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auone.jp/$
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/y
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/favicon.ico%
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico3
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.co.uk//
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.de/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.es/g
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.fr/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.in/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.it/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/s
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.espn.go.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gismeteo.ru/M
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.icom
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.interpark.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4001871202.0000014786C70000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: iexplore.exe, 00000014.00000003.2341652337.0000014786C96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: iexplore.exe, 00000014.00000003.2341652337.0000014786C96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6X9
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7BOX&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7RE&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=MSNIE7&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7DI
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&mkt=%7BLanguage%7D&FORM=IE8SRC&src=%7Breferr
Source: iexplore.exe, 00000014.00000002.4000783223.000001478691C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRCw
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=IE-SearchBox&Form=IE8SRCe
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS5d
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=CBPWm
Source: iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783DF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nate.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/favicon.ico2
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nifty.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.icou
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/favicon.icoE
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.sify.com/&
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/P
Source: iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yam.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search1.taobao.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search2.estadao.com.br/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service2.bfast.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.aol.de/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/k
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.lycos.de/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.t-online.de/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.search.yahoo.com/J
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vachercher.lycos.fr/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/favicon.icoT
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/q
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ask.com/3
Source: iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.icoA
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.icoCY
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico5
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.jp/3
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.uk/9
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788659000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml5.20.drString found in binary or memory: http://www.amazon.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.icoD
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creativ
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.de/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aol.com/favicon.icov
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/KX
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ask.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico%
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico##
Source: iexplore.exe, 00000014.00000003.2341652337.0000014786C96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/a
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.co.uk/5
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, goopdateres_ml.dll.2.dr, goopdateres_ko.dll.2.dr, psuser_arm64.dll.2.dr, psuser.dll.2.dr, goopdateres_iw.dll.2.dr, goopdateres_ta.dll.2.dr, goopdateres_bn.dll.2.dr, goopdateres_pt-BR.dll.2.dr, goopdateres_en.dll.2.dr, BraveUpdateComRegisterShell64.exe.2.dr, goopdateres_te.dll.2.dr, goopdateres_hi.dll.0.dr, goopdateres_uk.dll.2.dr, goopdateres_gu.dll.0.dr, goopdateres_en-GB.dll.2.dr, goopdateres_ar.dll.0.dr, goopdateres_pl.dll.2.dr, goopdateres_da.dll.0.dr, goopdateres_hr.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/7
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.icoc
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/favicon.icoi
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.in/C
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.jp/d
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.uk/W
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.br/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.sa/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.tw/
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/E
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4007768177.000001478ACC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/ig
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.cz/
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.de/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.es/h
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.fr/v
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.it/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.pl/R
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.ru/b
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.si/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/%
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/_
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico9
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.live.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.icom
Source: iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico7
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/X
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nate.com/favicon.ico2
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/T
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nytimes.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orange.fr/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otto.de/favicon.ico(
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/T
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico-
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/Q
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icot
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.recherche.aol.fr/o
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.servicios.clarin.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.icoCY
Source: iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.icoUY
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.icoZZ
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/#
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.t-online.de/favicon.icoZ
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/0
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/favicon.icop
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.icoCY
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
Source: iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/favicon.icoM
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/6
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4002613640.00000147884E3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4007430684.000001478A819000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4007430684.000001478A810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
Source: iexplore.exe, 00000014.00000002.4007768177.000001478ACC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/m
Source: iexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea
Source: iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSx
Source: me[1].json.42.drString found in binary or memory: https://apnews.com/article/transgender-care-ban-lawsuit-idaho-cbcdc7a5be71373bc5c000f749e4751d
Source: eabd93e0-b442-42ba-a4cb-24afcc6e29f7.tmp.29.drString found in binary or memory: https://assets.msn.com
Source: KJVMJR1O.htm.42.dr, 12WXL51A.htm.22.dr, BUFAGUFJ.htm.42.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.8654406504af07aa9c45.js
Source: KJVMJR1O.htm.42.dr, 12WXL51A.htm.22.dr, BUFAGUFJ.htm.42.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.1287eb605f92d676502d.js
Source: KJVMJR1O.htm.42.dr, 12WXL51A.htm.22.dr, BUFAGUFJ.htm.42.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.js
Source: KJVMJR1O.htm.42.dr, 12WXL51A.htm.22.dr, BUFAGUFJ.htm.42.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.js
Source: me[1].json.42.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or
Source: me[1].json.42.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or-dark
Source: me[1].json.42.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHFX
Source: me[1].json.42.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHFX-dark
Source: me[1].json.42.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHPG
Source: me[1].json.42.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHPG-dark
Source: manifest.json.27.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.27.drString found in binary or memory: https://chromewebstore.google.com/
Source: eabd93e0-b442-42ba-a4cb-24afcc6e29f7.tmp.29.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.27.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: eabd93e0-b442-42ba-a4cb-24afcc6e29f7.tmp.29.drString found in binary or memory: https://clients2.googleusercontent.com
Source: me[1].json.42.drString found in binary or memory: https://deadline.com/2024/03/michael-jackson-biopic-complete-whitewash-claims-leaving-neverland-dire
Source: iexplore.exe, 00000014.00000003.2456970535.000001478A3A4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002613640.0000014788697000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json0.27.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.27.drString found in binary or memory: https://drive.google.com/
Source: eabd93e0-b442-42ba-a4cb-24afcc6e29f7.tmp.29.drString found in binary or memory: https://edgeassetservice.azureedge.net
Source: svchost.exe, 00000011.00000003.2198512050.0000023348C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000011.00000003.2198512050.0000023348BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1j4it1.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AASxKzL.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1i32tz.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1i3aAs.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1k3dUr.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1k3iha.img
Source: me[1].json.42.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBY4G4r.img
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E7E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.3998913264.0000014783E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: iexplore.exe, 00000014.00000002.4002613640.00000147885CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A344000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033#ep
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: iexplore.exe, 00000014.00000002.4000783223.000001478699C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comu
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.brave.com/hlproductfrom_extra_codesptestsource%1%2ATL:%p%s
Source: me[1].json.42.drString found in binary or memory: https://thehill.com/homenews/campaign/4538333-trump-doubles-down-on-call-for-liz-cheney-to-be-prosec
Source: BraveUpdate.exe, 0000000C.00000003.2787624399.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2798717027.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2789583424.0000000000A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/
Source: BraveUpdate.exe, 0000000C.00000003.2790367853.0000000002168000.00000004.00000800.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2787247792.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2787150899.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2790628874.0000000001DD0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2787624399.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2787202964.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2787247792.00000000009E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/
Source: svchost.exe, 00000011.00000002.3999533167.000002334362B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.4001072724.0000023344440000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2411753595.0000023348BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/brave_install
Source: svchost.exe, 00000011.00000003.3046465702.0000023348E88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.4003150425.0000023348E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_ins
Source: BraveUpdate.exe, 0000000C.00000002.2797483754.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2789706814.00000000009AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravr
Source: BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000CC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/cr/reportBraveSoftware
Source: BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000C58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/service/check2&appid=%7BB131C935-9BE6-41DA-9599-1F776BEB8019%7D&ap
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%
Source: BraveUpdate.exe, 00000009.00000002.2194773754.00000000010E3000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193590594.000000000110F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000002.2194873784.000000000112E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193273867.0000000001127000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000002.2194873784.000000000110F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193811485.000000000112D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2789882841.00000000009B5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2797563832.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2789706814.00000000009AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/service/update2
Source: BraveUpdate.exe, 00000009.00000002.2194773754.00000000010E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/service/update25
Source: BraveUpdate.exe, 00000009.00000002.2194773754.00000000010E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/service/update2k
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/support/installer/?https://updates.bravesoftware.com/service/updat
Source: BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000C58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com:443
Source: BraveUpdate.exe, 00000009.00000002.2194873784.0000000001119000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193590594.000000000110F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com:443/service/update2
Source: BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000C58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com:443R
Source: me[1].json.42.drString found in binary or memory: https://watchstadium.com/stadiums-final-ncaa-tournament-projections-03-17-2024/
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/E
Source: content.js.27.drString found in binary or memory: https://www.google.com/chrome
Source: eabd93e0-b442-42ba-a4cb-24afcc6e29f7.tmp.29.drString found in binary or memory: https://www.googleapis.com
Source: me[1].json.42.drString found in binary or memory: https://www.komando.com/tech-tips/blocked-number-callers/893420/
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.coE
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4004080553.000001478A344000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
Source: {D20724DD-E509-11EE-8C2D-ECF4BB2D2496}.dat.20.drString found in binary or memory: https://www.msn.com/?ocid=iehp
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp$6H
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp&%Q
Source: iexplore.exe, 00000014.00000002.4000783223.000001478697D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp(2
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.dll
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.fM
Source: iexplore.exe, 00000014.00000002.4000783223.000001478697D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.ico
Source: iexplore.exe, 00000014.00000002.4000783223.00000147869AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141lorer
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786974000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.3998913264.0000014783E54000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.3998913264.0000014783DF1000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.3998913264.0000014783EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141
Source: iexplore.exe, 00000014.00000002.4000783223.00000147868D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141(
Source: iexplore.exe, 00000014.00000002.4000783223.000001478691C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141X
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp1
Source: iexplore.exe, 00000014.00000002.4002613640.00000147886A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp5
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp:
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp=
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpA
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpC
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpF
Source: iexplore.exe, 00000014.00000002.4000783223.000001478697D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpG3
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpJ
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpK
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpLow
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMSN
Source: iexplore.exe, 00000014.00000002.4007882115.000001478CE4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMSNq
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMicrosoft
Source: iexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpNf
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpP
Source: iexplore.exe, 00000014.00000002.4002613640.000001478860B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpSquare15WB
Source: iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpT%G
Source: iexplore.exe, 00000014.00000002.4002613640.00000147885CF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A4AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpTerms
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpZ
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp_
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpa
Source: iexplore.exe, 00000014.00000002.4002613640.00000147886A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehparchTerms
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe6
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpehps
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpfIS
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpg
Source: iexplore.exe, 00000014.00000002.4000783223.00000147869AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphTerms
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphpa5
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpico
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpicrosoft
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpTerms
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpehps
Source: iexplore.exe, 00000014.00000002.4000783223.00000147869AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpehpsoft
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpicrosoft
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A344000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpink/p/?LinkId=255141t.com/fwlink/p/?LinkId=255141
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpk
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpl=
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehplt
Source: iexplore.exe, 00000014.00000002.4000783223.000001478697D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehply22
Source: iexplore.exe, 00000014.00000002.4000783223.00000147869AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpow
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A344000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpowsLMEMhP
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp
Source: iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A4B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141
Source: iexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141IE8SRC
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141List
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141f
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A5FF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141se
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehppc
Source: iexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpr
Source: iexplore.exe, 00000014.00000002.3999993042.0000014785C90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest4066363
Source: iexplore.exe, 00000014.00000002.4000783223.000001478697D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpw
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/Q
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/er2.dllmi
Source: iexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmp, imagestore.dat.20.drString found in binary or memory: https://www.msn.com/favicon.ico
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.ico:Sat:Saturday
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoJ
Source: iexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoMicrosoft
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoR
Source: iexplore.exe, 00000014.00000002.3997950631.00000035B40F6000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icok
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icom
Source: iexplore.exe, 00000014.00000002.4005009390.000001478A493000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4004080553.000001478A2D8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A57C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002613640.00000147884E3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786970000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786938000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A686000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A5E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ientp?locale=en-CH&market=CH&enableregulatorypsm=0&enablecpsm=0&NTLogo=0
Source: me[1].json.42.drString found in binary or memory: https://www.t3.com/news/arnold-schwarzenegger-shares-his-two-techniques-for-building-muscle
Source: me[1].json.42.drString found in binary or memory: https://www.telegraph.co.uk/news/2024/03/17/general-sent-home-disgrace-afghanistan-drinking-champagn
Source: me[1].json.42.drString found in binary or memory: https://www.theatlantic.com/politics/archive/2024/03/trump-second-term-civil-rights/677783/?utm_sour
Source: me[1].json.42.drString found in binary or memory: https://www.thedailymeal.com/1539701/blantons-bourbon-costco-find/
Source: me[1].json.42.drString found in binary or memory: https://www.thestockdork.com/macrons-surprising-u-turn-on-war-with-russia-raises-questions/
Source: me[1].json.42.drString found in binary or memory: https://www.usatoday.com/story/news/politics/elections/2024/03/17/republican-lawmaker-declines-endor
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE1498C lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,5_2_00007FF77FE1498C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE1498C lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,5_2_00007FF77FE1498C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B69B68 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,15_2_00B69B68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3CD4DC lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,16_2_00007FF6AF3CD4DC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B6B9BC CreateWindowStationW,GetProcessWindowStation,GetCurrentThreadId,GetThreadDesktop,SetProcessWindowStation,CreateDesktopW,SetThreadDesktop,SetProcessWindowStation,CloseDesktop,CloseDesktop,CloseWindowStation,CloseWindowStation,15_2_00B6B9BC

System Summary

barindex
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir5308_661390230\CRX_INSTALL\content.jsJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir5308_661390230\CRX_INSTALL\content_new.jsJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir5308_686635166\CRX_INSTALL\page_embed_script.jsJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir5308_686635166\CRX_INSTALL\eventpage_bin_prod.jsJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B733B0: RegCloseKey,RegCloseKey,CreateFileW,DeviceIoControl,CloseHandle,RegCloseKey,RegCloseKey,15_2_00B733B0
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004E41980_2_004E4198
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004E7A0B0_2_004E7A0B
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D5AB60_2_004D5AB6
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D4CD80_2_004D4CD8
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004E3D100_2_004E3D10
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DC5D40_2_004DC5D4
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004E168D0_2_004E168D
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E93C0B2_2_00E93C0B
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008D3C0B3_2_008D3C0B
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE1D81C5_2_00007FF77FE1D81C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE21D685_2_00007FF77FE21D68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE215485_2_00007FF77FE21548
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE1D1645_2_00007FF77FE1D164
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B831BA15_2_00B831BA
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7E23415_2_00B7E234
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B8C30915_2_00B8C309
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B85A1015_2_00B85A10
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7DB5E15_2_00B7DB5E
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B89CFB15_2_00B89CFB
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7DEA615_2_00B7DEA6
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B85E9815_2_00B85E98
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3D9BE416_2_00007FF6AF3D9BE4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DF31C16_2_00007FF6AF3DF31C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3CE83C16_2_00007FF6AF3CE83C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E987416_2_00007FF6AF3E9874
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E90CC16_2_00007FF6AF3E90CC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EBF8816_2_00007FF6AF3EBF88
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EB78816_2_00007FF6AF3EB788
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F1FE416_2_00007FF6AF3F1FE4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E968816_2_00007FF6AF3E9688
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F266416_2_00007FF6AF3F2664
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EA62416_2_00007FF6AF3EA624
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3D3DE416_2_00007FF6AF3D3DE4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F4DDC16_2_00007FF6AF3F4DDC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F95DC16_2_00007FF6AF3F95DC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E94A016_2_00007FF6AF3E94A0
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DFC6016_2_00007FF6AF3DFC60
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F846816_2_00007FF6AF3F8468
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EE36816_2_00007FF6AF3EE368
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EBBBC16_2_00007FF6AF3EBBBC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3D23E416_2_00007FF6AF3D23E4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E92B416_2_00007FF6AF3E92B4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E9A5C16_2_00007FF6AF3E9A5C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F1B3416_2_00007FF6AF3F1B34
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EA9B016_2_00007FF6AF3EA9B0
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3F495016_2_00007FF6AF3F4950
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E7A2C16_2_00007FF6AF3E7A2C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_0058C7FB18_2_0058C7FB
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: String function: 00581AB0 appears 33 times
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: String function: 004D2BA0 appears 236 times
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: String function: 004D6F60 appears 33 times
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: String function: 00E87FA0 appears 33 times
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: String function: 00B76D30 appears 42 times
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: String function: 008C7FA0 appears 33 times
Source: goopdateres_ca.dll.0.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.0.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.0.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.0.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.0.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.0.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_hu.dll.2.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.2.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.2.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.2.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.2.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.2.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.2.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: brave_installer-x64.exe.12.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: brave_installer-x64.exe.12.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
Source: brave_installer-x64.exe0.12.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: brave_installer-x64.exe0.12.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
Source: BITEC9.tmp.17.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: BITEC9.tmp.17.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ml.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003794000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ja.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003863000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000370C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fil.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000038B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_uk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000381A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en-GB.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lt.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_iw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es-419.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_gu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000373B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_id.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000038E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000367C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_el.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_no.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ms.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000388D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_te.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000380D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_no.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003748000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_is.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003633000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_am.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-CN.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003856000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003820000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ro.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000004011000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-BR.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ms.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ur.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ta.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000365B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000004004000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fil.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_uk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000378B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ko.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003712000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ja.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.000000000403A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ru.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_it.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003843000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ro.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es-419.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ar.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lt.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_et.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_cs.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bg.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_th.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_da.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_vi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003879000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003735000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_th.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ar.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_vi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000383B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003812000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-PT.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000385E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000387F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ta.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fa.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fa.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_te.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2140437614.000000000121E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdateSetup.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_mr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003EB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ur.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003727000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_gu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_et.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_tr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_nl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003887000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003669000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ca.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000364D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bg.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003610000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_am.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003698000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en-GB.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_tr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_mr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000366E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_de.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003901000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-CN.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000375E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_id.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.0000000001104000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003743000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_kn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_el.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ca.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_it.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdate.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003787000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_iw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_kn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000371A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003677000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_cs.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003851000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ru.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdate.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003692000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_de.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003835000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-PT.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003684000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_da.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000376B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_is.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000368A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_nl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ko.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdate.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ml.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-BR.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003894000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.000000000407E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000390D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000386B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exeBinary or memory string: OriginalFilenameBraveUpdateSetup.exeJ vs BraveBrowserSetup-BRV010.exe
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: webio.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: bitsproxy.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: bitsproxy.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: BraveBrowserSetup-BRV010.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal51.evad.winEXE@107/475@0/31
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D324D GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,0_2_004D324D
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D2024 GetTempFileNameW,FindResourceW,LoadResource,LockResource,CreateFileW,SizeofResource,SetFilePointerEx,CloseHandle,0_2_004D2024
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftwareJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeFile created: C:\Users\user\AppData\Local\{C76640BF-6ACE-4BDE-8D5A-055D9BDCE627}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BraveSoftware{BC6A0F04-AE75-459F-B879-2C961515B78A}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BraveSoftwareS-1-5-21-2246122658-3693405117-2476756634-1003{BC6A0F04-AE75-459F-B879-2C961515B78A}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{EC98B00C-9557-4627-ADCF-5832C3B09AA3}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{C50974A0-5616-4DC6-AC6D-D4EFF6F5FAC3}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{FE0E7F6B-B8BD-4EEE-A8F1-8CE625AEF520}
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{BC6A0F04-AE75-459F-B879-2C961515B78A}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{4E15433F-5E08-47A1-AA4F-B1D1657EE725}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{BD1D9A71-3C5B-436B-BAD8-D337E3226819}
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BraveSoftware{C50974A0-5616-4DC6-AC6D-D4EFF6F5FAC3}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{0EADE80E-E9B8-4A5D-AF64-6D2A918F597C}
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmpJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCommand line argument: kernel32.dll0_2_004D277B
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCommand line argument: kernel32.dll2_2_00E86C1E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCommand line argument: DllEntry2_2_00E86C1E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCommand line argument: kernel32.dll2_2_00E86C1E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCommand line argument: DllEntry2_2_00E86C1E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCommand line argument: kernel32.dll3_2_008C6C1E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCommand line argument: DllEntry3_2_008C6C1E
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCommand line argument: kernel32.dll15_2_00B61567
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCommand line argument: BraveUpdate.exe18_2_00581152
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: BraveBrowserSetup-BRV010.exeString found in binary or memory: %1!s!-Installer
Source: BraveBrowserSetup-BRV010.exeString found in binary or memory: r den %1!s!-Installer wird Windows 2000 Service Pack 4 oder h
Source: BraveBrowserSetup-BRV010.exeString found in binary or memory: Installer ng %1!s! Hindi Alam na Error ng InstallerlNabigo ang pag-install. Nangangailangan ang Installer ng %1!s! ng Windows 2000 Service Pack 4 o mas mahusay.
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile read: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeProcess created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntEMjYwODU5My01MUZGLTQxOTItQUQwMC00REI0OEQwMTQ2NTB9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MzZCODVENjMtODczMS00NjUxLUEzNUQtMjBCQTE2OTU2QkY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzOTg0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{D2608593-51FF-4192-AD00-4DB48D014650}
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:9474 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:3
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75012 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5136 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75018 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:1840396 /prefetch:2
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeProcess created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=noneJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvcJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserverJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntEMjYwODU5My01MUZGLTQxOTItQUQwMC00REI0OEQwMTQ2NTB9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MzZCODVENjMtODczMS00NjUxLUEzNUQtMjBCQTE2OTU2QkY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzOTg0Ii8-PC9hcHA-PC9yZXF1ZXN0PgJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{D2608593-51FF-4192-AD00-4DB48D014650}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /crJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:9474 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75012 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75018 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:1840396 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: unknown unknown
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5136 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Office\16.0\Lync
Source: BraveBrowserSetup-BRV010.exeStatic PE information: certificate valid
Source: BraveBrowserSetup-BRV010.exeStatic file information: File size 1446992 > 1048576
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x136800
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: BraveBrowserSetup-BRV010.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: goopdateres_unsigned_ms.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FCD000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037E4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157400514.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036E4000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036C0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152866231.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003820000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003843000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2159227011.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000378B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037AE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2156432712.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000366E000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003692000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151630843.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040A7000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2161845467.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.0.dr
Source: Binary string: goopdateres_unsigned_de.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E6E000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003684000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151445703.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_de.dll.0.dr
Source: Binary string: psuser_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.0000000001104000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psuser_arm64.dll.2.dr
Source: Binary string: goopdateres_unsigned_mr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037B2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157207887.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E2A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003640000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150566777.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdbS source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149167722.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149408945.000000000139D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149506852.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000000.2174935123.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000002.2178560711.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000000.2176905550.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.2179290534.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.2180997044.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe.2.dr
Source: Binary string: goopdateres_unsigned_gu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000371A000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153838895.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.0.dr
Source: Binary string: goopdateres_unsigned_th.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000388D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038B0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2161524462.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003848000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000386B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160166368.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149167722.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149408945.000000000139D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149506852.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000000.2174935123.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000002.2178560711.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000006.00000000.2176905550.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.2179290534.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.2180997044.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe.2.dr
Source: Binary string: psmachine_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2166214471.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165437854.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.0000000001104000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psuser_arm64.dll.2.dr
Source: Binary string: goopdateres_unsigned_am.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150161097.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\x64-release\src\out\Release\mini_installer.exe.pdb source: brave_installer-x64.exe.12.dr
Source: Binary string: goopdateres_unsigned_lv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FA4000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037BB000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2156657000.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_lv.dll.2.dr
Source: Binary string: goopdateres_unsigned_cs.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003669000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E53000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151083979.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003894000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.000000000407E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160974153.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ta.dll.2.dr
Source: Binary string: goopdate_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F11000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003727000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154047326.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hi.dll.0.dr
Source: Binary string: psuser_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165067511.000000000138E000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source: Binary string: goopdateres_unsigned_es-419.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003EB2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036C8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152336366.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: BraveBrowserSetup-BRV010.exe, BraveUpdateSetup.exe.0.dr
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000381A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000004004000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2158173052.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-BR.dll.2.dr, goopdateres_pt-BR.dll.0.dr
Source: Binary string: goopdateres_unsigned_hr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003712000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003735000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154255091.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hr.dll.0.dr
Source: Binary string: BraveUpdate_unsigned.pdb source: BraveUpdate.exe, BraveUpdate.exe, 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000004.00000000.2173315738.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000008.00000002.2197444047.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000009.00000000.2183235142.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000A.00000000.2184936699.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000B.00000000.2185763295.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000C.00000000.2187994734.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000D.00000002.2254137868.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000E.00000002.2196401959.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000013.00000000.2245230288.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000001F.00000002.2337125761.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000028.00000002.2395895068.00000000008C1000.00000020.00000001.01000000.00000007.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F3A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003750000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154702691.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_id.dll.0.dr
Source: Binary string: psuser_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165437854.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040EA000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000002.2865289554.00000000010FF000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003901000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2164673576.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveCrashHandlerArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148861920.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149079572.000000000138D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveCrashHandler64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler64.exe, 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp, BraveCrashHandler64.exe, 00000010.00000000.2196178837.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: BraveUpdateCore_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148289286.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.2.dr
Source: Binary string: BraveCrashHandler_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148524143.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler.exe, 0000000F.00000000.2192574201.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmp, BraveCrashHandler.exe, 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmp, BraveCrashHandler.exe.0.dr
Source: Binary string: goopdateres_unsigned_sw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003863000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003887000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160703216.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveCrashHandler64_unsigned.pdb~ source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler64.exe, 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp, BraveCrashHandler64.exe, 00000010.00000000.2196178837.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003748000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000376B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155138477.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_it.dll.2.dr
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000004011000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003828000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2158465477.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038E6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2163469446.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000364D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150747542.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bn.dll.2.dr, goopdateres_bn.dll.0.dr
Source: Binary string: goopdateres_unsigned_sv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003856000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003879000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2160478209.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003763000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003787000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155644310.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ja.dll.0.dr
Source: Binary string: BraveUpdateBroker_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2169025060.000000000138D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036BB000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003698000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152158399.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es.dll.0.dr
Source: Binary string: psmachine_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateCore_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2148289286.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.2.dr
Source: Binary string: goopdateres_unsigned_is.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000373B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000375E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154927753.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_is.dll.0.dr
Source: Binary string: goopdateres_unsigned_fr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000370C000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153577648.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003812000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003835000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2158736501.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ro.dll.2.dr
Source: Binary string: goopdateres_unsigned_uk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040B5000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2162163916.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_uk.dll.2.dr
Source: Binary string: goopdateres_unsigned_ca.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000365B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E45000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150917407.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037CE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037F2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157590368.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.0.dr
Source: Binary string: goopdateres_unsigned_ko.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037A0000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F8A000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2156209410.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ko.dll.2.dr
Source: Binary string: goopdateres_unsigned_et.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036B3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036D6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2152576424.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038D9000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2162565051.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ur.dll.0.dr
Source: Binary string: goopdateres_unsigned_te.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038A2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000387F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2161246403.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_te.dll.2.dr
Source: Binary string: goopdateres_unsigned_iw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003779000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155318165.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_iw.dll.2.dr, goopdateres_iw.dll.0.dr
Source: Binary string: goopdateres_unsigned_no.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FE9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157786237.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_no.dll.0.dr, goopdateres_no.dll.2.dr
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149940022.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149690509.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShellArm64.exe.2.dr
Source: Binary string: goopdateres_unsigned_fil.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036FE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036DB000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153347223.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000037E9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000380D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157984805.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pl.dll.2.dr
Source: Binary string: goopdate_unsigned.pdbz source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000368A000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151984894.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_en-GB.dll.2.dr
Source: Binary string: goopdateres_unsigned_ml.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003FB2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000037C8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2157023380.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ml.dll.2.dr
Source: Binary string: goopdateres_unsigned_sk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.000000000403A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003851000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2159461818.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.00000000036CE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2153051975.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fi.dll.2.dr
Source: Binary string: psuser_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2165067511.000000000138E000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source: Binary string: goopdateres_unsigned_hu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003720000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003743000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2154484396.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hu.dll.2.dr
Source: Binary string: BraveUpdateOnDemand_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2169285825.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateOnDemand.exe, 00000012.00000002.2245614001.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 00000012.00000000.2244792107.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 0000001C.00000000.2309146965.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 0000001C.00000002.2331148391.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 00000027.00000000.2387645526.000000000058E000.00000002.00000001.01000000.00000014.sdmp, BraveUpdateOnDemand.exe, 00000027.00000002.2394224321.000000000058E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000367C000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000036A0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151808039.000000000139C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000002.2859336072.0000000002F00000.00000002.00000001.00040000.0000001D.sdmp, BraveUpdate.exe, 00000003.00000002.2172272511.0000000000500000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000A.00000002.2195360901.0000000001E30000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000B.00000002.2799499670.0000000002DD0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000C.00000002.2799678506.00000000012E0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000013.00000002.2247807218.0000000001080000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000001F.00000002.2336161792.00000000004D0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000028.00000002.2396625003.0000000002930000.00000002.00000001.00040000.00000009.sdmp, goopdateres_en.dll.2.dr, goopdateres_en.dll.0.dr
Source: Binary string: goopdateres_unsigned_da.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003E60000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003677000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2151255082.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_da.dll.0.dr
Source: Binary string: psmachine_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2166214471.000000000138E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149940022.000000000138D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2149690509.000000000138E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShellArm64.exe.2.dr
Source: Binary string: psmachine_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003633000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003610000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2150385144.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.0.dr
Source: Binary string: goopdateres_unsigned_sl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.000000000383B000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000385E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2159788477.000000000139C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.00000000038F3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.00000000040DD000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2163858357.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_zh-CN.dll.2.dr
Source: Binary string: goopdateres_unsigned_kn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.0000000003794000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003770000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2155905757.000000000139C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_kn.dll.2.dr
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE13A10 LoadLibraryW,GetProcAddress,FreeLibrary,5_2_00007FF77FE13A10
Source: BraveBrowserSetup-BRV010.exeStatic PE information: real checksum: 0x165c94 should be: 0x1621a3
Source: BraveUpdateSetup.exe.0.drStatic PE information: real checksum: 0x165c94 should be: 0x1621a3
Source: BraveUpdateSetup.exe.2.drStatic PE information: real checksum: 0x165c94 should be: 0x1621a3
Source: BraveUpdateComRegisterShell64.exe.0.drStatic PE information: section name: _RDATA
Source: psmachine.dll.0.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.0.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.0.drStatic PE information: section name: _RDATA
Source: psuser.dll.0.drStatic PE information: section name: .orpc
Source: psuser_64.dll.0.drStatic PE information: section name: .orpc
Source: psuser_64.dll.0.drStatic PE information: section name: _RDATA
Source: BraveCrashHandler64.exe.0.drStatic PE information: section name: _RDATA
Source: psmachine_arm64.dll.0.drStatic PE information: section name: .orpc
Source: psuser_arm64.dll.0.drStatic PE information: section name: .orpc
Source: psuser.dll.2.drStatic PE information: section name: .orpc
Source: psuser_64.dll.2.drStatic PE information: section name: .orpc
Source: psuser_64.dll.2.drStatic PE information: section name: _RDATA
Source: psuser_arm64.dll.2.drStatic PE information: section name: .orpc
Source: psmachine.dll.2.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.2.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.2.drStatic PE information: section name: _RDATA
Source: psmachine_arm64.dll.2.drStatic PE information: section name: .orpc
Source: BraveCrashHandler64.exe.2.drStatic PE information: section name: _RDATA
Source: BraveUpdateComRegisterShell64.exe.2.drStatic PE information: section name: _RDATA
Source: brave_installer-x64.exe.12.drStatic PE information: section name: .retplne
Source: brave_installer-x64.exe0.12.drStatic PE information: section name: .retplne
Source: BITEC9.tmp.17.drStatic PE information: section name: .retplne
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004E8226 push ecx; ret 0_2_004E8239
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E94346 push ecx; ret 2_2_00E94359
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008D4346 push ecx; ret 3_2_008D4359
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B8A436 push ecx; ret 15_2_00B8A449
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_0058CF36 push ecx; ret 18_2_0058CF49
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 19_2_0303EE00 pushad ; ret 19_2_0303EE05
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 19_2_0303CB96 pushad ; iretd 19_2_0303CD49
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 19_2_0303CEC4 pushad ; iretd 19_2_0303CECD
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9C0A0 push eax; ret 31_2_02A9C0A5
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9F0A0 push eax; iretd 31_2_02A9F0C1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9E6BC push 680053CAh; retf 0053h31_2_02A9E6C1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9EC98 push eax; iretd 31_2_02A9EC99
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9E59C push 500053CAh; iretd 31_2_02A9E5A1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9ED94 push eax; iretd 31_2_02A9ED95
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9C096 push eax; ret 31_2_02A9C099
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9F0E8 push eax; iretd 31_2_02A9F0E9
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9E6E3 push eax; iretd 31_2_02A9E6ED
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9C1F8 pushfd ; ret 31_2_02A9C1F9
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9E478 push eax; iretd 31_2_02A9E479
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9C07B push eax; ret 31_2_02A9C081
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9C24C push eax; ret 31_2_02A9C24D
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9C058 push eax; ret 31_2_02A9C079
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9E650 push 680053CAh; retf 0053h31_2_02A9E655
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 31_2_02A9ED54 pushad ; ret 31_2_02A9ED55
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313DE06 push ds; ret 40_2_0313DE0A
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313E40C push ss; retf 40_2_0313E4D6
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313F120 pushad ; ret 40_2_0313F1F5
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313F120 push edi; iretd 40_2_0313F272
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313F24C push edi; iretd 40_2_0313F272
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313F273 push edi; iretd 40_2_0313F2B6
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 40_2_0313D971 push esp; iretd 40_2_0313D95D
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\{399B71BA-142A-4AFC-8C5A-ABDD17DCBAA6}-brave_installer-x64.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psuser_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\BITEC9.tmpJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\122.1.63.174\brave_installer-x64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateBroker.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ta.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandler64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandler.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psmachine_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateCore.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\Install\{096513B4-0D47-4D3A-86C8-00221DF4AFD8}\brave_installer-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE144A8 RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,5_2_00007FF77FE144A8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B65D70 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,15_2_00B65D70
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3C7A1C RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,16_2_00007FF6AF3C7A1C

Boot Survival

barindex
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-12976
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{399B71BA-142A-4AFC-8C5A-ABDD17DCBAA6}-brave_installer-x64.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psuser_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Windows\System32\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BITEC9.tmpJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\122.1.63.174\brave_installer-x64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateBroker.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ta.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\psmachine_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateCore.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\Install\{096513B4-0D47-4D3A-86C8-00221DF4AFD8}\brave_installer-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeAPI coverage: 6.9 %
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeAPI coverage: 10.0 %
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe TID: 4044Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe TID: 5464Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1396Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DE0D2 FindFirstFileExW,0_2_004DE0D2
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E8D8FF FindFirstFileExW,2_2_00E8D8FF
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008CD8FF FindFirstFileExW,3_2_008CD8FF
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE21D68 FindFirstFileExW,5_2_00007FF77FE21D68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7FDDF FindFirstFileExW,15_2_00B7FDDF
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3EE368 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,16_2_00007FF6AF3EE368
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_00586405 FindFirstFileExW,18_2_00586405
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B6C148 GetSystemInfo,15_2_00B6C148
Source: Web Data.27.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: Web Data.27.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: Web Data.27.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Web Data.27.drBinary or memory string: discord.comVMware20,11696487552f
Source: BraveUpdate.exe, 00000002.00000002.2858859828.0000000001371000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\[
Source: BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000CC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
Source: Web Data.27.drBinary or memory string: bankofamerica.comVMware20,11696487552x
Source: BraveUpdate.exe, 0000000C.00000003.2787247792.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2798114645.00000000009FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWn
Source: iexplore.exe, 00000014.00000002.3998913264.0000014783DF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: Web Data.27.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: BraveUpdate.exe, 00000009.00000002.2194873784.000000000112E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193273867.0000000001127000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193811485.000000000112D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2787247792.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2798114645.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.3999533167.000002334362B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.4002996072.0000023348E5D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.00000147869AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Web Data.27.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
Source: BraveUpdate.exe, 00000009.00000002.2194873784.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193273867.00000000010FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: BraveUpdate.exe, 0000000D.00000002.2254326611.0000000000C58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
Source: Web Data.27.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: Web Data.27.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: Web Data.27.drBinary or memory string: global block list test formVMware20,11696487552
Source: Web Data.27.drBinary or memory string: tasks.office.comVMware20,11696487552o
Source: Web Data.27.drBinary or memory string: AMC password management pageVMware20,11696487552
Source: Web Data.27.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: Web Data.27.drBinary or memory string: interactivebrokers.comVMware20,11696487552
Source: Web Data.27.drBinary or memory string: dev.azure.comVMware20,11696487552j
Source: Web Data.27.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: Web Data.27.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: BraveUpdate.exe, 00000002.00000002.2858859828.0000000001371000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Web Data.27.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: Web Data.27.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: Web Data.27.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: BraveUpdate.exe, 0000000C.00000003.2789706814.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2790867237.00000000009DE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2797563832.00000000009DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`5
Source: Web Data.27.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: Web Data.27.drBinary or memory string: outlook.office365.comVMware20,11696487552t
Source: Web Data.27.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: Web Data.27.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: Web Data.27.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Web Data.27.drBinary or memory string: outlook.office.comVMware20,11696487552s
Source: Web Data.27.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: Web Data.27.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: Web Data.27.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: Web Data.27.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: Web Data.27.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DDA04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004DDA04
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE14CE8 InitializeCriticalSectionAndSpinCount,GetLastError,IsDebuggerPresent,OutputDebugStringW,5_2_00007FF77FE14CE8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B8BB67 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C15_2_00B8BB67
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B6C2C8 DebugActiveProcess,GetTickCount,WaitForDebugEvent,Sleep,DebugActiveProcessStop,GetThreadContext,VirtualQueryEx,ContinueDebugEvent,15_2_00B6C2C8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE13A10 LoadLibraryW,GetProcAddress,FreeLibrary,5_2_00007FF77FE13A10
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DA026 mov ecx, dword ptr fs:[00000030h]0_2_004DA026
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DF38C mov eax, dword ptr fs:[00000030h]0_2_004DF38C
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E8BEF8 mov ecx, dword ptr fs:[00000030h]2_2_00E8BEF8
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E8D6A1 mov eax, dword ptr fs:[00000030h]2_2_00E8D6A1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008CD6A1 mov eax, dword ptr fs:[00000030h]3_2_008CD6A1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008CBEF8 mov ecx, dword ptr fs:[00000030h]3_2_008CBEF8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B79A19 mov ecx, dword ptr fs:[00000030h]15_2_00B79A19
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7FB81 mov eax, dword ptr fs:[00000030h]15_2_00B7FB81
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_00584C52 mov ecx, dword ptr fs:[00000030h]18_2_00584C52
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_0058726A mov eax, dword ptr fs:[00000030h]18_2_0058726A
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D11D5 GetProcessHeap,__Init_thread_footer,__Init_thread_footer,0_2_004D11D5
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D7190 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004D7190
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004DDA04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004DDA04
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D6D06 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004D6D06
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D6E9A SetUnhandledExceptionFilter,0_2_004D6E9A
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E8B83E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00E8B83E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E87A8E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00E87A8E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E87BB0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00E87BB0
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E87C7F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00E87C7F
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeCode function: 2_2_00E87D47 SetUnhandledExceptionFilter,2_2_00E87D47
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008CB83E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_008CB83E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008C7D47 SetUnhandledExceptionFilter,3_2_008C7D47
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008C7A8E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_008C7A8E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 3_2_008C7BB0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_008C7BB0
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE155DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF77FE155DC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE1B4C8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF77FE1B4C8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE15B78 SetUnhandledExceptionFilter,5_2_00007FF77FE15B78
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 5_2_00007FF77FE15994 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF77FE15994
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7501A CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,15_2_00B7501A
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B752C4 FreeLibrary,FreeLibrary,FreeLibrary,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,DeleteCriticalSection,ReleaseSemaphore,WaitForSingleObject,CloseHandle,FindCloseChangeNotification,DeleteCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,15_2_00B752C4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7934C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00B7934C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B754CF EnterCriticalSection,SetUnhandledExceptionFilter,15_2_00B754CF
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B75537 SetUnhandledExceptionFilter,LeaveCriticalSection,15_2_00B75537
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B76818 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00B76818
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B7693F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00B7693F
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B76AD6 SetUnhandledExceptionFilter,15_2_00B76AD6
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DF780 FreeLibrary,FreeLibrary,EnterCriticalSection,SetUnhandledExceptionFilter,fwprintf,LeaveCriticalSection,ReleaseSemaphore,WaitForSingleObject,FindCloseChangeNotification,DeleteCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,_invalid_parameter_noinfo_noreturn,WaitForSingleObject,ReleaseSemaphore,16_2_00007FF6AF3DF780
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DF31C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddressForCaller,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,std::_Xinvalid_argument,16_2_00007FF6AF3DF31C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E106C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF6AF3E106C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DFB60 GetCurrentThreadId,SetUnhandledExceptionFilter,LeaveCriticalSection,16_2_00007FF6AF3DFB60
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E13D4 SetUnhandledExceptionFilter,16_2_00007FF6AF3E13D4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DFA8C EnterCriticalSection,SetUnhandledExceptionFilter,16_2_00007FF6AF3DFA8C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E6A54 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF6AF3E6A54
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3DFB18 SetUnhandledExceptionFilter,LeaveCriticalSection,16_2_00007FF6AF3DFB18
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3E11F0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF6AF3E11F0
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_00581850 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00581850
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_005819E4 SetUnhandledExceptionFilter,18_2_005819E4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_00585D94 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00585D94
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 18_2_00581AF5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00581AF5

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\svchost.exeFile created: BITEC9.tmp.17.drJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B6B9BC CreateWindowStationW,GetProcessWindowStation,GetCurrentThreadId,GetThreadDesktop,SetProcessWindowStation,CreateDesktopW,SetThreadDesktop,SetProcessWindowStation,CloseDesktop,CloseDesktop,CloseWindowStation,CloseWindowStation,15_2_00B6B9BC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeCode function: 16_2_00007FF6AF3D03CC CreateWindowStationW,GetProcessWindowStation,GetCurrentThreadId,GetThreadDesktop,SetProcessWindowStation,CreateDesktopW,SetProcessWindowStation,SetThreadDesktop,SetProcessWindowStation,CloseDesktop,CloseDesktop,CloseDesktop,CloseWindowStation,CloseWindowStation,ConvertStringSidToSidW,GetLengthSid,GetCurrentProcess,OpenProcessToken,SetTokenInformation,CloseHandle,LocalFree,16_2_00007FF6AF3D03CC
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{D2608593-51FF-4192-AD00-4DB48D014650}Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "c:\program files (x86)\bravesoftware\update\braveupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigdxbkyxrlcnzlcnnpb249ijeumy4znjeumtq1iibzagvsbf92zxjzaw9upsixljmumzyxlje0nsigaxntywnoaw5lpsixiibzzxnzaw9uawq9intemjywodu5my01muzgltqxotitquqwmc00rei0oeqwmtq2ntb9iibpbnn0ywxsc291cmnlpsj0ywdnzwrtasigdgvzdhnvdxjjzt0iyxv0byigcmvxdwvzdglkpsj7mzzcodvenjmtodczms00njuxlueznuqtmjbcqte2otu2qky1fsigzgvkdxa9imnyiibkb21haw5qb2luzwq9ijaipjxodybwahlzbwvtb3j5psi4iibzc2u9ijeiihnzzti9ijeiihnzztm9ijeiihnzc2uzpsixiibzc2u0mt0imsigc3nlndi9ijeiigf2ed0imsivpjxvcybwbgf0zm9ybt0id2luiib2zxjzaw9upsixmc4wlje5mdq1ljiwmdyiihnwpsiiigfyy2g9ing2ncivpjxhchagyxbwawq9intcmtmxqzkzns05qku2ltqxreetotu5os0xrjc3nkjfqjgwmtl9iib2zxjzaw9upsiiig5lehr2zxjzaw9upsixljmumzyxlje0nsigbgfuzz0iiibicmfuzd0iiibjbgllbnq9iii-pgv2zw50igv2zw50dhlwzt0imiigzxzlbnryzxn1bhq9ijeiigvycm9yy29kzt0imcigzxh0cmfjb2rlmt0imcigaw5zdgfsbf90aw1lx21zpsizotg0ii8-pc9hcha-pc9yzxf1zxn0pg
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe c:\program files (x86)\bravesoftware\update\braveupdate.exe" /handoff "appguid={afe6a462-c574-4b8a-af43-4cc60df4563b}&appname=brave-release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{d2608593-51ff-4192-ad00-4db48d014650}
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "c:\program files (x86)\bravesoftware\update\braveupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigdxbkyxrlcnzlcnnpb249ijeumy4znjeumtq1iibzagvsbf92zxjzaw9upsixljmumzyxlje0nsigaxntywnoaw5lpsixiibzzxnzaw9uawq9intemjywodu5my01muzgltqxotitquqwmc00rei0oeqwmtq2ntb9iibpbnn0ywxsc291cmnlpsj0ywdnzwrtasigdgvzdhnvdxjjzt0iyxv0byigcmvxdwvzdglkpsj7mzzcodvenjmtodczms00njuxlueznuqtmjbcqte2otu2qky1fsigzgvkdxa9imnyiibkb21haw5qb2luzwq9ijaipjxodybwahlzbwvtb3j5psi4iibzc2u9ijeiihnzzti9ijeiihnzztm9ijeiihnzc2uzpsixiibzc2u0mt0imsigc3nlndi9ijeiigf2ed0imsivpjxvcybwbgf0zm9ybt0id2luiib2zxjzaw9upsixmc4wlje5mdq1ljiwmdyiihnwpsiiigfyy2g9ing2ncivpjxhchagyxbwawq9intcmtmxqzkzns05qku2ltqxreetotu5os0xrjc3nkjfqjgwmtl9iib2zxjzaw9upsiiig5lehr2zxjzaw9upsixljmumzyxlje0nsigbgfuzz0iiibicmfuzd0iiibjbgllbnq9iii-pgv2zw50igv2zw50dhlwzt0imiigzxzlbnryzxn1bhq9ijeiigvycm9yy29kzt0imcigzxh0cmfjb2rlmt0imcigaw5zdgfsbf90aw1lx21zpsizotg0ii8-pc9hcha-pc9yzxf1zxn0pgJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe c:\program files (x86)\bravesoftware\update\braveupdate.exe" /handoff "appguid={afe6a462-c574-4b8a-af43-4cc60df4563b}&appname=brave-release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{d2608593-51ff-4192-ad00-4db48d014650}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B62B28 GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,15_2_00B62B28
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B68E96 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,15_2_00B68E96
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D6FA5 cpuid 0_2_004D6FA5
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B6EC45 CreateMutexW,CreateEventW,RegisterWaitForSingleObject,CreateNamedPipeW,SetEvent,15_2_00B6EC45
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_004D6BF6 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004D6BF6
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeCode function: 15_2_00B676DA GetVersionExW,15_2_00B676DA
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
Native API
1
DLL Side-Loading
1
DLL Side-Loading
2
Disable or Modify Tools
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts11
Exploitation for Client Execution
2
Image File Execution Options Injection
2
Image File Execution Options Injection
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop Protocol2
Clipboard Data
1
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts13
Command and Scripting Interpreter
1
Create Account
112
Process Injection
2
Obfuscated Files or Information
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job
1
Scheduled Task/Job
1
Scheduled Task/Job
1
DLL Side-Loading
NTDS35
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
12
Masquerading
LSA Secrets1
Query Registry
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Virtualization/Sandbox Evasion
Cached Domain Credentials41
Security Software Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items112
Process Injection
DCSync2
Virtualization/Sandbox Evasion
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
Process Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1410747 Sample: BraveBrowserSetup-BRV010.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 51 151 Contains functionality to change the desktop window for a process (likely to hide graphical interactions) 2->151 153 Downloads suspicious files via Chrome 2->153 10 BraveBrowserSetup-BRV010.exe 1 79 2->10         started        14 BraveUpdateOnDemand.exe 2->14         started        16 svchost.exe 2->16         started        19 4 other processes 2->19 process3 dnsIp4 103 C:\Program Files (x86)\...\BraveUpdate.exe, PE32 10->103 dropped 105 C:\Program Files (x86)\...\psuser_arm64.dll, PE32+ 10->105 dropped 107 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 10->107 dropped 117 69 other files (none is malicious) 10->117 dropped 159 Found evasive API chain checking for user administrative privileges 10->159 21 BraveUpdate.exe 17 78 10->21         started        25 BraveUpdate.exe 14->25         started        119 23.51.58.94 TMNET-AS-APTMNetInternetServiceProviderMY United States 16->119 121 108.139.47.35 AMAZON-02US United States 16->121 123 127.0.0.1 unknown unknown 16->123 109 {399B71BA-142A-4AF...ller-x64.exe (copy), PE32+ 16->109 dropped 111 C:\Users\user\AppData\Local\Temp\BITEC9.tmp, PE32+ 16->111 dropped 161 Benign windows process drops PE files 16->161 113 C:\...\brave_installer-x64.exe, PE32+ 19->113 dropped 115 C:\...\brave_installer-x64.exe, PE32+ 19->115 dropped 27 BraveUpdateOnDemand.exe 19->27         started        29 BraveUpdate.exe 19->29         started        31 BraveUpdate.exe 19->31         started        33 3 other processes 19->33 file5 signatures6 process7 file8 95 C:\...\BraveCrashHandler.exe, PE32 21->95 dropped 97 C:\Program Files (x86)\...\BraveUpdate.exe, PE32 21->97 dropped 99 C:\Program Files (x86)\...\psuser_arm64.dll, PE32+ 21->99 dropped 101 70 other files (none is malicious) 21->101 dropped 157 Creates an undocumented autostart registry key 21->157 35 BraveUpdate.exe 199 21->35         started        37 BraveUpdate.exe 1 21->37         started        40 BraveUpdate.exe 53 21->40         started        42 BraveUpdate.exe 21->42         started        44 iexplore.exe 25->44         started        46 BraveUpdate.exe 27->46         started        48 iexplore.exe 29->48         started        signatures9 process10 dnsIp11 50 BraveUpdateComRegisterShell64.exe 6 35->50         started        52 BraveUpdateComRegisterShell64.exe 6 35->52         started        54 BraveUpdateComRegisterShell64.exe 65 35->54         started        127 13.225.214.84 AMAZON-02US United States 37->127 129 13.107.21.200 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 44->129 56 ie_to_edge_stub.exe 44->56         started        58 iexplore.exe 44->58         started        61 iexplore.exe 44->61         started        65 4 other processes 44->65 63 iexplore.exe 46->63         started        process12 dnsIp13 67 msedge.exe 56->67         started        131 23.51.57.215 TMNET-AS-APTMNetInternetServiceProviderMY United States 58->131 133 20.110.205.119 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 58->133 139 6 other IPs or domains 58->139 72 ie_to_edge_stub.exe 58->72         started        74 ssvagent.exe 58->74         started        141 3 other IPs or domains 61->141 76 ssvagent.exe 61->76         started        135 23.51.56.248 TMNET-AS-APTMNetInternetServiceProviderMY United States 65->135 137 13.70.79.200 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 65->137 143 3 other IPs or domains 65->143 process14 dnsIp15 125 239.255.255.250 unknown Reserved 67->125 87 C:\Users\user\...\page_embed_script.js, ASCII 67->87 dropped 89 C:\Users\user\...\eventpage_bin_prod.js, ASCII 67->89 dropped 91 C:\Users\user\AppData\...\content_new.js, Unicode 67->91 dropped 93 C:\Users\user\AppData\Local\...\content.js, Unicode 67->93 dropped 155 Maps a DLL or memory area into another process 67->155 78 msedge.exe 67->78         started        81 msedge.exe 67->81         started        83 identity_helper.exe 67->83         started        85 identity_helper.exe 67->85         started        file16 signatures17 process18 dnsIp19 145 13.107.21.239 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 78->145 147 13.107.42.16 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 78->147 149 7 other IPs or domains 78->149

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
BraveBrowserSetup-BRV010.exe3%ReversingLabs
BraveBrowserSetup-BRV010.exe0%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandler.exe0%VirustotalBrowse
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandler64.exe0%VirustotalBrowse
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandlerArm64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveCrashHandlerArm64.exe0%VirustotalBrowse
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe1%VirustotalBrowse
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateComRegisterShellArm64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdateSetup.exe3%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\goopdateres_th.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
http://www.mercadolivre.com.br/favicon.icom0%Avira URL Cloudsafe
http://www.mercadolivre.com.br/0%Avira URL Cloudsafe
http://www.dailymail.co.uk/0%Avira URL Cloudsafe
http://www.merlin.com.pl/favicon.ico0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/update20%Avira URL Cloudsafe
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS50%Avira URL Cloudsafe
http://www.iask.com/%0%Avira URL Cloudsafe
http://www.merlin.com.pl/favicon.ico0%VirustotalBrowse
http://www.mercadolivre.com.br/0%VirustotalBrowse
http://www.mercadolivre.com.br/favicon.icom0%VirustotalBrowse
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS60%Avira URL Cloudsafe
http://www.dailymail.co.uk/0%VirustotalBrowse
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW0%VirustotalBrowse
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS50%VirustotalBrowse
http://www.amazon.co.jp/30%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/update20%VirustotalBrowse
https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_ins0%Avira URL Cloudsafe
http://www.iask.com/%0%VirustotalBrowse
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea0%VirustotalBrowse
http://busca.igbusca.com.br//app/static/images/favicon.ico0%Avira URL Cloudsafe
http://it.search.dada.net/favicon.icoCY0%Avira URL Cloudsafe
http://www.etmall.com.tw/favicon.ico0%Avira URL Cloudsafe
http://search.hanafos.com/favicon.ico0%Avira URL Cloudsafe
http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%VirustotalBrowse
http://crl.ver)0%Avira URL Cloudsafe
https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_ins0%VirustotalBrowse
http://search.hanafos.com/favicon.ico0%VirustotalBrowse
http://search.msn.co.jp/results.aspx?q=0%Avira URL Cloudsafe
http://buscar.ozu.es/0%Avira URL Cloudsafe
http://www.etmall.com.tw/favicon.ico0%VirustotalBrowse
http://cgi.search.biglobe.ne.jp/favicon.ico0%VirustotalBrowse
https://updates.bravesoftware.com/service/check2&appid=%7BB131C935-9BE6-41DA-9599-1F776BEB8019%7D&ap0%Avira URL Cloudsafe
http://www.etmall.com.tw/favicon.icoc0%Avira URL Cloudsafe
http://search.auction.co.kr/0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=0%VirustotalBrowse
https://updates.bravesoftware.com:443/service/update20%Avira URL Cloudsafe
http://browse.guardian.co.uk/favicon.ico0%Avira URL Cloudsafe
http://google.pchome.com.tw/0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/check2&appid=%7BB131C935-9BE6-41DA-9599-1F776BEB8019%7D&ap0%VirustotalBrowse
http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
http://search.auction.co.kr/0%VirustotalBrowse
https://updates.bravesoftware.com:443/service/update20%VirustotalBrowse
http://buscar.ozu.es/0%VirustotalBrowse
http://search.yahoo.co.jp/favicon.ico0%Avira URL Cloudsafe
http://browse.guardian.co.uk/favicon.ico0%VirustotalBrowse
http://www.google.co.in/C0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS60%VirustotalBrowse
http://google.pchome.com.tw/0%VirustotalBrowse
http://www.etmall.com.tw/favicon.icoc0%VirustotalBrowse
http://www.ozu.es/favicon.ico0%VirustotalBrowse
http://www.gmarket.co.kr/0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%0%Avira URL Cloudsafe
http://www.google.co.jp/d0%Avira URL Cloudsafe
http://www.iask.com/0%Avira URL Cloudsafe
http://search.yahoo.co.jp/favicon.ico0%VirustotalBrowse
http://www.news.com.au/favicon.ico0%Avira URL Cloudsafe
http://www.google.co.in/C0%VirustotalBrowse
http://www.google.co.jp/d0%VirustotalBrowse
http://www.iask.com/0%VirustotalBrowse
http://service2.bfast.com/0%VirustotalBrowse
https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%0%VirustotalBrowse
http://www.gmarket.co.kr/0%VirustotalBrowse
http://service2.bfast.com/0%Avira URL Cloudsafe
http://www.news.com.au/favicon.ico0%VirustotalBrowse
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.mercadolivre.com.br/iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.merlin.com.pl/favicon.icoiexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.mercadolivre.com.br/favicon.icomiexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://video.globo.com/favicon.icoTiexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
    high
    http://www.dailymail.co.uk/iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    unknown
    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or-darkme[1].json.42.drfalse
      high
      https://deff.nelreports.net/api/report?cat=msniexplore.exe, 00000014.00000003.2456970535.000001478A3A4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002613640.0000014788697000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      unknown
      https://updates.bravesoftware.com/service/update2BraveUpdate.exe, 00000009.00000002.2194773754.00000000010E3000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193590594.000000000110F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000002.2194873784.000000000112E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193273867.0000000001127000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000002.2194873784.000000000110F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193811485.000000000112D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2789882841.00000000009B5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2797563832.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2789706814.00000000009AF000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      unknown
      https://docs.google.com/manifest.json0.27.drfalse
        high
        http://in.search.yahoo.com/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          http://img.shopzilla.com/shopzilla/shopzilla.icoiexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSeaiexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://android.notify.windows.com/iOSxiexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              https://thehill.com/homenews/campaign/4538333-trump-doubles-down-on-call-for-liz-cheney-to-be-prosecme[1].json.42.drfalse
                high
                http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPWiexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                unknown
                http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                unknown
                http://www.iask.com/%iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                unknown
                http://www.soso.com/#iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6iexplore.exe, 00000014.00000002.4000783223.000001478698A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  unknown
                  https://www.msn.com/favicon.icoRiexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    http://www.amazon.co.jp/3iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://msk.afisha.ru/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_inssvchost.exe, 00000011.00000003.3046465702.0000023348E88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.4003150425.0000023348E88000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      unknown
                      https://www.msn.com/favicon.icoJiexplore.exe, 00000014.00000002.4005009390.000001478A597000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://www.reddit.com/iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          http://busca.igbusca.com.br//app/static/images/favicon.icoiexplore.exe, 00000014.00000003.2345224584.0000014786C86000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          unknown
                          http://it.search.dada.net/favicon.icoCYiexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://www.theatlantic.com/politics/archive/2024/03/trump-second-term-civil-rights/677783/?utm_sourme[1].json.42.drfalse
                            high
                            http://www.ya.com/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              http://www.etmall.com.tw/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              unknown
                              http://openimage.interpark.com/interpark.icoCiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                http://search.hanafos.com/favicon.icoiexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                unknown
                                http://cgi.search.biglobe.ne.jp/favicon.icoiexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                unknown
                                https://drive-daily-2.corp.google.com/manifest.json0.27.drfalse
                                  high
                                  http://crl.ver)svchost.exe, 00000011.00000003.3046465702.0000023348E88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.4003150425.0000023348E88000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  low
                                  http://search.msn.co.jp/results.aspx?q=iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.msn.com/favicon.icomiexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    http://buscar.ozu.es/iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://www.msn.com/favicon.icokiexplore.exe, 00000014.00000002.3997950631.00000035B40F6000.00000004.00000010.00020000.00000000.sdmpfalse
                                      high
                                      http://www.ask.com/iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://updates.bravesoftware.com/service/check2&appid=%7BB131C935-9BE6-41DA-9599-1F776BEB8019%7D&apBraveUpdate.exe, 0000000D.00000002.2254326611.0000000000C58000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://drive-daily-5.corp.google.com/manifest.json0.27.drfalse
                                          high
                                          http://search.live.com/results.aspx?FORM=SOLTDF&q=iexplore.exe, 00000014.00000003.2341652337.0000014786C96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://price.ru/favicon.icoKiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://www.etmall.com.tw/favicon.icociexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.google.it/iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://www.msn.com/Qiexplore.exe, 00000014.00000002.4004080553.000001478A2DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://search.auction.co.kr/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://search-dyn.tiscali.it/Miexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.amazon.de/iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://www.msn.com/?ocid=iehpp/?LinkId=255141IE8SRCiexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        http://search.naver.com/favicon.ico2iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.google.com/igiexplore.exe, 00000014.00000002.4007768177.000001478ACC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://updates.bravesoftware.com:443/service/update2BraveUpdate.exe, 00000009.00000002.2194873784.0000000001119000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000009.00000003.2193590594.000000000110F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://www.thedailymeal.com/1539701/blantons-bourbon-costco-find/me[1].json.42.drfalse
                                                              high
                                                              http://list.taobao.com/browse/search_visual.htm?n=15&q=iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://browse.guardian.co.uk/favicon.icoiexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • 0%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://chrome.google.com/webstore/manifest.json.27.drfalse
                                                                  high
                                                                  http://google.pchome.com.tw/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.msn.com/favicon.ico:Sat:Saturdayiexplore.exe, 00000014.00000002.4005009390.000001478A4BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A597000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.ozu.es/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 0%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://openimage.interpark.com/interpark.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://search.yahoo.co.jp/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://www.google.co.in/Ciexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://www.gmarket.co.kr/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://search.rediff.com/favicon.icoEiexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://search.nifty.com/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.google.si/iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.soso.com/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%BraveBrowserSetup-BRV010.exe, 00000000.00000003.2129069185.0000000003149000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2131622679.0000000003956000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.2130591212.000000000314C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000002.00000003.2147667948.0000000004271000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • 0%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                http://busca.orange.es/iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://cnweb.search.live.com/results.aspx?q=iexplore.exe, 00000014.00000002.4002270406.0000014786CA6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345642758.0000014786CA5000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.twitter.com/iexplore.exe, 00000014.00000002.4002613640.0000014788669000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.google.co.jp/diexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • 0%, Virustotal, Browse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://www.msn.com/?ocid=iehp.fMiexplore.exe, 00000014.00000002.4004080553.000001478A30C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141loreriexplore.exe, 00000014.00000002.4000783223.00000147869AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.msn.com/?ocid=iehpstorageTeststorageTest4066363iexplore.exe, 00000014.00000002.3999993042.0000014785C90000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.iask.com/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://www.msn.com/?ocid=iehpp/?LinkId=255141Listiexplore.exe, 00000014.00000002.4005009390.000001478A515000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://www.msn.com/?ocid=iehp.icoiexplore.exe, 00000014.00000002.4000783223.000001478697D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://search.centrum.cz/favicon.icoiexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://service2.bfast.com/iexplore.exe, 00000014.00000002.4002091093.0000014786C8E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346051878.0000014786C8D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • 0%, Virustotal, Browse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  unknown
                                                                                                  http://ariadna.elmundo.es/iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.news.com.au/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • 0%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://www.cdiscount.com/iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.tiscali.it/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://it.search.yahoo.com/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.ceneo.pl/favicon.icoiexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002158502.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://www.servicios.clarin.com/iexplore.exe, 00000014.00000002.4001871202.0000014786C80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342014093.0000014786C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7DIiexplore.exe, 00000014.00000002.4000783223.0000014786941000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.nate.com/favicon.ico2iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://search.daum.net/favicon.icoiexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsKJVMJR1O.htm.42.dr, 12WXL51A.htm.22.dr, BUFAGUFJ.htm.42.drfalse
                                                                                                                      high
                                                                                                                      https://www.msn.com/?ocid=iehphpa5iexplore.exe, 00000014.00000002.4005009390.000001478A647000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://www.univision.com/favicon.icoMiexplore.exe, 00000014.00000003.2345224584.0000014786C8B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002027178.0000014786C8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://www.msn.com/?ocid=iehpNfiexplore.exe, 00000014.00000002.4002613640.000001478851B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://search.msn.com/results.aspx?q=iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHFX-darkme[1].json.42.drfalse
                                                                                                                                high
                                                                                                                                http://list.taobao.com/iexplore.exe, 00000014.00000003.2341310491.0000014786C9C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000002.4002270406.0000014786CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346343749.0000014786CB4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341652337.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2342177436.0000014786CA3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341896366.0000014786C8A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2346302959.0000014786CAD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2341450975.0000014786C87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000014.00000003.2345566545.0000014786CA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs
                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  23.44.201.19
                                                                                                                                  unknownUnited States
                                                                                                                                  20940AKAMAI-ASN1EUfalse
                                                                                                                                  13.35.93.51
                                                                                                                                  unknownUnited States
                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                  204.79.197.200
                                                                                                                                  unknownUnited States
                                                                                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  13.107.21.200
                                                                                                                                  unknownUnited States
                                                                                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  152.195.19.97
                                                                                                                                  unknownUnited States
                                                                                                                                  15133EDGECASTUSfalse
                                                                                                                                  142.251.40.129
                                                                                                                                  unknownUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  23.51.57.215
                                                                                                                                  unknownUnited States
                                                                                                                                  4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                                                                                                  23.51.58.94
                                                                                                                                  unknownUnited States
                                                                                                                                  4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                                                                                                  142.250.64.110
                                                                                                                                  unknownUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  162.159.61.3
                                                                                                                                  unknownUnited States
                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                  51.11.192.50
                                                                                                                                  unknownUnited Kingdom
                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  108.139.47.92
                                                                                                                                  unknownUnited States
                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                  23.221.239.224
                                                                                                                                  unknownUnited States
                                                                                                                                  20940AKAMAI-ASN1EUfalse
                                                                                                                                  23.51.56.248
                                                                                                                                  unknownUnited States
                                                                                                                                  4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                                                                                                  204.79.197.239
                                                                                                                                  unknownUnited States
                                                                                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  20.110.205.119
                                                                                                                                  unknownUnited States
                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  151.101.194.137
                                                                                                                                  unknownUnited States
                                                                                                                                  54113FASTLYUSfalse
                                                                                                                                  172.64.41.3
                                                                                                                                  unknownUnited States
                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                  23.209.72.7
                                                                                                                                  unknownUnited States
                                                                                                                                  20940AKAMAI-ASN1EUfalse
                                                                                                                                  1.1.1.1
                                                                                                                                  unknownAustralia
                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                  13.107.21.239
                                                                                                                                  unknownUnited States
                                                                                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  51.104.15.253
                                                                                                                                  unknownUnited Kingdom
                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  69.192.109.165
                                                                                                                                  unknownUnited States
                                                                                                                                  16625AKAMAI-ASUSfalse
                                                                                                                                  108.139.47.35
                                                                                                                                  unknownUnited States
                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                  13.107.42.16
                                                                                                                                  unknownUnited States
                                                                                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  13.70.79.200
                                                                                                                                  unknownUnited States
                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  239.255.255.250
                                                                                                                                  unknownReserved
                                                                                                                                  unknownunknownfalse
                                                                                                                                  13.225.214.84
                                                                                                                                  unknownUnited States
                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                  23.209.72.25
                                                                                                                                  unknownUnited States
                                                                                                                                  20940AKAMAI-ASN1EUfalse
                                                                                                                                  204.79.197.203
                                                                                                                                  unknownUnited States
                                                                                                                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  IP
                                                                                                                                  127.0.0.1
                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                  Analysis ID:1410747
                                                                                                                                  Start date and time:2024-03-18 10:26:26 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 11m 53s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                  Number of analysed new started processes analysed:47
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:BraveBrowserSetup-BRV010.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal51.evad.winEXE@107/475@0/31
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 70%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 98%
                                                                                                                                  • Number of executed functions: 147
                                                                                                                                  • Number of non-executed functions: 301
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 4364 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 5464 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 6128 because there are no executed function
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtDeleteKey calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                  • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                  TimeTypeDescription
                                                                                                                                  10:27:23Task SchedulerRun new task: BraveSoftwareUpdateTaskMachineCore{4C1D71FA-B614-4A23-BE81-6917D8D8522E} path: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe s>/c
                                                                                                                                  10:27:23Task SchedulerRun new task: BraveSoftwareUpdateTaskMachineUA{A53F8DA3-0776-4CFB-9541-CE88DC5C602C} path: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe s>/ua /installsource scheduler
                                                                                                                                  10:28:28AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run BraveVpnWireguardService "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.174\BraveVpnWireguardService\brave_vpn_wireguard_service.exe" --interactive
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  13.35.93.51https://u42975229.ct.sendgrid.net/ls/click?upn=u001.EplbmJrqLyScvK1-2B-2FWCVbEYhxEEW8zLJsx3Gw1ROetgxgYmwf-2BhqNkt443Y4rIATAmsL6SlucSdwq48978k2cFjac7DsdfuaVn0tfo1zD2UQMuQXbBVivCWnYQWft1ml-2F4xFE-2B31Cou9s0t3O6DwxIl24D247aeE1gsiVRjWNj20d7U1G12JT6LhTE0RpF-2BYel8fYg2rtOlRONRD1a3NmTFjYuD7iXh52Atnb5RWuB91v1IrQx4s6maGio2IzI55bspMg-2FJ-2FkmqP74QJac6SG5u5cmGFK9dcwJD2lXAAcDo4Lhlifw2N4NE7nqTWlREXaGjzpRy0jPZg-2BMw7uk9n6Jw44h3rVLKa-2FSPSRlWR-2F9E-3DuToB_KCpCnX1oawtFSY8em8k2CFs-2Fh136E2KZCTsryy6zCqaDwI8vDVNacG1G326H-2FxYtxNbTqXINt1y6FYW7dfUhEJuwmcl3oTHB7ZblSyBGSx-2BR-2F8lnSGovb7GRk5-2B75m-2B6xcS9i2gKarNHQsusG8WVHuhuutLEiKNs8S4iUtYa1XtHS2HD7TS4kiSVUZ-2B1PNBNo6OK1dqN2d53-2FHErbhY8XYeFrCJBpqGweJepjDjYJng-3DGet hashmaliciousUnknownBrowse
                                                                                                                                    https://nsj.pages.dev/robots.txtGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      https://www.canva.com/design/DAF6EQJ4C4g/RbN6H2_tIuSyQea_uekL9g/view?utm_content=DAF6EQJ4C4g&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                        204.79.197.200kr.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                        • /
                                                                                                                                        13.107.21.200https://www.bing.com/search?q=%e8%8f%af%e7%a2%a9+TUF+GAMING+B760M-PLUS+WIFI%e4%b8%bb%e6%a9%9f%e6%9d%bf&cvid=8ed3431d674542bbaed6934068e7242d&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQABhAMgYIAhAAGEAyBggDEAAYQDIGCAQQABhAMgYIBRAAGEAyBggGEAAYQDIGCAcQABhAMgYICBAAGEAyBwgJEEUY_FXSAQgxMDUwajBqNKgCALACAA&PC=U531&FPIG=7973DC1DA237417B95A39D883F2961E8&first=121&FORM=PERE2Get hashmaliciousUnknownBrowse
                                                                                                                                          FW EXT Serge Bozhko sent you Air Lease Corporation-VRC CH 12032024 via PandaDoc.msgGet hashmaliciousUnknownBrowse
                                                                                                                                            https://tbyvhszminlmkuuwnrfkaos.s3.eu-west-2.amazonaws.com/url.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                              https://cloudflare-ipfs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                https://prezi.com/i/view/QfiBnVYtk96znGnH43AQGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                  http://213.109.202.222/download/xml.xmlGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                    I4i6z8T1j9j8N5349890049902.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                      https://www.jabra.com/software-and-services/jabra-directGet hashmaliciousUnknownBrowse
                                                                                                                                                        152.195.19.97AI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                          https://Hilcorp.microsoft@cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/#a2hhbmtzQGhpbGNvcnAuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            VersionDescriptor.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                              https://brandequity.economictimes.indiatimes.com/etl.php?url=conocepuertorico.com/JEEZ/FANTOO/2ALwh1DTJi/ZmphY29ic29uQHJvc2VueWMuY29tGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                https://1drv.ms/o/s!Ajjp5acUNAUe4h6j8ZiKJL8Fm2B_?e=T2w34cGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  https://onedrive.live.com/redir?resid=D557EC206FFB7160!18763&authkey=!AJvgTwV6CZ5apWY&page=View&wd=target(Quick%20Notes.one%7Ca4839789-5727-4f4a-8cb7-8f7ca326b900/GEOlogik%20-%20Wilbers%20%20Oeder%20GmbH%7C792c61c4-fbc3-4124-a7a0-3de0f5bd7abc/)&wdorigin=NavigationUrlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                    Acrobat_Set-Up.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      No context
                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      AMAZON-02USbtEPL11KBD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 52.62.245.230
                                                                                                                                                                      kt46zhUGCl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 13.227.80.119
                                                                                                                                                                      wbHziCLDIg.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 34.244.124.155
                                                                                                                                                                      https://drive.google.com/file/d/1kO3wz1-x5hbejdOQN7AEtUgnK3-Aet-v/view?usp=sharing#ZA2ISAwohmGet hashmaliciousPhisherBrowse
                                                                                                                                                                      • 52.42.137.243
                                                                                                                                                                      CZAeAv6bod.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 54.217.10.153
                                                                                                                                                                      HN5LI8sauy.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 34.254.182.186
                                                                                                                                                                      iU3WGoA77BdiFdA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                      • 76.223.67.189
                                                                                                                                                                      4M8Yu1QU0d.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.226.17.177
                                                                                                                                                                      kdDCI53rKh.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 54.247.62.1
                                                                                                                                                                      MICROSOFT-CORP-MSN-AS-BLOCKUSbtEPL11KBD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 20.37.68.246
                                                                                                                                                                      ACH-7519-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      kt46zhUGCl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 20.11.73.15
                                                                                                                                                                      ACH-3136-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      ACH-7830-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      https://www.cognitoforms.com/Edisoncslhotmailcom/SignIn?entry=%7B%22Email%22:%22mickey.mouse@microsoft.com%22%7DGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      KtvCSGVXFf.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 147.243.118.167
                                                                                                                                                                      ACH-8528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      ACH-9914-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.213.40
                                                                                                                                                                      AKAMAI-ASN1EUAI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 23.55.243.208
                                                                                                                                                                      http://marketplace-item-details-98756222.zya.meGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 23.199.48.23
                                                                                                                                                                      OlyIcHfaN3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 92.122.218.122
                                                                                                                                                                      8tDYHJXT1S.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 104.115.32.207
                                                                                                                                                                      SAAwuY5V9b.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 104.115.32.215
                                                                                                                                                                      QN1omDissd.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                      • 23.209.72.20
                                                                                                                                                                      AwV2hldmu0.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                      • 23.209.72.20
                                                                                                                                                                      https://mlcrosoft.live/render-template/?csu=YPGatgPn&status_id=nGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 23.44.201.169
                                                                                                                                                                      5mzNYOqDim.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 172.235.25.30
                                                                                                                                                                      EDGECASTUSPayment_Inv6739267.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 152.199.4.44
                                                                                                                                                                      https://forum.fontlab.com/index.php?thememode=full;redirect=https://ags.college/D5Qw4GQ3Ea4RAy2APw4GloTxB4GalP21z01coTxmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 152.199.4.44
                                                                                                                                                                      https://womensfitnessadventures.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.163.53
                                                                                                                                                                      https://cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 152.199.4.44
                                                                                                                                                                      https://dfv.pages.dev/IP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 152.199.24.48
                                                                                                                                                                      https://pub-05b0d194e6884515950cb00a5e20d410.r2.dev/giran.html?IP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 152.199.4.44
                                                                                                                                                                      You're running out of storage (98%) globeandmail.com.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 152.199.4.44
                                                                                                                                                                      AI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 152.195.19.97
                                                                                                                                                                      aa.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 93.184.216.34
                                                                                                                                                                      MICROSOFT-CORP-MSN-AS-BLOCKUSbtEPL11KBD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 20.37.68.246
                                                                                                                                                                      ACH-7519-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      kt46zhUGCl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 20.11.73.15
                                                                                                                                                                      ACH-3136-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      ACH-7830-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      https://www.cognitoforms.com/Edisoncslhotmailcom/SignIn?entry=%7B%22Email%22:%22mickey.mouse@microsoft.com%22%7DGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      KtvCSGVXFf.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 147.243.118.167
                                                                                                                                                                      ACH-8528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.246.40
                                                                                                                                                                      ACH-9914-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.213.40
                                                                                                                                                                      No context
                                                                                                                                                                      No context
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):302912
                                                                                                                                                                      Entropy (8bit):6.698956223631608
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:vwZfu+xXz86yji7+7tzuk3vbOtQtAO4D5eUdRx+Euqu7:GfuKXznyjiC75uk3CQtWD5Xx+ERu7
                                                                                                                                                                      MD5:565DAF0070618C3BBB1D486B0D5A70FA
                                                                                                                                                                      SHA1:3DF3AE144DB804EAF83BC0B89ED847380D476078
                                                                                                                                                                      SHA-256:03E2EA9C1BE863F1BD007AE03C06BF3187751A00ED0CF7C4DEB3750951E5B960
                                                                                                                                                                      SHA-512:DED5E2D3D3CA1198A576A0947127F584156919CAE2D67A688B90EBAF11C2AD8E2C50A494052245DB8A2423F90F037886A70AE2AE42EAF3122E1B1E53699FA176
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._[HC.:&..:&..:&..H%..:&..H#..:&.IO"..:&.IO%..:&.IO#.H:&..H"..:&..H'..:&..:'..;&..O/.@:&..O...:&..O$..:&.Rich.:&.........................PE..L......e.............................h............@..................................Q....@..........................................0...2...........N..@Q...p...$......T...................@.......h...@............................................text............................... ..`.rdata........... ..................@..@.data...t(..........................@....rsrc....2...0...4..................@..@.reloc...$...p...&...(..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):397632
                                                                                                                                                                      Entropy (8bit):6.440229620666291
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:/+n1e0P+GDRxRwwbClZ+jam+oAI5BciIx+U:/+n1e02axRJam+S5upxn
                                                                                                                                                                      MD5:22DB9D0D4FEC050C0420274D3073994B
                                                                                                                                                                      SHA1:46FAC4589B3FCEDA6076A36CC3D3E422C05FCCDE
                                                                                                                                                                      SHA-256:00FF35AA88B2E1C9C271365A93B019CDD3A4ACA593642712B694628D45A12C8C
                                                                                                                                                                      SHA-512:C22C6656073B7EC51390D900ED40C6AACB0BB19134BD210E17E1D7A2C27069A33CAABC7AF76D50DEE6BF73EBA982F31DB8AE0509CA5690D2E4A07E675C471D1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9...9...9.......2.........k...+...k...3...k...l.......,.......&...9..........b.......8.......8...Rich9...........PE..d...O..e.........."..........(......X..........@............................. ............`.................................................H3...........2.......,......@Q......8.......T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....6...P.......>..............@....pdata...,...........P..............@..@_RDATA...............~..............@..@.rsrc....2.......4..................@..@.reloc..8...........................@..B................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):372032
                                                                                                                                                                      Entropy (8bit):6.290860581824482
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:KfMOKV6tGrZeRIigzy/zIdNyPKxtJiD6eJj3tXPPx0t1Nosmj1c5e7QTQx+4:atAZNzif5fsm25t8x+4
                                                                                                                                                                      MD5:C8208EF35D885AF836E6740CB411BDB7
                                                                                                                                                                      SHA1:82CD43B3E74C519AB6AB9E2495C0E217F61D246A
                                                                                                                                                                      SHA-256:780FEDCD87E2AFC1A64EA295EA1A940EA69F74B43C625B6C85C0EECFD4142472
                                                                                                                                                                      SHA-512:010DD5C202E313D53DCCF86964A86D5981723A28BFD64B78752FD135DEB90763A93E04A9373136DDDB19EB6109AA540EF4E30F826DF7C02EC735A65676673A88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G.........X......X........................X......X.........N..A......A.B....A......Rich...........................PE..d...Z..e.........."..................R.........@..........................................`.................................................H........p...2...P..8....\..@Q..............T.......................(...@...8............................................text...D........................... ..`.rdata...(.......*..................@..@.data....4..........................@....pdata..8....P......................@..@.rsrc....2...p...4..................@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175424
                                                                                                                                                                      Entropy (8bit):6.036513000632513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:cQPidj5By4/EeaZL8Z0BFri9WSfWJVVqH9B+bCe5kNtupnu0D6EDpf34fdjdEcRh:heaCSgfuqdB+i48
                                                                                                                                                                      MD5:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      SHA1:184A42476F12A89731F608C7198E47BFC35A8364
                                                                                                                                                                      SHA-256:633B554A26AD05C06DFE33A50F6D69E9160207F3168E15FFD3CB5652B1E8E9D4
                                                                                                                                                                      SHA-512:DDB593D8A6BC515DCA7A4EADB2F50C28C8E61E9A829186BE9B9E8B19371E969FE055104DEFFD8CD5CD9B48F2468EC8B3D7BF6AEE45079E445D3FE42696E2D5A2
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\............................text...4;.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc...0............T..............@..@.reloc.. ............J..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):116032
                                                                                                                                                                      Entropy (8bit):6.62560704966013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oHsWPr3K6NL3FBqrx0LHu9eU53kB+XmkM/UTmG:usWG6l/q33kB+5M/BG
                                                                                                                                                                      MD5:612BFE378FBE209AC8584AE27640A97A
                                                                                                                                                                      SHA1:235AEA9A968A37CFCC8FD2C25C167EE3F8091607
                                                                                                                                                                      SHA-256:CA510F6779F14699708EA640175D8CEF89388D07BE2435D22775FC078C483E0D
                                                                                                                                                                      SHA-512:787A576E993E8D58F96EB2B0428B02AC318EABD249DCAFF26E87E6F01282CB407879D8BF280BC398D90D2EF822FDF4D11371BC732F12D8085C50DAF7F8D97407
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...2..e..........................................@.................................M.....@.................................T8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):195392
                                                                                                                                                                      Entropy (8bit):6.420855633369088
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:INA1+FyhLMnQtMIHh1a/r8/kGgTWZi1vnoY46u8sOMRzy+jGre:OAowhLMnQtMIB1a/ospTbohL5y+yK
                                                                                                                                                                      MD5:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                      SHA1:BC2E23A3FE66D39153CE5334F25FB218D9CE4FC0
                                                                                                                                                                      SHA-256:ABDD09D0B7A2718FDA3FED25F0C404F228BABD83AA59148AA40BD0E4E9A937D1
                                                                                                                                                                      SHA-512:07992FDB6B98940D403BE1AE6A7D49706EE198DF3A18771C330CB4703C4C9E83D519B23FE5CB4B1A117E7B70BBED7EB159F962AC1D7F942C8358F8DEA7F770BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d..t7..t7..t7}.w6..t7}.q6..t7..p6..t7..w6..t7..q6..t7d.}6..t7}.p6..t7}.u6..t7..u7=.t7d.q6..t7d..7..t7d.v6..t7Rich..t7........PE..d...9..e.........."......r...X.......P.........@............................. ...........`..................................................{..x...............@.......@Q...........^..T....................`..(...p^..8............................................text....q.......r.................. ..`.rdata...............v..............@..@.data...@2...........p..............@....pdata..@...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):154432
                                                                                                                                                                      Entropy (8bit):6.173383322052518
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:VkKhe7NGODfqGfusU730roSnXvnaaDSNcp/:hhmNFDfXfusAxSDSNK
                                                                                                                                                                      MD5:F0DBBAC441C6232C55D5275C77A77DD4
                                                                                                                                                                      SHA1:6AA9207B5E119091948CF286A98138E1D9B0ACE8
                                                                                                                                                                      SHA-256:1B9A4836FD73243ED7B472D71344CFE103760413334D0E5B947C87832332CC2A
                                                                                                                                                                      SHA-512:9FA2CEDEC9AD950624B9782F6E47B322966605A6E412034471C0C8AE52CFBA894078F53671BB6F9B72C2D9584EA879A028EE37341A694443F1A517658B4DA4E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.8.8pV.8pV.8pV...U.:pV...S..pV.j.R.+pV.j.U.2pV.j.S.kpV..._..pV...R.#pV...W.!pV.8pW..qV...S.9pV.....9pV...T.9pV.Rich8pV.........PE..d...^..e.........."......2...........i.........@.............................p............`.................................................H...x....P.......@..........@Q...`..T... ...T.......................(.......8............P...............................text....0.......2.................. ..`.rdata..v....P.......6..............@..@.data...80..........................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..T....`......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):224576
                                                                                                                                                                      Entropy (8bit):6.731913745591885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:XvFYwxiy+jCOCx2FssbcF8RLcul9+2+xwEJAg0FuRxqD2YqMR5+oZmYex+n1+P1/:XNYwBOPfbcF8qVtAOOTR5z5ex+sN
                                                                                                                                                                      MD5:6E63E263EB7CB0A31F4800D274BD3936
                                                                                                                                                                      SHA1:89F0AF0FB5DE7288DB94A6B4DEFB9BB474216989
                                                                                                                                                                      SHA-256:9D8EBA8007E48AE1FFCC28129AB894814F844AB5C5D1543A3C8CF863C0F88A47
                                                                                                                                                                      SHA-512:55C74E7F32E6CE21670BBA7003EBB00AC7A121A3A11B535F98D1AC3D35D1893449CA078FD093FFFCFD7547F99DB167ACAFB427F0057ABAA9115382BB0315998E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bm...>...>...>^..?...>^..?*..>..?...>..?...>..?...>^..?...>^..?...>...>...>G..?...>G..>...>G..?...>Rich...>........................PE..L...T..e.....................`......v.............@..........................p............@.................................T............2..............@Q...P......@...T...............................@............................................text............................... ..`.rdata..............................@..@.data...l&..........................@....rsrc....2.......4..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):116032
                                                                                                                                                                      Entropy (8bit):6.626583684028364
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:yPMWPuHKCqLXFBqrG033M+tZnkB+XmaLNrfei:MMWtCYfqVnkB+PLNh
                                                                                                                                                                      MD5:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                      SHA1:4E2302B2008CD8CCA7DAECBB13D42931971890E2
                                                                                                                                                                      SHA-256:79BAB0D36F4682194C20694F67F1B716438E7EAFBDBB83D9681259A41276D857
                                                                                                                                                                      SHA-512:55A671BF0BAA2407D14872AA3ECAA485D2FC267AA57374A1E0871B5060372F8989FFF8444B65BF256A45D9B92568F9B69F759F8B1E5DACE94EE91FB0A7774F03
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...4..e..........................................@.................................,k....@.................................\8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1446992
                                                                                                                                                                      Entropy (8bit):7.913845028849878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:w2hOU0p4qlWfBTfmRfanIT6lUScOWFohEp6Vvn6qtndPVmatCkbpmp:zhOJpP4JTm5T6lkFohDB6sndPVa6g
                                                                                                                                                                      MD5:E3E7498C2436A1570109FBE755AF1D40
                                                                                                                                                                      SHA1:D7FB79F465D2C87EF22088327B5BFB73899FDF7E
                                                                                                                                                                      SHA-256:498E27ED4E5BB584672992F459C0E51CD1E7345889DFF1521CCF577B13ED6313
                                                                                                                                                                      SHA-512:4DD6025D4EBD1D4EDEEC077EE39E8704D2ED04FFD5F7AD83934A2ADA8D0E3AEFB15841B36AD0454E0C2CD6BE12E13B2015DE322D27059CB2FEA8BB7F4A247096
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........................Z.....................................................................~.............Rich....................PE..L...!..e.............................i............@..................................\....@..........................................P..<g..............Pt..............T...........................8...@............................................text... ........................... ..`.rdata..B...........................@..@.data...T....0......................@....rsrc...<g...P...h..."..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1116480
                                                                                                                                                                      Entropy (8bit):6.768405587681001
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:JYCOm/qiJZz4j02iDtjNDhSRXaD5O5sHG4reqc8fvT2bz9cjclU:NO8Z0jniDtjNE6Y4rNvTkz9cjclU
                                                                                                                                                                      MD5:36C7B693D057C28F237E57964DC3D785
                                                                                                                                                                      SHA1:468394D765AC4EA8A92C4B673D4A10C6DAA1CDBE
                                                                                                                                                                      SHA-256:A718ECF01E9E995A189A6A0F9F6367ECAFECEB7BDA16705E8B7037AB844E51C5
                                                                                                                                                                      SHA-512:6F3220C27BF9D44BCBA0AB1457543D29E1DD8381541624B81045D868813D5EE647035B42761A9F53D25DBFB5D00F598254E1BAF51816052929E637ED793C8E45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r.Y.6.7.6.7.6.7...1.7.7...0.7.7...4.'.7...2...7....4.7.d.3.'.7.d.4.!.7.d.2.y.7...3.,.7...6...7.6.6.W.7...>...7...7.7.7....7.7.6.....7...5.7.7.Rich6.7.........PE..L......e...........!.....R..........}........p............................... ...........@.............................T...4...........................@Q.............T...............................@............p...............................text...qQ.......R.................. ..`.rdata..4....p.......V..............@..@.data....X...P...4...(..............@....rsrc................\..............@..@.reloc..............&..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.575420072105715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:AR+H4k4+J2HNyb8E9VF6IYinAM+oP90at2rIYiF9qmPd9AM+o/8E9VF0NyKz7P:jHZJOEpYinAMxBYiLPzAMxkEkn
                                                                                                                                                                      MD5:550A1B340AB88809669FD17EC434561A
                                                                                                                                                                      SHA1:0F6C12C069746DB4AC01DA97185E090FF509C546
                                                                                                                                                                      SHA-256:3C113F4FF22B63D42E4B3351EA2952DBB1842655DD52F0F84951961CA7C303E7
                                                                                                                                                                      SHA-512:5AD6E4B96196B15FFCFBD189AEF474DDDDBE5E6AC3FBC49BE7EA9C99A39D8F8C38FDBF7C6D0FE20B1FF0048A2E8E0BB94631FE718C507301837B9347B3A3257E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...7..e...........!.........z............... .......................................H....@.............................D....0..(....@.. q..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52544
                                                                                                                                                                      Entropy (8bit):5.5725435735274305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:J0ovtkCLu+JG8Nyb8E9VF6IYinAM+oP9VtdzACyIYiF99OAM+o/8E9VF0Nydh:PvtkCLdrEpYinAMxAEYi0AMxkE9
                                                                                                                                                                      MD5:BBC6198B60210C1578CBAA60B96FDC70
                                                                                                                                                                      SHA1:3A19EFD437D2C35CB15F2AB2D813466E8B1066B7
                                                                                                                                                                      SHA-256:9196D431048A4481911054ACAD58D849D9AC38715A2F164FB09CC52F5E41D105
                                                                                                                                                                      SHA-512:D89A7F66BF6273A0A232D543FDB98CF583B0DCDE2FFF058AA018A2368D0F0918CDCB317D0729749F490D5F6A5D9D36B04F73CB8E2CC3E3D69A123808B787B0A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!.........v............... ............................................@.............................D....0..(....@..xm...........|..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xm...@...n..................@..@.reloc..$............z..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.5655586584292065
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Jq/odckbeGZBOcl8Nyb8E9VF6IYinAM+oP9ax7AIFEIYiF93jjMAM+o/8E9VF0Nm:yoV7DlcEpYinAMxyL1YirjMAMxkE0u
                                                                                                                                                                      MD5:DA09EAA0D93375AFE0709C1809C14939
                                                                                                                                                                      SHA1:9FD4700E02BFBB7E4C890CDD59F0620FB0F9FE17
                                                                                                                                                                      SHA-256:0BD086FFED7296FF1FD8228AED8F80B8D9A8E2402AB974A9258A86887347E502
                                                                                                                                                                      SHA-512:392C0DEE8ED74DC12978E29F5777BF5D3E93BB0F839C156951F34EAA9A72AC9F4E132A99344D9EACCD5D98AB12CC7EA5F95DC1D503B6C6CB1F4086380AAC3A96
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... ............................................@.............................D....0..(....@..8y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.623684706857659
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:JcKhvUx7tYF7qKF0FrHF6zjbmBwgNyb8E9VF6IYinAM+oP9ndzZIYiF9wQAM+o/i:xhrlF0FrF3BwYEpYinAMxaYi1AMxkEI7
                                                                                                                                                                      MD5:28C55146F4311953E1CF7E468C8DC74B
                                                                                                                                                                      SHA1:76442CD814BE3FB21A0E2E8608E564C785548F13
                                                                                                                                                                      SHA-256:32216C7119BE97564830F8CBF4888632E7D1AC5F99AB65DA6C2E6A28D511800E
                                                                                                                                                                      SHA-512:5E13C7820218C29F26C64C12C318E40C11759B37300793F22E08F3D828361CCB1244123610B4AFE3E9E9E454263A862D136A96E4271B51378C50E8D2F8A83D47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... .......................................{....@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.39160458880719
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Sv2ArBupGEEpYinAMxVYiDWdSAMxkESKM:Sf397HxV7DWGxuKM
                                                                                                                                                                      MD5:44ADDEF5DF612EF84086876FFA323A76
                                                                                                                                                                      SHA1:CC7639439B15CAF8FC8F9240BEF8B757BB3054A2
                                                                                                                                                                      SHA-256:108525B759F60C5076BACA70474640E1E262BF77FF3F1A1E7822198416084D55
                                                                                                                                                                      SHA-512:7211E8549A4D6A3BD6C425DA1065F8AE0DAEE1C7325D63A8E8535FAD7464A2043CCB5F379310AB4A22C4498728F3317B79F260C097CCC652817FB521D317106F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!......................... ............................................@.............................D....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.442186434885563
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:OUBDBWpaJkhYwA+fwNyb8E9VF6IYinAM+oP9gpY83AIYiF97XAM+o/8E9VF0NyFx:huIEpYinAMxZsYiDAMxkEpb/
                                                                                                                                                                      MD5:68BF6960F7C5BF7AE817EFFC7632C017
                                                                                                                                                                      SHA1:F828B622D95F69222B68BBA9FA9F400672C84569
                                                                                                                                                                      SHA-256:5314C94178A6861A88792F34D924A56B5CC7214CC4351AFCBED536D5C3F13417
                                                                                                                                                                      SHA-512:71C84ED4417ED943EF752CDAC0D9E57FCAFAD80B3B16A2EE515734BF3A12F335FB9E4B0BE86DB1B607CF4E951D4306626C15C166C11579BBD0B866756D0DE53A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..0u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.409036773195985
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:O7aUfNnwtpTqPqNyb8E9VF6IYinAM+oP9G5rJXEuIYiF9YabOAM+o/8E9VF0NymB:X8nw/+qEpYinAMxgUjYinaAMxkEm
                                                                                                                                                                      MD5:6ECB0249DA48684622FE633F98F8F530
                                                                                                                                                                      SHA1:1B9990DCCCD813FAC7C5517A03E5C147816E486F
                                                                                                                                                                      SHA-256:0A52E3DC70183D8041683817CC0514004898E87D9C080FB93374E900660BBC0E
                                                                                                                                                                      SHA-512:E48932205ED3362B4C915C572FCAAD012205837F54520F66C33B12F9AB4179E03AEB559C18465E3C419242CF039DA5C0271FD2CBC0031F1E7C7594C71CCB75BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56640
                                                                                                                                                                      Entropy (8bit):5.377480288938011
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:XKjmxUM8QtPM0Me6INK/AGNyb8E9VF6IYinAM+oP96jjjIYiF99hJIAM+o/8E9VF:UmXjMePsAOEpYinAMxaMYivuAMxkEhJt
                                                                                                                                                                      MD5:BAEA28AE8DD3E3C70DEBCDF1AE5448B4
                                                                                                                                                                      SHA1:F8F40C17ACE4FBF272618063BC35F2502B00ADC6
                                                                                                                                                                      SHA-256:4C2DA183A792B13077B398085CFF930CBF493B8CBEC50609F2BC6747F0B8092A
                                                                                                                                                                      SHA-512:04DE4F7FA8C4A625724337539EFF093E2371ED417A6363833E7F65CBD14C9A0F64BB17EF1BA4BF51A16D6611E8240E4D2B248E4622BAB462DC331459DF64C851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.627688222986176
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:8Zr5lLO+R52/g4EpYinAMxSKYidzAMxkEd:2rl7207Hxt7dzxJ
                                                                                                                                                                      MD5:5FBDD326F7F291BE11E1D79A7B2C8A51
                                                                                                                                                                      SHA1:5701E5D3496F6D2F0C694D317F568A63990C311F
                                                                                                                                                                      SHA-256:1CB97FF90568D81F8CC9E6A2EAFB07EAA276834169365980279403D99756103B
                                                                                                                                                                      SHA-512:01BC099E7C875D6A0473F6FF577F14F3DA3123951596B5651BC757B6A2C10F293078452BB42A87084C3B862D4A0CD56129670234D2E9518E76379C534B534AAB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.419932966591344
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Xy1/Nagyh6QuZNyb8E9VF6IYinAM+oP9p91J3ZIYiF9fAKAM+o/8E9VF0NyUNk:uNagyhi9EpYinAMxVGYiQKAMxkEYk
                                                                                                                                                                      MD5:4396E672BC6FB86EDB0C6889D12CE082
                                                                                                                                                                      SHA1:C92279D00DBC2DC0EA13E3A8896EDA76A359723D
                                                                                                                                                                      SHA-256:F35E94567279C322EC1D4BB99EAA1327FCAA1F06F4BD9D1CEF8C897FD8BDA8C3
                                                                                                                                                                      SHA-512:45F40EACE1C0398EBCA42EFF48DE6208BC87147837459AEE6D882CD017A9069CAD2EBEFE8B1EF0D27F36981DDD963416F0B7B5A26AF98A84B6CB64666638D0D3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!.........z............... ............................................@.............................G....0..(....@...q..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.398655575356968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:8VgzagyWk9RUNyb8E9VF6IYinAM+oP9BCDvCIYiF9L3qc2AM+o/8E9VF0NyQr:NzagyW4UEpYinAMxmYiOBAMxkE2
                                                                                                                                                                      MD5:364F97EE7B79DEB51DCC8F5EC4A0EE7C
                                                                                                                                                                      SHA1:EC4CACCAA57714FA8B9869315B6B13C530587E2D
                                                                                                                                                                      SHA-256:DE1E4766E0A2C188604AB2927025E1F5B05CEBF7E7B20E8342B4206686A7EB96
                                                                                                                                                                      SHA-512:43894949B412A8ECA8032F68DAC6C9208D9297B8C0353B9BBACEFE13343BB94343569F4CBEE1AC2B90971C8E2CC81408C55FC57DFEB94A6297D28CBB43E4D1E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.391103646647603
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:8Uil+fs4INyb8E9VF6IYinAM+oP94Y6uFkJIYiF9EW4EVdAM+o/8E9VF0NybJ9:Il+fs4gEpYinAMxnZYiWELAMxkED9
                                                                                                                                                                      MD5:C2E2C6690755507979F570CA3E92E903
                                                                                                                                                                      SHA1:F82052FC3D2C97C18CCAE91CB64C91F02DC09AC5
                                                                                                                                                                      SHA-256:FD60F26D62F58D1AA41D11A8AD3086E2A0D92EF22AC766F606AEB2BCC3B217EB
                                                                                                                                                                      SHA-512:319A6418576BE4274269F533A5CEF62F9020B606494F3C7A5B299957931B919A86507F7888EAB5C6BB952BC65DAF76AE89439E72778BF97F77B30B520E904148
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................H....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...8........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56640
                                                                                                                                                                      Entropy (8bit):5.365606356097874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:86qBkNzf1FNyb8E9VF6IYinAM+oP9FVIrIlppcIYiF9kSx6AM+o/8E9VF0Nyueu:KBkNj1BEpYinAMxI2Yi1oAMxkEq
                                                                                                                                                                      MD5:91C76FBA7736D06307708EE572CB9ED4
                                                                                                                                                                      SHA1:64764FCB44F18104E7554D8091BD0C7EDAA9D1A9
                                                                                                                                                                      SHA-256:D62078627149F4B5B90EE68B56C640CE120519F2F0438FC136AF225510CBD343
                                                                                                                                                                      SHA-512:F789D42681BDCEE52CFD342F019A16396DAE0E3F8C929A1A004E1F9F960EC94BE72B40E8D22A0DFEDA1F743564568F457EA64A6C6E5074F323C4655964402097
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.407227689072818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:VYBW7bDFbDZETJ9TSQMNyb8E9VF6IYinAM+oP9I6UwqLYcIYiF9sx5q7AM+o/8Eg:Sm96nHMEpYinAMxTYiOYAMxkEg
                                                                                                                                                                      MD5:9599F4AEE019804B418245C5A86881C7
                                                                                                                                                                      SHA1:517D4DDD90361B89359BCCC174D9A6ECDA391426
                                                                                                                                                                      SHA-256:3023BFEDCD84AC065A38C4C6C983CCFAA0B3D5C02A610C6CA2EA00FD5545DABB
                                                                                                                                                                      SHA-512:613C6F11D11D84C1208B1CD7BDF030C3D2F5B90BC4D134C6E0584121B688AD14B01CE38C56501898962F5C859A8AF54248E86F510C20F3F7E0415163FFF95F14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........|............... ............................................@.............................D....0..(....@..xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.562768970202109
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:VCYQOZMK9Y5fNyb8E9VF6IYinAM+oP9eLcfiPdwFIYiF9EbrJAM+o/8E9VF0NyXe:c1VBjEpYinAMxMcqPVYicxAMxkEg
                                                                                                                                                                      MD5:A09A6C8DC7CEFC6CB126939947884678
                                                                                                                                                                      SHA1:16F90FF84A3CD8C98304459007C7D05A98D05CC0
                                                                                                                                                                      SHA-256:C5CFADFE624A0B92B45B121DC30D06D89150BDB03FD45B4FB7B4534BBC7EB40E
                                                                                                                                                                      SHA-512:AF6F3BE99AEA54D26E933C98695644596D814E4E8B880E5CE081093A474FB8DF973853DE5220E498ADC84FF752CFD1CA4165771F04048CA9ED7CB6C179050798
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........z............... ......................................q.....@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.408662294317196
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:V1HzPEzPhXY7RzYd99hKh1GAsNyb8E9VF6IYinAM+oP9BSzehCaIYiF9ca8lAM+c:PzPEVmKgsEpYinAMxqzTYin8lAMxkEsI
                                                                                                                                                                      MD5:1DFC8B3110BA27F76C5C6495533AF538
                                                                                                                                                                      SHA1:DD60677F7AED0FBC06877333136562EDAF0BAECA
                                                                                                                                                                      SHA-256:60A159777971A84302E150866CAE1339ADC04939BF12B7B2367243361499BBF9
                                                                                                                                                                      SHA-512:37674C26A179B839239337219EAF8F78AEAC10425DE5E7CC5A91B140B816410EEC5C4DE84E7BE825BA4CED3AA41F1B421B1902D26C5A9384C725C5682017ED72
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........~............... .......................................G....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.386310916321289
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:D7U9w+B3RVawWrEpYinAMxmR7zYiyOAMxkE8e7:D6w+B3RVawf7HxMf7y8xN
                                                                                                                                                                      MD5:20152624A1FF01D9F2BAC28D7B00CCA9
                                                                                                                                                                      SHA1:A320967BEE24E07725E3AC2DC2F66F264F1B9221
                                                                                                                                                                      SHA-256:80063F2CA78C9C757FB06B36F24F0347992DD75D300C4FB4A0DAA90D31B83A2D
                                                                                                                                                                      SHA-512:A9334CC7D97A212F816EEAC0EBE8D6A5CC4B83C72DC10C34682AE504EA9690C077A84246DBA1462E991C609431CC93B085ADC14DAE28D468B537305161D56EF7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!......................... ......................................-.....@.............................E....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...5........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.3857985161200785
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qqov98EoycpW4xUNyb8E9VF6IYinAM+oP9HaOp/IYiF91ihkAM+o/8E9VF0Ny3j+:OvaycNUEpYinAMxoMAYiAhkAMxkEt+
                                                                                                                                                                      MD5:7704C15C3F3F312CAF2849DC2EAB0E78
                                                                                                                                                                      SHA1:E3C673D407464CCB1E2DF5FC357D814C61213F7B
                                                                                                                                                                      SHA-256:FE634E2F6C7AD7BAD17BD0A956B612BB14A9064B98CF5B5E013E08AC19204744
                                                                                                                                                                      SHA-512:704A7541B55962E0DB1BF9388DA3F8A2AE1AE284AA60409D5FBC30F9BE275658D10C2DBFA80DED9F12632DA0F4F076925B5658B4F16EEEDD5320AFEADDEDCE85
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.61051850410968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:q6qm3UbeAV4DnYCRfwmkIPNyb8E9VF6IYinAM+oP9iCpiA4RpIQnBIYiF9jdiAM+:EUUbe7hbzEpYinAMx07nWYi0AMxkEoem
                                                                                                                                                                      MD5:41B7CEF8A631E5F9FF1B54F6B0CE13E7
                                                                                                                                                                      SHA1:8B695116808D99DE0B49EB54FF8AFA9A6E81368B
                                                                                                                                                                      SHA-256:3B5FFC2C6DCE2BE431CF686FCD2D2CD39FF003D42AFC27887CB128B34CBEE354
                                                                                                                                                                      SHA-512:15E72B1B3FDEB5A7AC2C4AB044224D25521A820AE62C725ECCAF6E3E2C1CDB24F9EAFB3AA12E1C1ADB042E762D49E0FE6A3B81280D1E5346BCDBDFFB8712B6FB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ......................................1.....@.............................D....0..(....@..hz..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hz...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.584260993420684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:j4x6AN6AQqjexbyqKXhHqC1EpYinAMxlcYiXl2AMxkEb:j4xXc7Hxlc7VExH
                                                                                                                                                                      MD5:5EAF10368F71EF58845D728B1C35DEDA
                                                                                                                                                                      SHA1:1D525E25F5B1B2546285B0BCD18BE0D2F81F17A5
                                                                                                                                                                      SHA-256:E9FBEA12B32D02160D14370501A622C032114C592EF7C5BF94EB620283FCB6D7
                                                                                                                                                                      SHA-512:94B31603651BC5A3BB51E44E07AF1BBDB4B6D9EAF5B0AE7584525155224F23F653AFEA2DDA885620C6362D8CEE6189C5B6C86C2D76E2CDB541415A604A4B1FE3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!.........~............... ......................................#P....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.402610840778619
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:TsfBpdOXz19szMH5KBL/yNyb8E9VF6IYinAM+oP9I2ZlxEIYiF9GTJAM+o/8E9Vz:GBK5oL/SEpYinAMxPYiSJAMxkEn
                                                                                                                                                                      MD5:615FEEC50393BF657E7B84A864D534A7
                                                                                                                                                                      SHA1:0D3807C4E28D0121C43B3A910BD4538DEEC70B5E
                                                                                                                                                                      SHA-256:6EB847167FF384D1D30B6D16939980DC89D95547A18CBA91136CE66CEF6C06B7
                                                                                                                                                                      SHA-512:76FEF42FD098DAEAC39B495C5AF7E71784204936D4D75483BB49678C3995C7FE0FC3B75F5D2E034FB974AFCFE45FA4158801C92F0A55441C5E8CD34647142AFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................T.....@.............................D....0..(....@..@v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.425116799449756
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Q17U791C2TzpwGFTbZY6d1lBVZ5qAy3FGd7HxQ74xXa:Q17U791C2TzpwGFTbZpd1lBVZMAy3FG2
                                                                                                                                                                      MD5:E200F70987E56CBDFF8C6A587A02705F
                                                                                                                                                                      SHA1:8C135AD82792C337445DAB4677B654C7390BF36F
                                                                                                                                                                      SHA-256:B285107D2D2F2D64F2F060CF57E29B08C5DD9498CE8CEF83ED7C30032CE4625F
                                                                                                                                                                      SHA-512:81163C216A1D4FB7B328D4982F4A251601242320EB413B88F423CB133526484667328716D368DAC110E6E2E4715814A8A1A85BF56A81C42DC8E48049DECDC767
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................_.....@.............................D....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.402370571282084
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:TxFmhL3THRNkAHqQ3lFRf2I9ByrUvNyb8E9VF6IYinAM+oP9Lfu7byIkdIYiF9X0:WXhR5TEpYinAMx8oKYitAMxkEc5
                                                                                                                                                                      MD5:16C771FF09E9BCFE7FD617C0F5D489AA
                                                                                                                                                                      SHA1:55AC69B62DD357DE4884A95F95786AF979F2CFE2
                                                                                                                                                                      SHA-256:6F747BB6BCF0491A3B7F2F04B802C41BD895A01D94F11E7E5B6721B17DEE26F7
                                                                                                                                                                      SHA-512:D85B041F62241EC6F4685372895200FECCC1F277F1E0D4A5015AD79CEA12FD19BB4B864EF871A4F6D7B4C0D887F4F92FAB74BFDFA7940B07866B063464749C4F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!.........|............... ......................................z2....@.............................D....0..(....@..Xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.42997837750232
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:gJqibAIErkUVQF5UefV3BEpYinAMxxYiPAMxkEA:gJqibAIErkUVurfVa7Hxx7Px0
                                                                                                                                                                      MD5:1844776B1E873892CB6D453EBCA334A2
                                                                                                                                                                      SHA1:6F36F4BF2CE6D286C0E1E59041EE506BBB96ED7D
                                                                                                                                                                      SHA-256:98E823748DC2E72B8B5A46827D501E12C9C48E209643F2DD6B4B8D333501DF8E
                                                                                                                                                                      SHA-512:8C48EB7CC40EF6798C9789A9B860BCF508D3740E948FE64E1197A422CFD240A6430FC36B5AFC23A5C1CA73FB155003B22A57AECEB207741BC9EBCAA947A411B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.3695383590059125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:4SIlDIN+shh3+Nyb8E9VF6IYinAM+oP9BNgIYiF9zMAM+o/8E9VF0NytlR:UVIN+q3GEpYinAMxPYiIAMxkEP
                                                                                                                                                                      MD5:E7A5254E3C732ED21F756B90EE6C73B3
                                                                                                                                                                      SHA1:EE2C5D342E51BE27750F5C855A9437B6BF3FEB86
                                                                                                                                                                      SHA-256:9342ACA1761B4F81F8771F19CB4A1ABD77F392194D32758FF42B98F8AA3D6CB5
                                                                                                                                                                      SHA-512:75F83A5905F8254E4FB352D00B8173D2A5614C17D166C06AB87C0B67C1C7BDF99377C7BBB89A85E6AFC5F0E5F8A045E45D64B2B157A413E871C015EB65D46F3A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!......................... .......................................a....@.............................D....0..(....@..@z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52032
                                                                                                                                                                      Entropy (8bit):5.602368818487498
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:4cKIv7hdVexaDywGfJssDNyb8E9VF6IYinAM+oP928tt+fIYiF954AM+o/8E9VFt:EgNM1fEpYinAMxZRYieAMxkED
                                                                                                                                                                      MD5:0DC19E59ACEDB7D103D0C21B02804661
                                                                                                                                                                      SHA1:477FEAD06B9DDFB85185DA85A640E6BB467FC32A
                                                                                                                                                                      SHA-256:17ED8A04CC1BCAB734F23140BFC8145BD0D038C284D50F439DAD1E66F7647C22
                                                                                                                                                                      SHA-512:20F3E9B58E9D5AE3F08096ABD5D5A43DB93238FDCDF2E96126A4B4AEB06BE2C8ADDDDC6601136EA265770AFCC7F4BE41E20F1D28CA361FE0135FC98BFA71F392
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........t............... ......................................nn....@.............................D....0..(....@..@k...........z..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc..$............x..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):51008
                                                                                                                                                                      Entropy (8bit):5.615534777551888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:hz7iEHj0FgWGNyb8E9VF6IYinAM+oP9EimJIYiF9mRDxAM+o/8E9VF0NyzCU7rR:RiED0FgWOEpYinAMxHYiWDxAMxkElt
                                                                                                                                                                      MD5:6C6093A914A889BC15133A57DB09C395
                                                                                                                                                                      SHA1:A8F9D54288D636E586271D78E7CF69E9E0121E16
                                                                                                                                                                      SHA-256:EC7AF1E9B03241F85A99F9C807FE279E322CA5528DD08B33F65D0CEFB8F04EED
                                                                                                                                                                      SHA-512:3548503A8395ABD3D19D3FFEF24832242F6F6C742678C0657FBF795DD14584B9F35BE5B02D7BC6657D486E63609E0687C1E277857DBEFCE6AE7D97E6E135605F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........p............... ............................................@.............................D....0..(....@..@f...........v..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@f...@...h..................@..@.reloc..$............t..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.638575498464374
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:hgLfUIRBSWNyb8E9VF6IYinAM+oP9BGv0Xs8fIYiF9ngp+AM+o/8E9VF0NyNwZ:cfU8k+EpYinAMxq8TgYiop+AMxkEo
                                                                                                                                                                      MD5:12B9BE5F0923BB2313C68BB46A069F4F
                                                                                                                                                                      SHA1:150A975918C1435027F295A06058C5BC110B4AB0
                                                                                                                                                                      SHA-256:DCBA408E4AFDC0831CB26D08EC05EA0616F14071E81ABAC8FE5676636C2EE151
                                                                                                                                                                      SHA-512:1CFC30E83851456DD3A5925925E34AC12F7148E20F487CDB82E0F01E06DD77B6411CF03B2094C11DF9566B1228A97024065A78F77100493902BBBEFDF6502D27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!......................... ......................................n.....@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):50496
                                                                                                                                                                      Entropy (8bit):5.652443774196828
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:hUELKTd4IY+N1vZsYoRHgA12plxB4xRkkTY1M5tkOANyb8E9VF6IYinAM+oP9cbA:HLKWmAf/jv4EpYinAMxhOHYiSAMxkEp
                                                                                                                                                                      MD5:10BAD5A24446C6E00AD2C18D09B000E0
                                                                                                                                                                      SHA1:FA030AA1F64894829C0CD8211488B38A18D12297
                                                                                                                                                                      SHA-256:91649E91509AA7200BB669AD2F5F6788EBAD7C5AA2CA6D7BB855E9FD96D010AE
                                                                                                                                                                      SHA-512:6AA1E426BF7AA470058810F0515A94C1F6D624B4FF3D99BBA09C850FD17DA4A2C2C50BDEF44AA28BBB3358486844520C46482FD7295B9EE50CCC8449940016F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........n............... ......................................P3....@.............................D....0..(....@...d...........t..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....d...@...f..................@..@.reloc..$............r..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.426785047163885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:X1ckHz05TmDq09ZEpYinAMx7b+YivPAMxkEkt:X1ckHz05+i7HxG7Hxwt
                                                                                                                                                                      MD5:74838014C6FDA1D53C8EDC8679F9D28D
                                                                                                                                                                      SHA1:491C640873E70CD0C703C57DB6F0FDC941CBE7F6
                                                                                                                                                                      SHA-256:6AAC9D75D6D02884C5CB5EF33A4BD1801D9BE70DD937C624F21E492F64CADF68
                                                                                                                                                                      SHA-512:ED792A4B625D889D8D17AD1DD23D0CC015F28B3DBCA5CD6C525E8C814996B1F806855AC4B9D59758306BE5F6F0C09979D1ACD64332E24F4C3358C5FD6857A22B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.43355377301059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:GQQpZyAxOeK6eDNyb8E9VF6IYinAM+oP9l4ZCIYiF941WAM+o/8E9VF0NylkC:IdufEpYinAMxWYiSWAMxkE0C
                                                                                                                                                                      MD5:8FA152CA88C3108EFE077F57482BB42A
                                                                                                                                                                      SHA1:B27058398730B18E39D9E16FBFBC5625AF403FF8
                                                                                                                                                                      SHA-256:01C42EB00F2E6566D3FFF4AFB0B2C2FAF34C14A1A61E29DB86B3CB76D4EFBFDC
                                                                                                                                                                      SHA-512:81620FD3D80A1C245BCBD643D1B579E3D413B3A0011AC65F39CE31929908FCD95C1D4C0D5BA89A1F907E02E351CE5EE2CE79B61E7176CA9706908BCE7A4BF59F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................n.....@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):57664
                                                                                                                                                                      Entropy (8bit):5.590444403006137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:G3zU3B7FZygp8/JLONyb8E9VF6IYinAM+oP9OFIj5iIYiF9ImPAM+o/8E9VF0Nyv:JRWJL2EpYinAMxpYifPAMxkEeC
                                                                                                                                                                      MD5:F693B959CF8C7341020D18ED345AD74B
                                                                                                                                                                      SHA1:FD57E1806796F23C639531E6DCC165FCEF4F37BA
                                                                                                                                                                      SHA-256:0B37B36D43D032BFB68F06173107AB58E8C17904C3D1247C32690E168FA922F2
                                                                                                                                                                      SHA-512:E474312498C874EF53A1FCC75A9D28A35341577BDBF672FB3D82D76A2BD9BFF6BE9477A61C64D1EB434FCB9FAC7B65912E033FDEF8877A681C614A035C01E347
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................c<....@.............................D....0..(....@..x...............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...x....@......................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.588716592426551
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:GfvCdo/7JK7bABkCNyb8E9VF6IYinAM+oP9644k0VwIYiF9QqoAM+o/8E9VF0NyZ:uYo/7JK7b5CEpYinAMxmvYivoAMxkEBV
                                                                                                                                                                      MD5:0DC5183697F790CF937860F9F8CCF8BE
                                                                                                                                                                      SHA1:531C04F6AA3B363A14740CC33D1E4D98BF857BC7
                                                                                                                                                                      SHA-256:8176DA09CFF7F0BAE0AA08430CC4CA093A68627FB631A377DF0EC82959E7F634
                                                                                                                                                                      SHA-512:E58A71558240BEE892FB783E061BF481CC2F56F01BFA5F7A2C50C0EC69B2360AB9564E80C3D34ADE0296DB1D9509861484A3D6AB3936880AF9D23CE13FF1A373
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ............................................@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.4114238474999805
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Pr10IePeyrQLtUv6oNpaMkYjZZ/fbMgTRlREDNyb8E9VF6IYinAM+oP9LeFFjUIX:qjTZf3TFGEpYinAMx+jlYiFAMxkEj
                                                                                                                                                                      MD5:742CD3150B436B909E5AD9AB6F22783C
                                                                                                                                                                      SHA1:474B8B3B75CFB25C90EB33E8E4BBCCB07068DC8D
                                                                                                                                                                      SHA-256:E537F7AB167D50E347B359AB848C46405C7FFD067408E896858C31AA99E6B228
                                                                                                                                                                      SHA-512:CDD492F93BBE49F17DC8DBAA19C1FE1FB1B3403054703D20402B07A42BB5D5F5D20F1D126103AF0DCE62EA36299835902E7FAFF96EA5D7EACD59974E6F88A2F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........|............... ......................................?_....@.............................D....0..(....@..Ps..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Ps...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.380500350214481
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:P/kLXd/T3kXNyb8E9VF6IYinAM+oP9e8Kk6U92ZHIYiF9524AM+o/8E9VF0NyZwS:ULtgbEpYinAMxPSUTYiFAMxkE0S
                                                                                                                                                                      MD5:A54633E30C2FFD23C3578C885E0E9F5F
                                                                                                                                                                      SHA1:662988663B27C21A0CC310D304346466EADD76A8
                                                                                                                                                                      SHA-256:3FB8523B91B2BFEE51CA2EA972ADA260F27BA389EA9E1DD7CB8411F21F126CA2
                                                                                                                                                                      SHA-512:AF9213815F634BC3A1DAFDF0D2BE537E4634D690C118090A81DB1138130504B4EFD27D9D0599F7295B06A5BCCE44B71E200574E583C820E820CA84D72D6E492B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!......................... ......................................D.....@.............................D....0..(....@..hx..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hx...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.41113033461094
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:PZ75JZSiyCSiykeRAYiTvaK3Q3Nyb8E9VF6IYinAM+oP9P+6kIYiF9+60/AM+o/d:xeCYGiK3Q7EpYinAMxtYiWlAMxkEh
                                                                                                                                                                      MD5:A78998736B54EC264AD3FA9529693C8F
                                                                                                                                                                      SHA1:4B468CCCB8AC25C9E9C05161DD5C44E08504B41A
                                                                                                                                                                      SHA-256:EB3F06A4EA447CE64971673C50CCF83E2842303F1A27655F3A170495C94B71C6
                                                                                                                                                                      SHA-512:F747EC1B69B931D90EF4CF31A5F8E7BA95B6AEC7B36299A0E988B1D4790F42BE8AF698FE66032324C9634E5A44FD251D7BCBFEF9C5529E7D2368FFA38CEB5962
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........~............... ............................................@.............................D....0..(....@..(u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.433825393956769
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Uym9mn7KZHCCA7U8Gp6hNyb8E9VF6IYinAM+oP9LK5SIYiF9YjAM+o/8E9VF0Nyi:SUy3AIylEpYinAMx0YiCAMxkEU
                                                                                                                                                                      MD5:E73CF3871B41E0C59440C8D709CCFD75
                                                                                                                                                                      SHA1:8428813368197AEE8E3C2BF2104297476BC4608F
                                                                                                                                                                      SHA-256:AD124B0646894F3BFCB61D366D7BA5EDF4978766807B5422AD1778509231679F
                                                                                                                                                                      SHA-512:A31E82503BB3D8E1DB9EF4C1030ECD481396183CC64905FAF91E52F9C3E68469FDF3A850357AD70466D2810855D2B58E19B9302499D2547F85A610B1F8159FF5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.4115414787256
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:UYnLplZcOZX8mNyb8E9VF6IYinAM+oP9m675zIYiF9cHymAM+o/8E9VF0NycBM8s:3bguEpYinAMxJiYiEAMxkEI7s
                                                                                                                                                                      MD5:0227D71A996FAB2B394DFB17A43F1F8D
                                                                                                                                                                      SHA1:DA6002C093911114035CBD5D7D29FA51E3DF2C45
                                                                                                                                                                      SHA-256:290A463B8B11E5F5C5D3BCC2B5B8D910721BA645E2B4B3AF951223F76610BEDF
                                                                                                                                                                      SHA-512:FB95F13C4AC6A7B8AD13F271EE3D93ABBD5E0713F0C0DE402D7B73EC82B483A26C6B071ED5521914E34E74AEF168F9FA0762801FB37EAD9D05CD3D675AE2CCFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!.........~............... ......................................W.....@.............................G....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.392362813870133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:UaAtOstnEx6ewB/Nyb8E9VF6IYinAM+oP9/KlAIYiF9J3ReAM+o/8E9VF0Ny1SX7:w/Ex/UDEpYinAMxGYiNgAMxkEC7
                                                                                                                                                                      MD5:962BFFC6EC3DA987471851A4240AEB61
                                                                                                                                                                      SHA1:BA1B8AFF4FACD861553039A256A7623ABF30CD66
                                                                                                                                                                      SHA-256:3BD318A0867F1C971DAAE6A96C6EF2A09FBFB15EC5B3706DA34453410EA1F4FA
                                                                                                                                                                      SHA-512:D975EE07C82CD658E4A3B6CF67BBD8FD41D989D718E5EAD479E0250BC3C66A933FD0E8B1DA468E0C906986AEE58E3C0F148E4F8A23B19121844F5847E1AE14D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ......................................K^....@.............................G....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.412695960496245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:5nCRNNDM7qm0GdVqT541naEpEEpYinAMxmYiTAMxkE0:5VdVqlca67Hxm7Txo
                                                                                                                                                                      MD5:54B9FDA6AB88DC9EF0F0C8B19EA06CD0
                                                                                                                                                                      SHA1:C34D52741A8986FCF0991A4CECFE1B2A7C6E85AB
                                                                                                                                                                      SHA-256:1F00F564F1136096FBE58EFDB22E54923E090BA3392CDC51C837A7294A3FD5BE
                                                                                                                                                                      SHA-512:BEFDF3BAED01EA905751CCE248E854CDC43D5A9D77B2EBD27E68C297464A5A0AC1ADF739E8371F0C731A5A7ABB83E6FA227D11120F70D668113F69612D44B6E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.578353591774595
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:tlWSFA47AvHlho4d2hNyb8E9VF6IYinAM+oP9Hn737IYiF9iFAM+o/8E9VF0NyfL:qvvHUlEpYinAMxF0YisAMxkE+No
                                                                                                                                                                      MD5:DD650BDAB776FD3239AAD311BC8CBBD3
                                                                                                                                                                      SHA1:583A340581B2A78DF490951FFE6A7BEEBB51BA11
                                                                                                                                                                      SHA-256:475B114201EC72F4EF26FC66B61AF438CE77F69E5E96D3CFC8FB00BA148AAC51
                                                                                                                                                                      SHA-512:862313704DFFAD1AF1FA72D8F9F1FE4757A9A1082BE41C78E5C307C56F36D986D1F5580922800050E08BB37ED2EB18A6FF629131199E41350A22EA230DD6DC9F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.437717171626643
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:t4lmP8uhJPiR6gLTmNyb8E9VF6IYinAM+oP9AWB5BGJgVIYiF90xFNAM+o/8E9V2:uMF8RjuEpYinAMxlgqiYicFNAMxkEAR
                                                                                                                                                                      MD5:DC24DAA70A6551CD038929F3EC055306
                                                                                                                                                                      SHA1:99843D43C0CC3D4C76A5C817CA4DB49820820C65
                                                                                                                                                                      SHA-256:847440B8D60A11DCE3E254916E5CD926D58C9F06F0D95436B62FF9B9AAAEF4B0
                                                                                                                                                                      SHA-512:451C21F435A451CC4C47623D028B1CF3939CB59B9F9A6D6D71B2F94F9B4CFD487A8756ACFF27768B454F23F2D501E9AFC67E586F9C005142CBC712E5CEDC2D9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........~............... ............................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.399846673022657
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:tkcnTcshVyigOHHTpWBdH1i2IXousrNyb8E9VF6IYinAM+oP9z5XKiS9IYiF9JJd:v+hOHHy1YZsnEpYinAMxfXvYinAMxkEP
                                                                                                                                                                      MD5:FA0AFF0B7EFD37A6195AA454012095E8
                                                                                                                                                                      SHA1:EF4A3CA1608A8FD5DE56B2B94DBD46304480B375
                                                                                                                                                                      SHA-256:7580B1B666C4A6DE0EB5AD03DAFB2F9FB49AD148754A68611E9988ACBBA5023D
                                                                                                                                                                      SHA-512:FB5A73B6134F991FC2E5D9A82B747C821074BEF86A7651638FC0127BEEF78B817811BB00417168BB937F968D55D8356AC0D19C2B569A6B9B31A10531683466CF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... .......................................v....@.............................D....0..(....@..0v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.573738261423414
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CT63FOxCx7UjYN3tGGNyb8E9VF6IYinAM+oP93kDWvSpIYiF94yIj/AM+o/8E9V1:D3TUj+dGOEpYinAMxoCYi8/AMxkEq34
                                                                                                                                                                      MD5:D5D54965E6FB81875F2FCEA8F21515BA
                                                                                                                                                                      SHA1:87F22E6FA6D34CAA26CAF427D5F339880496EFE1
                                                                                                                                                                      SHA-256:759CC7CC96EA181926AF2F6B274CDB9BF63E329FC32A7A1C10B4CFDEE786F2A6
                                                                                                                                                                      SHA-512:308068EB57F007A4674BF5D90C9410BACC715E4AE537ADEC4CAF7F6837544D5526C676BEB2B1488090E7D9F4E966F030709C2934DE3A64E0A9059CE49D1F6A14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... .......................................x....@.............................D....0..(....@..Xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.415346681858155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CeC7xC7Ec3EINyb8E9VF6IYinAM+oP9Up1XIYiF9+kAAM+o/8E9VF0Nyu7:E7xCYc3EgEpYinAMxqOYioAMxkEG
                                                                                                                                                                      MD5:9C09AE8A870215FF9CF80F09D44F5610
                                                                                                                                                                      SHA1:2EE0328D7617A3D5A46C432DB2AE8BA2D335CB10
                                                                                                                                                                      SHA-256:49FDD7A5FA81697613F0495EA9E6025FFF84565184A1F3279CA42B166920F1E8
                                                                                                                                                                      SHA-512:7351B3955F0F881329DCD209841C84A05E0A2C2472FBF1B9F70505D4CE4A6A5FD612D45F3E11E917AB4D086E3B0C1CC7429238EC6DB6DBC879ECD9F3B8340B1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... ...........................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.425300372554538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CL9FgicgiY7upr4M5aNyb8E9VF6IYinAM+oP91k+DrpIYiF96sAM+o/8E9VF0NyU:QFQ07Gr4M56EpYinAMxwYiJAMxkEUh
                                                                                                                                                                      MD5:1048D12C5DAA3492E2CC9060BC6AD9C4
                                                                                                                                                                      SHA1:50051ED23E19D842EB6C9162F537E7C20185ADE3
                                                                                                                                                                      SHA-256:9123A236243EC5508DB14A4E4E5B2BF3DCA077A6F6A85D24730D0A60A7B10518
                                                                                                                                                                      SHA-512:F9F6FF586A13CB32281234478A9F7CE2C6222EB94029EBC448815A5083E0303FC7CCA26F03E38575D449E81869817425F9AB2FF321D6A7EA5EE2EB0F99FB6C7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!......................... ......................................<V....@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56640
                                                                                                                                                                      Entropy (8bit):5.625808123733913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:KmHY51ZLm+4HwpEpYinAMxRBYinyxAMxkEqw:K27Hxb7+xmw
                                                                                                                                                                      MD5:795ACCE152FDF555FC5F0CBDC21BAC4A
                                                                                                                                                                      SHA1:B3A5F664D53813E69E33B4AEC327D8121E6066D9
                                                                                                                                                                      SHA-256:F22F4C4B011B9989D73F0EF16D85F9AA5471CC03394C99FC6D74C401ECA88700
                                                                                                                                                                      SHA-512:92638A7BD5962C44F3B21864FFBA114EF82B66334735D247B53ECC3A980C1208F597260547A2B9DA938C6D9D9BEF37AE94D5F6AF0683E0D551E6285D7FAE5769
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...}..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....}...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.591538654163846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aVo3N5ya+LDQEpYinAMx7i+HCYi0GzCAMxkEX:aVo3Ip7HxI70LxD
                                                                                                                                                                      MD5:CB8793AEC04A19877FA3702EDA7C9416
                                                                                                                                                                      SHA1:7771A48AFE1B50C03BAE7D98090929753177C9DE
                                                                                                                                                                      SHA-256:FA58B434E5253B28091CE425EC9296E499241CFC24992E1592154FD1EC449819
                                                                                                                                                                      SHA-512:577EE217E15379E1523FA72FD995E450FE7DAD262E299B594CDC6A8455DCD5002454B84695BCB3B3370DFB03C0B540B931FFF2C43AC50311FB5E95CD9A76219F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.6119616279583715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:TjlrGszNMfetNgEpYinAMxwKYi6AMxkEyI:TjlrGs+fetn7Hx774xWI
                                                                                                                                                                      MD5:36FF03BB1A029CF62E2FBC0112AB1E1C
                                                                                                                                                                      SHA1:C6BF4C0E47941019999722F1E57346498AF0A79A
                                                                                                                                                                      SHA-256:0F6B55613060D527AE41D5BCF5F34F50BD668BA57F9D4D2521EE7DAB2D053C02
                                                                                                                                                                      SHA-512:08AF745E330ABD384BF06468A2C1A7F6221B0A6C1A9452031FCB4076959C51EB912269EFF77E71F55BFB41C2BE1967A9373B224522ADF856E07B48593E68A92E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!.........z............... ............................................@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.448739449189127
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Jip9ABk6qXQEdmvgh3FGk+G9Ahrx++BzQSX/EpYinAMxlDCYiZ+mAMxkEPo:JiZhdmvMFGkSxLQK47Hxg7Zxx0
                                                                                                                                                                      MD5:96C569C1FF875B897A2EBDDD3BCEE40B
                                                                                                                                                                      SHA1:44F8019C435ECBC1B00E8F1223ECE6C42F1E9976
                                                                                                                                                                      SHA-256:9682AF6D55EB930C650D69D7ECD4A6101681425F4821333C4513916AE57CC14D
                                                                                                                                                                      SHA-512:4E6521B28184AB8D09D45FD30E96F3703ADE7F495211380DB0BA79F0372CD834861165B9D66D8CDD0A036850C9866203A6EE60642B80DB4F89D7037BA56C8BC2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................$.....@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.574026643245629
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:QxZMuKgHWyC2EeovVHE/GfuQNyb8E9VF6IYinAM+oP9+Z9BIYiF90+1AM+o/8E92:UMu2uoEpYinAMxkWYixAMxkEw
                                                                                                                                                                      MD5:BB5F78643FDFBB3600ABB2D4529D857B
                                                                                                                                                                      SHA1:95F987F0237584B8428470EF8A34774CB18E83DE
                                                                                                                                                                      SHA-256:2D701243EFCC415F101A68D9A80BD1F93718DF906C5A9DF94B7C7210A72EEFA4
                                                                                                                                                                      SHA-512:98A80DC74B3A7FAA06401299E2260D6E5801F30C0066F6F4F3BE0B66D432E36FB72044038B839019B0EC37FB8B7317046DD69E74F2E97A7C3CA1DB277891345F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................@.....@.............................D....0..(....@.. t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.583323336112305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:avoo+OmAcoWACeesYQEpYinAMxYn/YiGAMxkEj:am7HxG70x3
                                                                                                                                                                      MD5:0E98103A45EBECEDAE05F0EB6BB4AE6B
                                                                                                                                                                      SHA1:4FD5E0061553B702FC058A1052B6A0CE58F470D7
                                                                                                                                                                      SHA-256:B5931F32C31EFFB7FC90F95CD27481DB36B6BDB31FBB982CA787794D7E51F892
                                                                                                                                                                      SHA-512:DC37D909B89017BB2395D8C809D65427AE8C485075FD4D725D3A9BB636A43E0540DA712026CED6BD59BD634743C3A10471D2D7FBBAAF962BAFFFB52DE7F845D6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........|............... .......................................'....@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.499322127248548
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZF7ysKFjncHNyb8E9VF6IYinAM+oP983nX18hIYiF9nX/qAM+o/8E9VF0NynU:LysKVcrEpYinAMxmnzYiKAMxkEG
                                                                                                                                                                      MD5:7A22F812F92B7F00EF38A14A70BE3F82
                                                                                                                                                                      SHA1:F1D265A2C835DCDD6225889E895EEDB7094943A2
                                                                                                                                                                      SHA-256:B3886AF3ABCF6880516189F822DB806524564AAB38F7F9C8AF9052F632BFEA0B
                                                                                                                                                                      SHA-512:4B82DDE7A1FBC563D7000A034AD943B7AC562CDC8757A70E1899FB418BB7EB3632A6E2BB8227F296DA503EAF16FA3398529CA7781AF606DFC31060E71CF999C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........|............... ......................................x.....@.............................D....0..(....@..Xs..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xs...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):48448
                                                                                                                                                                      Entropy (8bit):5.620247349904402
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZAURXZshAWB8Nyb8E9VF6IYinAM+oP9QNA9BPxo0IYiF9YU2AM+o/8E9VF0NyZg:HEAWBcEpYinAMxQYi6AMxkEk
                                                                                                                                                                      MD5:66B5ABEC8E4B2CABF62B68BD265A48B9
                                                                                                                                                                      SHA1:5CA58A3B929FC41E617F4CD205317B86E5346642
                                                                                                                                                                      SHA-256:BBEADD3AF22684259C95C463660AF9C35BA150A00A823B419DF4C633BD1B53CD
                                                                                                                                                                      SHA-512:F6958C4D687040E17B9A85DC59F26FF2E4B9321D05165946C744F97AB6D29ACFDC8DC531C3B68A25BEFF13BB566D73DC6FD95DA0A292B24F013C0270A27B0137
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):48448
                                                                                                                                                                      Entropy (8bit):5.631167984677434
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZuHOldGBiuNyb8E9VF6IYinAM+oP9Hs4S4U7IYiF9cO/TqlAM+o/8E9VF0Nyq2:fg5EpYinAMxeEYiV/TqlAMxkE3
                                                                                                                                                                      MD5:7B02084502F62AB08E9F4DDEE91A3068
                                                                                                                                                                      SHA1:4588AC3DE96A3DE4E11E0DF0079C58D45208BD8C
                                                                                                                                                                      SHA-256:8F04BB3D46A4BC4EB58A250296F6B8C97CA37FAC73319D7C7BD8D89CE9AC098B
                                                                                                                                                                      SHA-512:131FC0928334771CFFEA4CB4AEDF7E993CFEA819E492033601F5025C31C900413E9E534B5982040147B2D4F3EDBB764D588E78EA217DB0CA8C34FA3550EEDD55
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):282432
                                                                                                                                                                      Entropy (8bit):6.580618907494474
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:eRGm4nC4FXoZGxrxAO0e8x5q9Sj/aazvo:eGm4nXFXoZ4qeK5hZo
                                                                                                                                                                      MD5:B5BDDAF2C405EE17FAF06640D0F27397
                                                                                                                                                                      SHA1:4FEAD2DC9C066B21C99ACF1646D63A457E5587D0
                                                                                                                                                                      SHA-256:94B5ADE4D93F125632A7C8DBF79F99DEA877C28C2F40A9CA47C3C660A822CE4F
                                                                                                                                                                      SHA-512:D620835B8A46E2F0363B2FD1D0A38D58E4BAAA32F1B2DA0F8B9AB8286E031A8B4CA9077C53F88881ED827488C104D1EE099074A2FB7E4A786E8D12901EB4D2BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...=..e...........!.........................@...............................P......P.....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):359232
                                                                                                                                                                      Entropy (8bit):6.269305509202009
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:YgW2y+X80/lGibh/Y7+Vkm5RVsMwbQYohXbBW+15qqpj/aak:/LX8klGibhA7+VlRGbQYobt5/q
                                                                                                                                                                      MD5:7931008AC869E46D780872FDE1ED4328
                                                                                                                                                                      SHA1:37B92B318D5252DDC9CAD22BCC37378124BB92CA
                                                                                                                                                                      SHA-256:971C492072C6E6E6DDB0B8584059E9AF58F3B089DECB151FD860599E818AD1FD
                                                                                                                                                                      SHA-512:E1A69A6DBF917D336F93783CB60D4D8FE5D7A2A15B2C993AA27A63DD87CFCE235BB4C9D7EC46359BA65C9D610D6CB369EA3BE5058192410C93C36B73B585A579
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...B..e.........." .................D....................................................`..........................................\......4]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..>...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):327488
                                                                                                                                                                      Entropy (8bit):6.0919814113297415
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:MeyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeRobT28r5RIf7Kj/aaLA:fyDB/IMlG2k5au6
                                                                                                                                                                      MD5:8A08A9BBC3817967911FAEBB23D3892B
                                                                                                                                                                      SHA1:41D7426E52AF9E489767A87BCB3B1D0D10992BE3
                                                                                                                                                                      SHA-256:DF412FE80FB7C2DDA4FC6067641D8A86C53A98C8E8AF2712D657AE8610AE7646
                                                                                                                                                                      SHA-512:F5C77E3DA56FD9C9171EA04B2F28D20EB1B62EA82AD0CCE371896AF592E7B6023FC478343A4481F1D73678425257AFCE8A8A591F724E90CCB57EB72CEAF0B8DE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...c..e.........." .........(.......q....................................... ............`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):282432
                                                                                                                                                                      Entropy (8bit):6.580127272835487
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:2RGmVviIKXox+xDvAOlXMx5qNSj/aazvVP:mGmVv3KXoxefX65hZl
                                                                                                                                                                      MD5:51529BD404AD6A93BACC2FAA88376CA9
                                                                                                                                                                      SHA1:1891AFC0ADAD2250EB4F36988651039BC975BC52
                                                                                                                                                                      SHA-256:ABAD43AD3E27D1E6C8611AE285AD1A7C96127DF36B98DC2FE5674B511B62421B
                                                                                                                                                                      SHA-512:D8F63D61B6BD040FE03A14AE5DBACE73B929E9781EC64A359BF2A832F564DF6D096F0231AB0F408B60C9A6FEA1BD00B15DC0B58152F718C36F3FFA48CF661652
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...F..e...........!.........................@...............................P.......^....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):359232
                                                                                                                                                                      Entropy (8bit):6.269345224951521
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:xgW2yufk0/lGibh/Y7+Vkm5RVsMwbQMohQbwfE15qArj/aa/:ObfkklGibhA7+VlRGbQMoJ25z/N
                                                                                                                                                                      MD5:0259892D2CB710C05CFFCA79F9686FA0
                                                                                                                                                                      SHA1:185CB66A76CD7B26AD2EAFFF6B1222A7B6C0F309
                                                                                                                                                                      SHA-256:843DFFA160083155BCC046EBD3C99FA035044156C203A7AE191C629CD83A0EF7
                                                                                                                                                                      SHA-512:F9A0A25C5D95584055E097593F42FCA04BB4A80BA48A5AC0D592C88273D90896AEB4C975DE72CCB93886209AFFF3F18D771CA7D948AF5BB03B277250D5ED1A97
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...K..e.........." .................D....................................................`.........................................p\...... ]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..&...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):327488
                                                                                                                                                                      Entropy (8bit):6.091915599984797
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:0eyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeHo+TAYr5RIf7Kj/aamO:3yDB/IMlpAw5au/
                                                                                                                                                                      MD5:8C35995DEDA169AF62A83A5F302C9EB1
                                                                                                                                                                      SHA1:A45BE3269442DFC9A4D89EFF0003E2292349C2CE
                                                                                                                                                                      SHA-256:0C5845A003CE6480B24712459725581839E36B00514DA26D4214853107E090D0
                                                                                                                                                                      SHA-512:2D660FB5CEE6C99E3A6AC54872D0F404E9F7A21B141FBCC067BE40EECDEAE29AC2D1E5141211CFB704EE70BDE40C4D5336E3538F0883143245B90BBBB82F63D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...g..e.........." .........(.......q....................................... ......6.....`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File Type:POSIX tar archive (GNU)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8161280
                                                                                                                                                                      Entropy (8bit):6.460371542708208
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:haO8k3+oXktjNk4rljVNlKgI8YUQyn1XoJ0MXoY0jdazPbc3CkS:bSttjTjlMQ4Jg6YCk
                                                                                                                                                                      MD5:C69E8BD5630DF92574407BB3E2C583B1
                                                                                                                                                                      SHA1:E69D3D9BF35F7D68D36C62A6318DE932835A260C
                                                                                                                                                                      SHA-256:84833AD5A43C284CF9136BCD0387F87F5F57A50E3FD36D36B8D67CE4CE5207B7
                                                                                                                                                                      SHA-512:232EE15039E0C3C407A60F77E058C5BAA2D052919EAB8CBE8E48691AE783F5FEA1671687ED2A0E988F5596750298F49DE4B7DB49D89FC1C07B4F42B67509E3E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BraveUpdate.exe.....................................................................................0000777.0000000.0000000.00000526500.14572006453.012136. 0....................................................................................................ustar .................................................................0000000.0000000........................................................................................................................................................................MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\...........
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):302912
                                                                                                                                                                      Entropy (8bit):6.698956223631608
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:vwZfu+xXz86yji7+7tzuk3vbOtQtAO4D5eUdRx+Euqu7:GfuKXznyjiC75uk3CQtWD5Xx+ERu7
                                                                                                                                                                      MD5:565DAF0070618C3BBB1D486B0D5A70FA
                                                                                                                                                                      SHA1:3DF3AE144DB804EAF83BC0B89ED847380D476078
                                                                                                                                                                      SHA-256:03E2EA9C1BE863F1BD007AE03C06BF3187751A00ED0CF7C4DEB3750951E5B960
                                                                                                                                                                      SHA-512:DED5E2D3D3CA1198A576A0947127F584156919CAE2D67A688B90EBAF11C2AD8E2C50A494052245DB8A2423F90F037886A70AE2AE42EAF3122E1B1E53699FA176
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._[HC.:&..:&..:&..H%..:&..H#..:&.IO"..:&.IO%..:&.IO#.H:&..H"..:&..H'..:&..:'..;&..O/.@:&..O...:&..O$..:&.Rich.:&.........................PE..L......e.............................h............@..................................Q....@..........................................0...2...........N..@Q...p...$......T...................@.......h...@............................................text............................... ..`.rdata........... ..................@..@.data...t(..........................@....rsrc....2...0...4..................@..@.reloc...$...p...&...(..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):397632
                                                                                                                                                                      Entropy (8bit):6.440229620666291
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:/+n1e0P+GDRxRwwbClZ+jam+oAI5BciIx+U:/+n1e02axRJam+S5upxn
                                                                                                                                                                      MD5:22DB9D0D4FEC050C0420274D3073994B
                                                                                                                                                                      SHA1:46FAC4589B3FCEDA6076A36CC3D3E422C05FCCDE
                                                                                                                                                                      SHA-256:00FF35AA88B2E1C9C271365A93B019CDD3A4ACA593642712B694628D45A12C8C
                                                                                                                                                                      SHA-512:C22C6656073B7EC51390D900ED40C6AACB0BB19134BD210E17E1D7A2C27069A33CAABC7AF76D50DEE6BF73EBA982F31DB8AE0509CA5690D2E4A07E675C471D1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9...9...9.......2.........k...+...k...3...k...l.......,.......&...9..........b.......8.......8...Rich9...........PE..d...O..e.........."..........(......X..........@............................. ............`.................................................H3...........2.......,......@Q......8.......T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....6...P.......>..............@....pdata...,...........P..............@..@_RDATA...............~..............@..@.rsrc....2.......4..................@..@.reloc..8...........................@..B................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):372032
                                                                                                                                                                      Entropy (8bit):6.290860581824482
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:KfMOKV6tGrZeRIigzy/zIdNyPKxtJiD6eJj3tXPPx0t1Nosmj1c5e7QTQx+4:atAZNzif5fsm25t8x+4
                                                                                                                                                                      MD5:C8208EF35D885AF836E6740CB411BDB7
                                                                                                                                                                      SHA1:82CD43B3E74C519AB6AB9E2495C0E217F61D246A
                                                                                                                                                                      SHA-256:780FEDCD87E2AFC1A64EA295EA1A940EA69F74B43C625B6C85C0EECFD4142472
                                                                                                                                                                      SHA-512:010DD5C202E313D53DCCF86964A86D5981723A28BFD64B78752FD135DEB90763A93E04A9373136DDDB19EB6109AA540EF4E30F826DF7C02EC735A65676673A88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G.........X......X........................X......X.........N..A......A.B....A......Rich...........................PE..d...Z..e.........."..................R.........@..........................................`.................................................H........p...2...P..8....\..@Q..............T.......................(...@...8............................................text...D........................... ..`.rdata...(.......*..................@..@.data....4..........................@....pdata..8....P......................@..@.rsrc....2...p...4..................@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175424
                                                                                                                                                                      Entropy (8bit):6.036513000632513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:cQPidj5By4/EeaZL8Z0BFri9WSfWJVVqH9B+bCe5kNtupnu0D6EDpf34fdjdEcRh:heaCSgfuqdB+i48
                                                                                                                                                                      MD5:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      SHA1:184A42476F12A89731F608C7198E47BFC35A8364
                                                                                                                                                                      SHA-256:633B554A26AD05C06DFE33A50F6D69E9160207F3168E15FFD3CB5652B1E8E9D4
                                                                                                                                                                      SHA-512:DDB593D8A6BC515DCA7A4EADB2F50C28C8E61E9A829186BE9B9E8B19371E969FE055104DEFFD8CD5CD9B48F2468EC8B3D7BF6AEE45079E445D3FE42696E2D5A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\............................text...4;.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc...0............T..............@..@.reloc.. ............J..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):116032
                                                                                                                                                                      Entropy (8bit):6.62560704966013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oHsWPr3K6NL3FBqrx0LHu9eU53kB+XmkM/UTmG:usWG6l/q33kB+5M/BG
                                                                                                                                                                      MD5:612BFE378FBE209AC8584AE27640A97A
                                                                                                                                                                      SHA1:235AEA9A968A37CFCC8FD2C25C167EE3F8091607
                                                                                                                                                                      SHA-256:CA510F6779F14699708EA640175D8CEF89388D07BE2435D22775FC078C483E0D
                                                                                                                                                                      SHA-512:787A576E993E8D58F96EB2B0428B02AC318EABD249DCAFF26E87E6F01282CB407879D8BF280BC398D90D2EF822FDF4D11371BC732F12D8085C50DAF7F8D97407
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...2..e..........................................@.................................M.....@.................................T8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):195392
                                                                                                                                                                      Entropy (8bit):6.420855633369088
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:INA1+FyhLMnQtMIHh1a/r8/kGgTWZi1vnoY46u8sOMRzy+jGre:OAowhLMnQtMIB1a/ospTbohL5y+yK
                                                                                                                                                                      MD5:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                      SHA1:BC2E23A3FE66D39153CE5334F25FB218D9CE4FC0
                                                                                                                                                                      SHA-256:ABDD09D0B7A2718FDA3FED25F0C404F228BABD83AA59148AA40BD0E4E9A937D1
                                                                                                                                                                      SHA-512:07992FDB6B98940D403BE1AE6A7D49706EE198DF3A18771C330CB4703C4C9E83D519B23FE5CB4B1A117E7B70BBED7EB159F962AC1D7F942C8358F8DEA7F770BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d..t7..t7..t7}.w6..t7}.q6..t7..p6..t7..w6..t7..q6..t7d.}6..t7}.p6..t7}.u6..t7..u7=.t7d.q6..t7d..7..t7d.v6..t7Rich..t7........PE..d...9..e.........."......r...X.......P.........@............................. ...........`..................................................{..x...............@.......@Q...........^..T....................`..(...p^..8............................................text....q.......r.................. ..`.rdata...............v..............@..@.data...@2...........p..............@....pdata..@...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):154432
                                                                                                                                                                      Entropy (8bit):6.173383322052518
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:VkKhe7NGODfqGfusU730roSnXvnaaDSNcp/:hhmNFDfXfusAxSDSNK
                                                                                                                                                                      MD5:F0DBBAC441C6232C55D5275C77A77DD4
                                                                                                                                                                      SHA1:6AA9207B5E119091948CF286A98138E1D9B0ACE8
                                                                                                                                                                      SHA-256:1B9A4836FD73243ED7B472D71344CFE103760413334D0E5B947C87832332CC2A
                                                                                                                                                                      SHA-512:9FA2CEDEC9AD950624B9782F6E47B322966605A6E412034471C0C8AE52CFBA894078F53671BB6F9B72C2D9584EA879A028EE37341A694443F1A517658B4DA4E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.8.8pV.8pV.8pV...U.:pV...S..pV.j.R.+pV.j.U.2pV.j.S.kpV..._..pV...R.#pV...W.!pV.8pW..qV...S.9pV.....9pV...T.9pV.Rich8pV.........PE..d...^..e.........."......2...........i.........@.............................p............`.................................................H...x....P.......@..........@Q...`..T... ...T.......................(.......8............P...............................text....0.......2.................. ..`.rdata..v....P.......6..............@..@.data...80..........................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..T....`......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):224576
                                                                                                                                                                      Entropy (8bit):6.731913745591885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:XvFYwxiy+jCOCx2FssbcF8RLcul9+2+xwEJAg0FuRxqD2YqMR5+oZmYex+n1+P1/:XNYwBOPfbcF8qVtAOOTR5z5ex+sN
                                                                                                                                                                      MD5:6E63E263EB7CB0A31F4800D274BD3936
                                                                                                                                                                      SHA1:89F0AF0FB5DE7288DB94A6B4DEFB9BB474216989
                                                                                                                                                                      SHA-256:9D8EBA8007E48AE1FFCC28129AB894814F844AB5C5D1543A3C8CF863C0F88A47
                                                                                                                                                                      SHA-512:55C74E7F32E6CE21670BBA7003EBB00AC7A121A3A11B535F98D1AC3D35D1893449CA078FD093FFFCFD7547F99DB167ACAFB427F0057ABAA9115382BB0315998E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bm...>...>...>^..?...>^..?*..>..?...>..?...>..?...>^..?...>^..?...>...>...>G..?...>G..>...>G..?...>Rich...>........................PE..L...T..e.....................`......v.............@..........................p............@.................................T............2..............@Q...P......@...T...............................@............................................text............................... ..`.rdata..............................@..@.data...l&..........................@....rsrc....2.......4..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):116032
                                                                                                                                                                      Entropy (8bit):6.626583684028364
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:yPMWPuHKCqLXFBqrG033M+tZnkB+XmaLNrfei:MMWtCYfqVnkB+PLNh
                                                                                                                                                                      MD5:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                      SHA1:4E2302B2008CD8CCA7DAECBB13D42931971890E2
                                                                                                                                                                      SHA-256:79BAB0D36F4682194C20694F67F1B716438E7EAFBDBB83D9681259A41276D857
                                                                                                                                                                      SHA-512:55A671BF0BAA2407D14872AA3ECAA485D2FC267AA57374A1E0871B5060372F8989FFF8444B65BF256A45D9B92568F9B69F759F8B1E5DACE94EE91FB0A7774F03
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...4..e..........................................@.................................,k....@.................................\8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1446992
                                                                                                                                                                      Entropy (8bit):7.913845028849878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:w2hOU0p4qlWfBTfmRfanIT6lUScOWFohEp6Vvn6qtndPVmatCkbpmp:zhOJpP4JTm5T6lkFohDB6sndPVa6g
                                                                                                                                                                      MD5:E3E7498C2436A1570109FBE755AF1D40
                                                                                                                                                                      SHA1:D7FB79F465D2C87EF22088327B5BFB73899FDF7E
                                                                                                                                                                      SHA-256:498E27ED4E5BB584672992F459C0E51CD1E7345889DFF1521CCF577B13ED6313
                                                                                                                                                                      SHA-512:4DD6025D4EBD1D4EDEEC077EE39E8704D2ED04FFD5F7AD83934A2ADA8D0E3AEFB15841B36AD0454E0C2CD6BE12E13B2015DE322D27059CB2FEA8BB7F4A247096
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........................Z.....................................................................~.............Rich....................PE..L...!..e.............................i............@..................................\....@..........................................P..<g..............Pt..............T...........................8...@............................................text... ........................... ..`.rdata..B...........................@..@.data...T....0......................@....rsrc...<g...P...h..."..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1116480
                                                                                                                                                                      Entropy (8bit):6.768405587681001
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:JYCOm/qiJZz4j02iDtjNDhSRXaD5O5sHG4reqc8fvT2bz9cjclU:NO8Z0jniDtjNE6Y4rNvTkz9cjclU
                                                                                                                                                                      MD5:36C7B693D057C28F237E57964DC3D785
                                                                                                                                                                      SHA1:468394D765AC4EA8A92C4B673D4A10C6DAA1CDBE
                                                                                                                                                                      SHA-256:A718ECF01E9E995A189A6A0F9F6367ECAFECEB7BDA16705E8B7037AB844E51C5
                                                                                                                                                                      SHA-512:6F3220C27BF9D44BCBA0AB1457543D29E1DD8381541624B81045D868813D5EE647035B42761A9F53D25DBFB5D00F598254E1BAF51816052929E637ED793C8E45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r.Y.6.7.6.7.6.7...1.7.7...0.7.7...4.'.7...2...7....4.7.d.3.'.7.d.4.!.7.d.2.y.7...3.,.7...6...7.6.6.W.7...>...7...7.7.7....7.7.6.....7...5.7.7.Rich6.7.........PE..L......e...........!.....R..........}........p............................... ...........@.............................T...4...........................@Q.............T...............................@............p...............................text...qQ.......R.................. ..`.rdata..4....p.......V..............@..@.data....X...P...4...(..............@....rsrc................\..............@..@.reloc..............&..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.575420072105715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:AR+H4k4+J2HNyb8E9VF6IYinAM+oP90at2rIYiF9qmPd9AM+o/8E9VF0NyKz7P:jHZJOEpYinAMxBYiLPzAMxkEkn
                                                                                                                                                                      MD5:550A1B340AB88809669FD17EC434561A
                                                                                                                                                                      SHA1:0F6C12C069746DB4AC01DA97185E090FF509C546
                                                                                                                                                                      SHA-256:3C113F4FF22B63D42E4B3351EA2952DBB1842655DD52F0F84951961CA7C303E7
                                                                                                                                                                      SHA-512:5AD6E4B96196B15FFCFBD189AEF474DDDDBE5E6AC3FBC49BE7EA9C99A39D8F8C38FDBF7C6D0FE20B1FF0048A2E8E0BB94631FE718C507301837B9347B3A3257E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...7..e...........!.........z............... .......................................H....@.............................D....0..(....@.. q..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52544
                                                                                                                                                                      Entropy (8bit):5.5725435735274305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:J0ovtkCLu+JG8Nyb8E9VF6IYinAM+oP9VtdzACyIYiF99OAM+o/8E9VF0Nydh:PvtkCLdrEpYinAMxAEYi0AMxkE9
                                                                                                                                                                      MD5:BBC6198B60210C1578CBAA60B96FDC70
                                                                                                                                                                      SHA1:3A19EFD437D2C35CB15F2AB2D813466E8B1066B7
                                                                                                                                                                      SHA-256:9196D431048A4481911054ACAD58D849D9AC38715A2F164FB09CC52F5E41D105
                                                                                                                                                                      SHA-512:D89A7F66BF6273A0A232D543FDB98CF583B0DCDE2FFF058AA018A2368D0F0918CDCB317D0729749F490D5F6A5D9D36B04F73CB8E2CC3E3D69A123808B787B0A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!.........v............... ............................................@.............................D....0..(....@..xm...........|..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xm...@...n..................@..@.reloc..$............z..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.5655586584292065
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Jq/odckbeGZBOcl8Nyb8E9VF6IYinAM+oP9ax7AIFEIYiF93jjMAM+o/8E9VF0Nm:yoV7DlcEpYinAMxyL1YirjMAMxkE0u
                                                                                                                                                                      MD5:DA09EAA0D93375AFE0709C1809C14939
                                                                                                                                                                      SHA1:9FD4700E02BFBB7E4C890CDD59F0620FB0F9FE17
                                                                                                                                                                      SHA-256:0BD086FFED7296FF1FD8228AED8F80B8D9A8E2402AB974A9258A86887347E502
                                                                                                                                                                      SHA-512:392C0DEE8ED74DC12978E29F5777BF5D3E93BB0F839C156951F34EAA9A72AC9F4E132A99344D9EACCD5D98AB12CC7EA5F95DC1D503B6C6CB1F4086380AAC3A96
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... ............................................@.............................D....0..(....@..8y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.623684706857659
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:JcKhvUx7tYF7qKF0FrHF6zjbmBwgNyb8E9VF6IYinAM+oP9ndzZIYiF9wQAM+o/i:xhrlF0FrF3BwYEpYinAMxaYi1AMxkEI7
                                                                                                                                                                      MD5:28C55146F4311953E1CF7E468C8DC74B
                                                                                                                                                                      SHA1:76442CD814BE3FB21A0E2E8608E564C785548F13
                                                                                                                                                                      SHA-256:32216C7119BE97564830F8CBF4888632E7D1AC5F99AB65DA6C2E6A28D511800E
                                                                                                                                                                      SHA-512:5E13C7820218C29F26C64C12C318E40C11759B37300793F22E08F3D828361CCB1244123610B4AFE3E9E9E454263A862D136A96E4271B51378C50E8D2F8A83D47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... .......................................{....@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.39160458880719
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Sv2ArBupGEEpYinAMxVYiDWdSAMxkESKM:Sf397HxV7DWGxuKM
                                                                                                                                                                      MD5:44ADDEF5DF612EF84086876FFA323A76
                                                                                                                                                                      SHA1:CC7639439B15CAF8FC8F9240BEF8B757BB3054A2
                                                                                                                                                                      SHA-256:108525B759F60C5076BACA70474640E1E262BF77FF3F1A1E7822198416084D55
                                                                                                                                                                      SHA-512:7211E8549A4D6A3BD6C425DA1065F8AE0DAEE1C7325D63A8E8535FAD7464A2043CCB5F379310AB4A22C4498728F3317B79F260C097CCC652817FB521D317106F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!......................... ............................................@.............................D....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.442186434885563
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:OUBDBWpaJkhYwA+fwNyb8E9VF6IYinAM+oP9gpY83AIYiF97XAM+o/8E9VF0NyFx:huIEpYinAMxZsYiDAMxkEpb/
                                                                                                                                                                      MD5:68BF6960F7C5BF7AE817EFFC7632C017
                                                                                                                                                                      SHA1:F828B622D95F69222B68BBA9FA9F400672C84569
                                                                                                                                                                      SHA-256:5314C94178A6861A88792F34D924A56B5CC7214CC4351AFCBED536D5C3F13417
                                                                                                                                                                      SHA-512:71C84ED4417ED943EF752CDAC0D9E57FCAFAD80B3B16A2EE515734BF3A12F335FB9E4B0BE86DB1B607CF4E951D4306626C15C166C11579BBD0B866756D0DE53A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..0u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.409036773195985
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:O7aUfNnwtpTqPqNyb8E9VF6IYinAM+oP9G5rJXEuIYiF9YabOAM+o/8E9VF0NymB:X8nw/+qEpYinAMxgUjYinaAMxkEm
                                                                                                                                                                      MD5:6ECB0249DA48684622FE633F98F8F530
                                                                                                                                                                      SHA1:1B9990DCCCD813FAC7C5517A03E5C147816E486F
                                                                                                                                                                      SHA-256:0A52E3DC70183D8041683817CC0514004898E87D9C080FB93374E900660BBC0E
                                                                                                                                                                      SHA-512:E48932205ED3362B4C915C572FCAAD012205837F54520F66C33B12F9AB4179E03AEB559C18465E3C419242CF039DA5C0271FD2CBC0031F1E7C7594C71CCB75BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56640
                                                                                                                                                                      Entropy (8bit):5.377480288938011
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:XKjmxUM8QtPM0Me6INK/AGNyb8E9VF6IYinAM+oP96jjjIYiF99hJIAM+o/8E9VF:UmXjMePsAOEpYinAMxaMYivuAMxkEhJt
                                                                                                                                                                      MD5:BAEA28AE8DD3E3C70DEBCDF1AE5448B4
                                                                                                                                                                      SHA1:F8F40C17ACE4FBF272618063BC35F2502B00ADC6
                                                                                                                                                                      SHA-256:4C2DA183A792B13077B398085CFF930CBF493B8CBEC50609F2BC6747F0B8092A
                                                                                                                                                                      SHA-512:04DE4F7FA8C4A625724337539EFF093E2371ED417A6363833E7F65CBD14C9A0F64BB17EF1BA4BF51A16D6611E8240E4D2B248E4622BAB462DC331459DF64C851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.627688222986176
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:8Zr5lLO+R52/g4EpYinAMxSKYidzAMxkEd:2rl7207Hxt7dzxJ
                                                                                                                                                                      MD5:5FBDD326F7F291BE11E1D79A7B2C8A51
                                                                                                                                                                      SHA1:5701E5D3496F6D2F0C694D317F568A63990C311F
                                                                                                                                                                      SHA-256:1CB97FF90568D81F8CC9E6A2EAFB07EAA276834169365980279403D99756103B
                                                                                                                                                                      SHA-512:01BC099E7C875D6A0473F6FF577F14F3DA3123951596B5651BC757B6A2C10F293078452BB42A87084C3B862D4A0CD56129670234D2E9518E76379C534B534AAB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.419932966591344
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Xy1/Nagyh6QuZNyb8E9VF6IYinAM+oP9p91J3ZIYiF9fAKAM+o/8E9VF0NyUNk:uNagyhi9EpYinAMxVGYiQKAMxkEYk
                                                                                                                                                                      MD5:4396E672BC6FB86EDB0C6889D12CE082
                                                                                                                                                                      SHA1:C92279D00DBC2DC0EA13E3A8896EDA76A359723D
                                                                                                                                                                      SHA-256:F35E94567279C322EC1D4BB99EAA1327FCAA1F06F4BD9D1CEF8C897FD8BDA8C3
                                                                                                                                                                      SHA-512:45F40EACE1C0398EBCA42EFF48DE6208BC87147837459AEE6D882CD017A9069CAD2EBEFE8B1EF0D27F36981DDD963416F0B7B5A26AF98A84B6CB64666638D0D3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!.........z............... ............................................@.............................G....0..(....@...q..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.398655575356968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:8VgzagyWk9RUNyb8E9VF6IYinAM+oP9BCDvCIYiF9L3qc2AM+o/8E9VF0NyQr:NzagyW4UEpYinAMxmYiOBAMxkE2
                                                                                                                                                                      MD5:364F97EE7B79DEB51DCC8F5EC4A0EE7C
                                                                                                                                                                      SHA1:EC4CACCAA57714FA8B9869315B6B13C530587E2D
                                                                                                                                                                      SHA-256:DE1E4766E0A2C188604AB2927025E1F5B05CEBF7E7B20E8342B4206686A7EB96
                                                                                                                                                                      SHA-512:43894949B412A8ECA8032F68DAC6C9208D9297B8C0353B9BBACEFE13343BB94343569F4CBEE1AC2B90971C8E2CC81408C55FC57DFEB94A6297D28CBB43E4D1E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.391103646647603
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:8Uil+fs4INyb8E9VF6IYinAM+oP94Y6uFkJIYiF9EW4EVdAM+o/8E9VF0NybJ9:Il+fs4gEpYinAMxnZYiWELAMxkED9
                                                                                                                                                                      MD5:C2E2C6690755507979F570CA3E92E903
                                                                                                                                                                      SHA1:F82052FC3D2C97C18CCAE91CB64C91F02DC09AC5
                                                                                                                                                                      SHA-256:FD60F26D62F58D1AA41D11A8AD3086E2A0D92EF22AC766F606AEB2BCC3B217EB
                                                                                                                                                                      SHA-512:319A6418576BE4274269F533A5CEF62F9020B606494F3C7A5B299957931B919A86507F7888EAB5C6BB952BC65DAF76AE89439E72778BF97F77B30B520E904148
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................H....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...8........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56640
                                                                                                                                                                      Entropy (8bit):5.365606356097874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:86qBkNzf1FNyb8E9VF6IYinAM+oP9FVIrIlppcIYiF9kSx6AM+o/8E9VF0Nyueu:KBkNj1BEpYinAMxI2Yi1oAMxkEq
                                                                                                                                                                      MD5:91C76FBA7736D06307708EE572CB9ED4
                                                                                                                                                                      SHA1:64764FCB44F18104E7554D8091BD0C7EDAA9D1A9
                                                                                                                                                                      SHA-256:D62078627149F4B5B90EE68B56C640CE120519F2F0438FC136AF225510CBD343
                                                                                                                                                                      SHA-512:F789D42681BDCEE52CFD342F019A16396DAE0E3F8C929A1A004E1F9F960EC94BE72B40E8D22A0DFEDA1F743564568F457EA64A6C6E5074F323C4655964402097
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.407227689072818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:VYBW7bDFbDZETJ9TSQMNyb8E9VF6IYinAM+oP9I6UwqLYcIYiF9sx5q7AM+o/8Eg:Sm96nHMEpYinAMxTYiOYAMxkEg
                                                                                                                                                                      MD5:9599F4AEE019804B418245C5A86881C7
                                                                                                                                                                      SHA1:517D4DDD90361B89359BCCC174D9A6ECDA391426
                                                                                                                                                                      SHA-256:3023BFEDCD84AC065A38C4C6C983CCFAA0B3D5C02A610C6CA2EA00FD5545DABB
                                                                                                                                                                      SHA-512:613C6F11D11D84C1208B1CD7BDF030C3D2F5B90BC4D134C6E0584121B688AD14B01CE38C56501898962F5C859A8AF54248E86F510C20F3F7E0415163FFF95F14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........|............... ............................................@.............................D....0..(....@..xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.562768970202109
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:VCYQOZMK9Y5fNyb8E9VF6IYinAM+oP9eLcfiPdwFIYiF9EbrJAM+o/8E9VF0NyXe:c1VBjEpYinAMxMcqPVYicxAMxkEg
                                                                                                                                                                      MD5:A09A6C8DC7CEFC6CB126939947884678
                                                                                                                                                                      SHA1:16F90FF84A3CD8C98304459007C7D05A98D05CC0
                                                                                                                                                                      SHA-256:C5CFADFE624A0B92B45B121DC30D06D89150BDB03FD45B4FB7B4534BBC7EB40E
                                                                                                                                                                      SHA-512:AF6F3BE99AEA54D26E933C98695644596D814E4E8B880E5CE081093A474FB8DF973853DE5220E498ADC84FF752CFD1CA4165771F04048CA9ED7CB6C179050798
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........z............... ......................................q.....@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.408662294317196
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:V1HzPEzPhXY7RzYd99hKh1GAsNyb8E9VF6IYinAM+oP9BSzehCaIYiF9ca8lAM+c:PzPEVmKgsEpYinAMxqzTYin8lAMxkEsI
                                                                                                                                                                      MD5:1DFC8B3110BA27F76C5C6495533AF538
                                                                                                                                                                      SHA1:DD60677F7AED0FBC06877333136562EDAF0BAECA
                                                                                                                                                                      SHA-256:60A159777971A84302E150866CAE1339ADC04939BF12B7B2367243361499BBF9
                                                                                                                                                                      SHA-512:37674C26A179B839239337219EAF8F78AEAC10425DE5E7CC5A91B140B816410EEC5C4DE84E7BE825BA4CED3AA41F1B421B1902D26C5A9384C725C5682017ED72
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........~............... .......................................G....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.386310916321289
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:D7U9w+B3RVawWrEpYinAMxmR7zYiyOAMxkE8e7:D6w+B3RVawf7HxMf7y8xN
                                                                                                                                                                      MD5:20152624A1FF01D9F2BAC28D7B00CCA9
                                                                                                                                                                      SHA1:A320967BEE24E07725E3AC2DC2F66F264F1B9221
                                                                                                                                                                      SHA-256:80063F2CA78C9C757FB06B36F24F0347992DD75D300C4FB4A0DAA90D31B83A2D
                                                                                                                                                                      SHA-512:A9334CC7D97A212F816EEAC0EBE8D6A5CC4B83C72DC10C34682AE504EA9690C077A84246DBA1462E991C609431CC93B085ADC14DAE28D468B537305161D56EF7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!......................... ......................................-.....@.............................E....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...5........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.3857985161200785
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qqov98EoycpW4xUNyb8E9VF6IYinAM+oP9HaOp/IYiF91ihkAM+o/8E9VF0Ny3j+:OvaycNUEpYinAMxoMAYiAhkAMxkEt+
                                                                                                                                                                      MD5:7704C15C3F3F312CAF2849DC2EAB0E78
                                                                                                                                                                      SHA1:E3C673D407464CCB1E2DF5FC357D814C61213F7B
                                                                                                                                                                      SHA-256:FE634E2F6C7AD7BAD17BD0A956B612BB14A9064B98CF5B5E013E08AC19204744
                                                                                                                                                                      SHA-512:704A7541B55962E0DB1BF9388DA3F8A2AE1AE284AA60409D5FBC30F9BE275658D10C2DBFA80DED9F12632DA0F4F076925B5658B4F16EEEDD5320AFEADDEDCE85
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.61051850410968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:q6qm3UbeAV4DnYCRfwmkIPNyb8E9VF6IYinAM+oP9iCpiA4RpIQnBIYiF9jdiAM+:EUUbe7hbzEpYinAMx07nWYi0AMxkEoem
                                                                                                                                                                      MD5:41B7CEF8A631E5F9FF1B54F6B0CE13E7
                                                                                                                                                                      SHA1:8B695116808D99DE0B49EB54FF8AFA9A6E81368B
                                                                                                                                                                      SHA-256:3B5FFC2C6DCE2BE431CF686FCD2D2CD39FF003D42AFC27887CB128B34CBEE354
                                                                                                                                                                      SHA-512:15E72B1B3FDEB5A7AC2C4AB044224D25521A820AE62C725ECCAF6E3E2C1CDB24F9EAFB3AA12E1C1ADB042E762D49E0FE6A3B81280D1E5346BCDBDFFB8712B6FB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ......................................1.....@.............................D....0..(....@..hz..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hz...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.584260993420684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:j4x6AN6AQqjexbyqKXhHqC1EpYinAMxlcYiXl2AMxkEb:j4xXc7Hxlc7VExH
                                                                                                                                                                      MD5:5EAF10368F71EF58845D728B1C35DEDA
                                                                                                                                                                      SHA1:1D525E25F5B1B2546285B0BCD18BE0D2F81F17A5
                                                                                                                                                                      SHA-256:E9FBEA12B32D02160D14370501A622C032114C592EF7C5BF94EB620283FCB6D7
                                                                                                                                                                      SHA-512:94B31603651BC5A3BB51E44E07AF1BBDB4B6D9EAF5B0AE7584525155224F23F653AFEA2DDA885620C6362D8CEE6189C5B6C86C2D76E2CDB541415A604A4B1FE3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!.........~............... ......................................#P....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.402610840778619
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:TsfBpdOXz19szMH5KBL/yNyb8E9VF6IYinAM+oP9I2ZlxEIYiF9GTJAM+o/8E9Vz:GBK5oL/SEpYinAMxPYiSJAMxkEn
                                                                                                                                                                      MD5:615FEEC50393BF657E7B84A864D534A7
                                                                                                                                                                      SHA1:0D3807C4E28D0121C43B3A910BD4538DEEC70B5E
                                                                                                                                                                      SHA-256:6EB847167FF384D1D30B6D16939980DC89D95547A18CBA91136CE66CEF6C06B7
                                                                                                                                                                      SHA-512:76FEF42FD098DAEAC39B495C5AF7E71784204936D4D75483BB49678C3995C7FE0FC3B75F5D2E034FB974AFCFE45FA4158801C92F0A55441C5E8CD34647142AFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................T.....@.............................D....0..(....@..@v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.425116799449756
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Q17U791C2TzpwGFTbZY6d1lBVZ5qAy3FGd7HxQ74xXa:Q17U791C2TzpwGFTbZpd1lBVZMAy3FG2
                                                                                                                                                                      MD5:E200F70987E56CBDFF8C6A587A02705F
                                                                                                                                                                      SHA1:8C135AD82792C337445DAB4677B654C7390BF36F
                                                                                                                                                                      SHA-256:B285107D2D2F2D64F2F060CF57E29B08C5DD9498CE8CEF83ED7C30032CE4625F
                                                                                                                                                                      SHA-512:81163C216A1D4FB7B328D4982F4A251601242320EB413B88F423CB133526484667328716D368DAC110E6E2E4715814A8A1A85BF56A81C42DC8E48049DECDC767
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................_.....@.............................D....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.402370571282084
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:TxFmhL3THRNkAHqQ3lFRf2I9ByrUvNyb8E9VF6IYinAM+oP9Lfu7byIkdIYiF9X0:WXhR5TEpYinAMx8oKYitAMxkEc5
                                                                                                                                                                      MD5:16C771FF09E9BCFE7FD617C0F5D489AA
                                                                                                                                                                      SHA1:55AC69B62DD357DE4884A95F95786AF979F2CFE2
                                                                                                                                                                      SHA-256:6F747BB6BCF0491A3B7F2F04B802C41BD895A01D94F11E7E5B6721B17DEE26F7
                                                                                                                                                                      SHA-512:D85B041F62241EC6F4685372895200FECCC1F277F1E0D4A5015AD79CEA12FD19BB4B864EF871A4F6D7B4C0D887F4F92FAB74BFDFA7940B07866B063464749C4F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!.........|............... ......................................z2....@.............................D....0..(....@..Xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.42997837750232
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:gJqibAIErkUVQF5UefV3BEpYinAMxxYiPAMxkEA:gJqibAIErkUVurfVa7Hxx7Px0
                                                                                                                                                                      MD5:1844776B1E873892CB6D453EBCA334A2
                                                                                                                                                                      SHA1:6F36F4BF2CE6D286C0E1E59041EE506BBB96ED7D
                                                                                                                                                                      SHA-256:98E823748DC2E72B8B5A46827D501E12C9C48E209643F2DD6B4B8D333501DF8E
                                                                                                                                                                      SHA-512:8C48EB7CC40EF6798C9789A9B860BCF508D3740E948FE64E1197A422CFD240A6430FC36B5AFC23A5C1CA73FB155003B22A57AECEB207741BC9EBCAA947A411B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.3695383590059125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:4SIlDIN+shh3+Nyb8E9VF6IYinAM+oP9BNgIYiF9zMAM+o/8E9VF0NytlR:UVIN+q3GEpYinAMxPYiIAMxkEP
                                                                                                                                                                      MD5:E7A5254E3C732ED21F756B90EE6C73B3
                                                                                                                                                                      SHA1:EE2C5D342E51BE27750F5C855A9437B6BF3FEB86
                                                                                                                                                                      SHA-256:9342ACA1761B4F81F8771F19CB4A1ABD77F392194D32758FF42B98F8AA3D6CB5
                                                                                                                                                                      SHA-512:75F83A5905F8254E4FB352D00B8173D2A5614C17D166C06AB87C0B67C1C7BDF99377C7BBB89A85E6AFC5F0E5F8A045E45D64B2B157A413E871C015EB65D46F3A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!......................... .......................................a....@.............................D....0..(....@..@z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52032
                                                                                                                                                                      Entropy (8bit):5.602368818487498
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:4cKIv7hdVexaDywGfJssDNyb8E9VF6IYinAM+oP928tt+fIYiF954AM+o/8E9VFt:EgNM1fEpYinAMxZRYieAMxkED
                                                                                                                                                                      MD5:0DC19E59ACEDB7D103D0C21B02804661
                                                                                                                                                                      SHA1:477FEAD06B9DDFB85185DA85A640E6BB467FC32A
                                                                                                                                                                      SHA-256:17ED8A04CC1BCAB734F23140BFC8145BD0D038C284D50F439DAD1E66F7647C22
                                                                                                                                                                      SHA-512:20F3E9B58E9D5AE3F08096ABD5D5A43DB93238FDCDF2E96126A4B4AEB06BE2C8ADDDDC6601136EA265770AFCC7F4BE41E20F1D28CA361FE0135FC98BFA71F392
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........t............... ......................................nn....@.............................D....0..(....@..@k...........z..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc..$............x..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):51008
                                                                                                                                                                      Entropy (8bit):5.615534777551888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:hz7iEHj0FgWGNyb8E9VF6IYinAM+oP9EimJIYiF9mRDxAM+o/8E9VF0NyzCU7rR:RiED0FgWOEpYinAMxHYiWDxAMxkElt
                                                                                                                                                                      MD5:6C6093A914A889BC15133A57DB09C395
                                                                                                                                                                      SHA1:A8F9D54288D636E586271D78E7CF69E9E0121E16
                                                                                                                                                                      SHA-256:EC7AF1E9B03241F85A99F9C807FE279E322CA5528DD08B33F65D0CEFB8F04EED
                                                                                                                                                                      SHA-512:3548503A8395ABD3D19D3FFEF24832242F6F6C742678C0657FBF795DD14584B9F35BE5B02D7BC6657D486E63609E0687C1E277857DBEFCE6AE7D97E6E135605F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........p............... ............................................@.............................D....0..(....@..@f...........v..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@f...@...h..................@..@.reloc..$............t..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.638575498464374
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:hgLfUIRBSWNyb8E9VF6IYinAM+oP9BGv0Xs8fIYiF9ngp+AM+o/8E9VF0NyNwZ:cfU8k+EpYinAMxq8TgYiop+AMxkEo
                                                                                                                                                                      MD5:12B9BE5F0923BB2313C68BB46A069F4F
                                                                                                                                                                      SHA1:150A975918C1435027F295A06058C5BC110B4AB0
                                                                                                                                                                      SHA-256:DCBA408E4AFDC0831CB26D08EC05EA0616F14071E81ABAC8FE5676636C2EE151
                                                                                                                                                                      SHA-512:1CFC30E83851456DD3A5925925E34AC12F7148E20F487CDB82E0F01E06DD77B6411CF03B2094C11DF9566B1228A97024065A78F77100493902BBBEFDF6502D27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!......................... ......................................n.....@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):50496
                                                                                                                                                                      Entropy (8bit):5.652443774196828
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:hUELKTd4IY+N1vZsYoRHgA12plxB4xRkkTY1M5tkOANyb8E9VF6IYinAM+oP9cbA:HLKWmAf/jv4EpYinAMxhOHYiSAMxkEp
                                                                                                                                                                      MD5:10BAD5A24446C6E00AD2C18D09B000E0
                                                                                                                                                                      SHA1:FA030AA1F64894829C0CD8211488B38A18D12297
                                                                                                                                                                      SHA-256:91649E91509AA7200BB669AD2F5F6788EBAD7C5AA2CA6D7BB855E9FD96D010AE
                                                                                                                                                                      SHA-512:6AA1E426BF7AA470058810F0515A94C1F6D624B4FF3D99BBA09C850FD17DA4A2C2C50BDEF44AA28BBB3358486844520C46482FD7295B9EE50CCC8449940016F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........n............... ......................................P3....@.............................D....0..(....@...d...........t..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....d...@...f..................@..@.reloc..$............r..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.426785047163885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:X1ckHz05TmDq09ZEpYinAMx7b+YivPAMxkEkt:X1ckHz05+i7HxG7Hxwt
                                                                                                                                                                      MD5:74838014C6FDA1D53C8EDC8679F9D28D
                                                                                                                                                                      SHA1:491C640873E70CD0C703C57DB6F0FDC941CBE7F6
                                                                                                                                                                      SHA-256:6AAC9D75D6D02884C5CB5EF33A4BD1801D9BE70DD937C624F21E492F64CADF68
                                                                                                                                                                      SHA-512:ED792A4B625D889D8D17AD1DD23D0CC015F28B3DBCA5CD6C525E8C814996B1F806855AC4B9D59758306BE5F6F0C09979D1ACD64332E24F4C3358C5FD6857A22B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.43355377301059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:GQQpZyAxOeK6eDNyb8E9VF6IYinAM+oP9l4ZCIYiF941WAM+o/8E9VF0NylkC:IdufEpYinAMxWYiSWAMxkE0C
                                                                                                                                                                      MD5:8FA152CA88C3108EFE077F57482BB42A
                                                                                                                                                                      SHA1:B27058398730B18E39D9E16FBFBC5625AF403FF8
                                                                                                                                                                      SHA-256:01C42EB00F2E6566D3FFF4AFB0B2C2FAF34C14A1A61E29DB86B3CB76D4EFBFDC
                                                                                                                                                                      SHA-512:81620FD3D80A1C245BCBD643D1B579E3D413B3A0011AC65F39CE31929908FCD95C1D4C0D5BA89A1F907E02E351CE5EE2CE79B61E7176CA9706908BCE7A4BF59F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................n.....@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):57664
                                                                                                                                                                      Entropy (8bit):5.590444403006137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:G3zU3B7FZygp8/JLONyb8E9VF6IYinAM+oP9OFIj5iIYiF9ImPAM+o/8E9VF0Nyv:JRWJL2EpYinAMxpYifPAMxkEeC
                                                                                                                                                                      MD5:F693B959CF8C7341020D18ED345AD74B
                                                                                                                                                                      SHA1:FD57E1806796F23C639531E6DCC165FCEF4F37BA
                                                                                                                                                                      SHA-256:0B37B36D43D032BFB68F06173107AB58E8C17904C3D1247C32690E168FA922F2
                                                                                                                                                                      SHA-512:E474312498C874EF53A1FCC75A9D28A35341577BDBF672FB3D82D76A2BD9BFF6BE9477A61C64D1EB434FCB9FAC7B65912E033FDEF8877A681C614A035C01E347
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................c<....@.............................D....0..(....@..x...............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...x....@......................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.588716592426551
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:GfvCdo/7JK7bABkCNyb8E9VF6IYinAM+oP9644k0VwIYiF9QqoAM+o/8E9VF0NyZ:uYo/7JK7b5CEpYinAMxmvYivoAMxkEBV
                                                                                                                                                                      MD5:0DC5183697F790CF937860F9F8CCF8BE
                                                                                                                                                                      SHA1:531C04F6AA3B363A14740CC33D1E4D98BF857BC7
                                                                                                                                                                      SHA-256:8176DA09CFF7F0BAE0AA08430CC4CA093A68627FB631A377DF0EC82959E7F634
                                                                                                                                                                      SHA-512:E58A71558240BEE892FB783E061BF481CC2F56F01BFA5F7A2C50C0EC69B2360AB9564E80C3D34ADE0296DB1D9509861484A3D6AB3936880AF9D23CE13FF1A373
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ............................................@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.4114238474999805
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Pr10IePeyrQLtUv6oNpaMkYjZZ/fbMgTRlREDNyb8E9VF6IYinAM+oP9LeFFjUIX:qjTZf3TFGEpYinAMx+jlYiFAMxkEj
                                                                                                                                                                      MD5:742CD3150B436B909E5AD9AB6F22783C
                                                                                                                                                                      SHA1:474B8B3B75CFB25C90EB33E8E4BBCCB07068DC8D
                                                                                                                                                                      SHA-256:E537F7AB167D50E347B359AB848C46405C7FFD067408E896858C31AA99E6B228
                                                                                                                                                                      SHA-512:CDD492F93BBE49F17DC8DBAA19C1FE1FB1B3403054703D20402B07A42BB5D5F5D20F1D126103AF0DCE62EA36299835902E7FAFF96EA5D7EACD59974E6F88A2F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........|............... ......................................?_....@.............................D....0..(....@..Ps..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Ps...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55616
                                                                                                                                                                      Entropy (8bit):5.380500350214481
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:P/kLXd/T3kXNyb8E9VF6IYinAM+oP9e8Kk6U92ZHIYiF9524AM+o/8E9VF0NyZwS:ULtgbEpYinAMxPSUTYiFAMxkE0S
                                                                                                                                                                      MD5:A54633E30C2FFD23C3578C885E0E9F5F
                                                                                                                                                                      SHA1:662988663B27C21A0CC310D304346466EADD76A8
                                                                                                                                                                      SHA-256:3FB8523B91B2BFEE51CA2EA972ADA260F27BA389EA9E1DD7CB8411F21F126CA2
                                                                                                                                                                      SHA-512:AF9213815F634BC3A1DAFDF0D2BE537E4634D690C118090A81DB1138130504B4EFD27D9D0599F7295B06A5BCCE44B71E200574E583C820E820CA84D72D6E492B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!......................... ......................................D.....@.............................D....0..(....@..hx..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hx...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.41113033461094
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:PZ75JZSiyCSiykeRAYiTvaK3Q3Nyb8E9VF6IYinAM+oP9P+6kIYiF9+60/AM+o/d:xeCYGiK3Q7EpYinAMxtYiWlAMxkEh
                                                                                                                                                                      MD5:A78998736B54EC264AD3FA9529693C8F
                                                                                                                                                                      SHA1:4B468CCCB8AC25C9E9C05161DD5C44E08504B41A
                                                                                                                                                                      SHA-256:EB3F06A4EA447CE64971673C50CCF83E2842303F1A27655F3A170495C94B71C6
                                                                                                                                                                      SHA-512:F747EC1B69B931D90EF4CF31A5F8E7BA95B6AEC7B36299A0E988B1D4790F42BE8AF698FE66032324C9634E5A44FD251D7BCBFEF9C5529E7D2368FFA38CEB5962
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........~............... ............................................@.............................D....0..(....@..(u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.433825393956769
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Uym9mn7KZHCCA7U8Gp6hNyb8E9VF6IYinAM+oP9LK5SIYiF9YjAM+o/8E9VF0Nyi:SUy3AIylEpYinAMx0YiCAMxkEU
                                                                                                                                                                      MD5:E73CF3871B41E0C59440C8D709CCFD75
                                                                                                                                                                      SHA1:8428813368197AEE8E3C2BF2104297476BC4608F
                                                                                                                                                                      SHA-256:AD124B0646894F3BFCB61D366D7BA5EDF4978766807B5422AD1778509231679F
                                                                                                                                                                      SHA-512:A31E82503BB3D8E1DB9EF4C1030ECD481396183CC64905FAF91E52F9C3E68469FDF3A850357AD70466D2810855D2B58E19B9302499D2547F85A610B1F8159FF5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.4115414787256
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:UYnLplZcOZX8mNyb8E9VF6IYinAM+oP9m675zIYiF9cHymAM+o/8E9VF0NycBM8s:3bguEpYinAMxJiYiEAMxkEI7s
                                                                                                                                                                      MD5:0227D71A996FAB2B394DFB17A43F1F8D
                                                                                                                                                                      SHA1:DA6002C093911114035CBD5D7D29FA51E3DF2C45
                                                                                                                                                                      SHA-256:290A463B8B11E5F5C5D3BCC2B5B8D910721BA645E2B4B3AF951223F76610BEDF
                                                                                                                                                                      SHA-512:FB95F13C4AC6A7B8AD13F271EE3D93ABBD5E0713F0C0DE402D7B73EC82B483A26C6B071ED5521914E34E74AEF168F9FA0762801FB37EAD9D05CD3D675AE2CCFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!.........~............... ......................................W.....@.............................G....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.392362813870133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:UaAtOstnEx6ewB/Nyb8E9VF6IYinAM+oP9/KlAIYiF9J3ReAM+o/8E9VF0Ny1SX7:w/Ex/UDEpYinAMxGYiNgAMxkEC7
                                                                                                                                                                      MD5:962BFFC6EC3DA987471851A4240AEB61
                                                                                                                                                                      SHA1:BA1B8AFF4FACD861553039A256A7623ABF30CD66
                                                                                                                                                                      SHA-256:3BD318A0867F1C971DAAE6A96C6EF2A09FBFB15EC5B3706DA34453410EA1F4FA
                                                                                                                                                                      SHA-512:D975EE07C82CD658E4A3B6CF67BBD8FD41D989D718E5EAD479E0250BC3C66A933FD0E8B1DA468E0C906986AEE58E3C0F148E4F8A23B19121844F5847E1AE14D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ......................................K^....@.............................G....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.412695960496245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:5nCRNNDM7qm0GdVqT541naEpEEpYinAMxmYiTAMxkE0:5VdVqlca67Hxm7Txo
                                                                                                                                                                      MD5:54B9FDA6AB88DC9EF0F0C8B19EA06CD0
                                                                                                                                                                      SHA1:C34D52741A8986FCF0991A4CECFE1B2A7C6E85AB
                                                                                                                                                                      SHA-256:1F00F564F1136096FBE58EFDB22E54923E090BA3392CDC51C837A7294A3FD5BE
                                                                                                                                                                      SHA-512:BEFDF3BAED01EA905751CCE248E854CDC43D5A9D77B2EBD27E68C297464A5A0AC1ADF739E8371F0C731A5A7ABB83E6FA227D11120F70D668113F69612D44B6E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.578353591774595
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:tlWSFA47AvHlho4d2hNyb8E9VF6IYinAM+oP9Hn737IYiF9iFAM+o/8E9VF0NyfL:qvvHUlEpYinAMxF0YisAMxkE+No
                                                                                                                                                                      MD5:DD650BDAB776FD3239AAD311BC8CBBD3
                                                                                                                                                                      SHA1:583A340581B2A78DF490951FFE6A7BEEBB51BA11
                                                                                                                                                                      SHA-256:475B114201EC72F4EF26FC66B61AF438CE77F69E5E96D3CFC8FB00BA148AAC51
                                                                                                                                                                      SHA-512:862313704DFFAD1AF1FA72D8F9F1FE4757A9A1082BE41C78E5C307C56F36D986D1F5580922800050E08BB37ED2EB18A6FF629131199E41350A22EA230DD6DC9F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.437717171626643
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:t4lmP8uhJPiR6gLTmNyb8E9VF6IYinAM+oP9AWB5BGJgVIYiF90xFNAM+o/8E9V2:uMF8RjuEpYinAMxlgqiYicFNAMxkEAR
                                                                                                                                                                      MD5:DC24DAA70A6551CD038929F3EC055306
                                                                                                                                                                      SHA1:99843D43C0CC3D4C76A5C817CA4DB49820820C65
                                                                                                                                                                      SHA-256:847440B8D60A11DCE3E254916E5CD926D58C9F06F0D95436B62FF9B9AAAEF4B0
                                                                                                                                                                      SHA-512:451C21F435A451CC4C47623D028B1CF3939CB59B9F9A6D6D71B2F94F9B4CFD487A8756ACFF27768B454F23F2D501E9AFC67E586F9C005142CBC712E5CEDC2D9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........~............... ............................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55104
                                                                                                                                                                      Entropy (8bit):5.399846673022657
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:tkcnTcshVyigOHHTpWBdH1i2IXousrNyb8E9VF6IYinAM+oP9z5XKiS9IYiF9JJd:v+hOHHy1YZsnEpYinAMxfXvYinAMxkEP
                                                                                                                                                                      MD5:FA0AFF0B7EFD37A6195AA454012095E8
                                                                                                                                                                      SHA1:EF4A3CA1608A8FD5DE56B2B94DBD46304480B375
                                                                                                                                                                      SHA-256:7580B1B666C4A6DE0EB5AD03DAFB2F9FB49AD148754A68611E9988ACBBA5023D
                                                                                                                                                                      SHA-512:FB5A73B6134F991FC2E5D9A82B747C821074BEF86A7651638FC0127BEEF78B817811BB00417168BB937F968D55D8356AC0D19C2B569A6B9B31A10531683466CF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... .......................................v....@.............................D....0..(....@..0v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.573738261423414
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CT63FOxCx7UjYN3tGGNyb8E9VF6IYinAM+oP93kDWvSpIYiF94yIj/AM+o/8E9V1:D3TUj+dGOEpYinAMxoCYi8/AMxkEq34
                                                                                                                                                                      MD5:D5D54965E6FB81875F2FCEA8F21515BA
                                                                                                                                                                      SHA1:87F22E6FA6D34CAA26CAF427D5F339880496EFE1
                                                                                                                                                                      SHA-256:759CC7CC96EA181926AF2F6B274CDB9BF63E329FC32A7A1C10B4CFDEE786F2A6
                                                                                                                                                                      SHA-512:308068EB57F007A4674BF5D90C9410BACC715E4AE537ADEC4CAF7F6837544D5526C676BEB2B1488090E7D9F4E966F030709C2934DE3A64E0A9059CE49D1F6A14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... .......................................x....@.............................D....0..(....@..Xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.415346681858155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CeC7xC7Ec3EINyb8E9VF6IYinAM+oP9Up1XIYiF9+kAAM+o/8E9VF0Nyu7:E7xCYc3EgEpYinAMxqOYioAMxkEG
                                                                                                                                                                      MD5:9C09AE8A870215FF9CF80F09D44F5610
                                                                                                                                                                      SHA1:2EE0328D7617A3D5A46C432DB2AE8BA2D335CB10
                                                                                                                                                                      SHA-256:49FDD7A5FA81697613F0495EA9E6025FFF84565184A1F3279CA42B166920F1E8
                                                                                                                                                                      SHA-512:7351B3955F0F881329DCD209841C84A05E0A2C2472FBF1B9F70505D4CE4A6A5FD612D45F3E11E917AB4D086E3B0C1CC7429238EC6DB6DBC879ECD9F3B8340B1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... ...........................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.425300372554538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CL9FgicgiY7upr4M5aNyb8E9VF6IYinAM+oP91k+DrpIYiF96sAM+o/8E9VF0NyU:QFQ07Gr4M56EpYinAMxwYiJAMxkEUh
                                                                                                                                                                      MD5:1048D12C5DAA3492E2CC9060BC6AD9C4
                                                                                                                                                                      SHA1:50051ED23E19D842EB6C9162F537E7C20185ADE3
                                                                                                                                                                      SHA-256:9123A236243EC5508DB14A4E4E5B2BF3DCA077A6F6A85D24730D0A60A7B10518
                                                                                                                                                                      SHA-512:F9F6FF586A13CB32281234478A9F7CE2C6222EB94029EBC448815A5083E0303FC7CCA26F03E38575D449E81869817425F9AB2FF321D6A7EA5EE2EB0F99FB6C7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!......................... ......................................<V....@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56640
                                                                                                                                                                      Entropy (8bit):5.625808123733913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:KmHY51ZLm+4HwpEpYinAMxRBYinyxAMxkEqw:K27Hxb7+xmw
                                                                                                                                                                      MD5:795ACCE152FDF555FC5F0CBDC21BAC4A
                                                                                                                                                                      SHA1:B3A5F664D53813E69E33B4AEC327D8121E6066D9
                                                                                                                                                                      SHA-256:F22F4C4B011B9989D73F0EF16D85F9AA5471CC03394C99FC6D74C401ECA88700
                                                                                                                                                                      SHA-512:92638A7BD5962C44F3B21864FFBA114EF82B66334735D247B53ECC3A980C1208F597260547A2B9DA938C6D9D9BEF37AE94D5F6AF0683E0D551E6285D7FAE5769
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...}..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....}...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):56128
                                                                                                                                                                      Entropy (8bit):5.591538654163846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aVo3N5ya+LDQEpYinAMx7i+HCYi0GzCAMxkEX:aVo3Ip7HxI70LxD
                                                                                                                                                                      MD5:CB8793AEC04A19877FA3702EDA7C9416
                                                                                                                                                                      SHA1:7771A48AFE1B50C03BAE7D98090929753177C9DE
                                                                                                                                                                      SHA-256:FA58B434E5253B28091CE425EC9296E499241CFC24992E1592154FD1EC449819
                                                                                                                                                                      SHA-512:577EE217E15379E1523FA72FD995E450FE7DAD262E299B594CDC6A8455DCD5002454B84695BCB3B3370DFB03C0B540B931FFF2C43AC50311FB5E95CD9A76219F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53568
                                                                                                                                                                      Entropy (8bit):5.6119616279583715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:TjlrGszNMfetNgEpYinAMxwKYi6AMxkEyI:TjlrGs+fetn7Hx774xWI
                                                                                                                                                                      MD5:36FF03BB1A029CF62E2FBC0112AB1E1C
                                                                                                                                                                      SHA1:C6BF4C0E47941019999722F1E57346498AF0A79A
                                                                                                                                                                      SHA-256:0F6B55613060D527AE41D5BCF5F34F50BD668BA57F9D4D2521EE7DAB2D053C02
                                                                                                                                                                      SHA-512:08AF745E330ABD384BF06468A2C1A7F6221B0A6C1A9452031FCB4076959C51EB912269EFF77E71F55BFB41C2BE1967A9373B224522ADF856E07B48593E68A92E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!.........z............... ............................................@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.448739449189127
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Jip9ABk6qXQEdmvgh3FGk+G9Ahrx++BzQSX/EpYinAMxlDCYiZ+mAMxkEPo:JiZhdmvMFGkSxLQK47Hxg7Zxx0
                                                                                                                                                                      MD5:96C569C1FF875B897A2EBDDD3BCEE40B
                                                                                                                                                                      SHA1:44F8019C435ECBC1B00E8F1223ECE6C42F1E9976
                                                                                                                                                                      SHA-256:9682AF6D55EB930C650D69D7ECD4A6101681425F4821333C4513916AE57CC14D
                                                                                                                                                                      SHA-512:4E6521B28184AB8D09D45FD30E96F3703ADE7F495211380DB0BA79F0372CD834861165B9D66D8CDD0A036850C9866203A6EE60642B80DB4F89D7037BA56C8BC2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................$.....@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54592
                                                                                                                                                                      Entropy (8bit):5.574026643245629
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:QxZMuKgHWyC2EeovVHE/GfuQNyb8E9VF6IYinAM+oP9+Z9BIYiF90+1AM+o/8E92:UMu2uoEpYinAMxkWYixAMxkEw
                                                                                                                                                                      MD5:BB5F78643FDFBB3600ABB2D4529D857B
                                                                                                                                                                      SHA1:95F987F0237584B8428470EF8A34774CB18E83DE
                                                                                                                                                                      SHA-256:2D701243EFCC415F101A68D9A80BD1F93718DF906C5A9DF94B7C7210A72EEFA4
                                                                                                                                                                      SHA-512:98A80DC74B3A7FAA06401299E2260D6E5801F30C0066F6F4F3BE0B66D432E36FB72044038B839019B0EC37FB8B7317046DD69E74F2E97A7C3CA1DB277891345F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................@.....@.............................D....0..(....@.. t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.583323336112305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:avoo+OmAcoWACeesYQEpYinAMxYn/YiGAMxkEj:am7HxG70x3
                                                                                                                                                                      MD5:0E98103A45EBECEDAE05F0EB6BB4AE6B
                                                                                                                                                                      SHA1:4FD5E0061553B702FC058A1052B6A0CE58F470D7
                                                                                                                                                                      SHA-256:B5931F32C31EFFB7FC90F95CD27481DB36B6BDB31FBB982CA787794D7E51F892
                                                                                                                                                                      SHA-512:DC37D909B89017BB2395D8C809D65427AE8C485075FD4D725D3A9BB636A43E0540DA712026CED6BD59BD634743C3A10471D2D7FBBAAF962BAFFFB52DE7F845D6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........|............... .......................................'....@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54080
                                                                                                                                                                      Entropy (8bit):5.499322127248548
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZF7ysKFjncHNyb8E9VF6IYinAM+oP983nX18hIYiF9nX/qAM+o/8E9VF0NynU:LysKVcrEpYinAMxmnzYiKAMxkEG
                                                                                                                                                                      MD5:7A22F812F92B7F00EF38A14A70BE3F82
                                                                                                                                                                      SHA1:F1D265A2C835DCDD6225889E895EEDB7094943A2
                                                                                                                                                                      SHA-256:B3886AF3ABCF6880516189F822DB806524564AAB38F7F9C8AF9052F632BFEA0B
                                                                                                                                                                      SHA-512:4B82DDE7A1FBC563D7000A034AD943B7AC562CDC8757A70E1899FB418BB7EB3632A6E2BB8227F296DA503EAF16FA3398529CA7781AF606DFC31060E71CF999C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........|............... ......................................x.....@.............................D....0..(....@..Xs..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xs...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):48448
                                                                                                                                                                      Entropy (8bit):5.620247349904402
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZAURXZshAWB8Nyb8E9VF6IYinAM+oP9QNA9BPxo0IYiF9YU2AM+o/8E9VF0NyZg:HEAWBcEpYinAMxQYi6AMxkEk
                                                                                                                                                                      MD5:66B5ABEC8E4B2CABF62B68BD265A48B9
                                                                                                                                                                      SHA1:5CA58A3B929FC41E617F4CD205317B86E5346642
                                                                                                                                                                      SHA-256:BBEADD3AF22684259C95C463660AF9C35BA150A00A823B419DF4C633BD1B53CD
                                                                                                                                                                      SHA-512:F6958C4D687040E17B9A85DC59F26FF2E4B9321D05165946C744F97AB6D29ACFDC8DC531C3B68A25BEFF13BB566D73DC6FD95DA0A292B24F013C0270A27B0137
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):48448
                                                                                                                                                                      Entropy (8bit):5.631167984677434
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZuHOldGBiuNyb8E9VF6IYinAM+oP9Hs4S4U7IYiF9cO/TqlAM+o/8E9VF0Nyq2:fg5EpYinAMxeEYiV/TqlAMxkE3
                                                                                                                                                                      MD5:7B02084502F62AB08E9F4DDEE91A3068
                                                                                                                                                                      SHA1:4588AC3DE96A3DE4E11E0DF0079C58D45208BD8C
                                                                                                                                                                      SHA-256:8F04BB3D46A4BC4EB58A250296F6B8C97CA37FAC73319D7C7BD8D89CE9AC098B
                                                                                                                                                                      SHA-512:131FC0928334771CFFEA4CB4AEDF7E993CFEA819E492033601F5025C31C900413E9E534B5982040147B2D4F3EDBB764D588E78EA217DB0CA8C34FA3550EEDD55
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):282432
                                                                                                                                                                      Entropy (8bit):6.580618907494474
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:eRGm4nC4FXoZGxrxAO0e8x5q9Sj/aazvo:eGm4nXFXoZ4qeK5hZo
                                                                                                                                                                      MD5:B5BDDAF2C405EE17FAF06640D0F27397
                                                                                                                                                                      SHA1:4FEAD2DC9C066B21C99ACF1646D63A457E5587D0
                                                                                                                                                                      SHA-256:94B5ADE4D93F125632A7C8DBF79F99DEA877C28C2F40A9CA47C3C660A822CE4F
                                                                                                                                                                      SHA-512:D620835B8A46E2F0363B2FD1D0A38D58E4BAAA32F1B2DA0F8B9AB8286E031A8B4CA9077C53F88881ED827488C104D1EE099074A2FB7E4A786E8D12901EB4D2BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...=..e...........!.........................@...............................P......P.....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):359232
                                                                                                                                                                      Entropy (8bit):6.269305509202009
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:YgW2y+X80/lGibh/Y7+Vkm5RVsMwbQYohXbBW+15qqpj/aak:/LX8klGibhA7+VlRGbQYobt5/q
                                                                                                                                                                      MD5:7931008AC869E46D780872FDE1ED4328
                                                                                                                                                                      SHA1:37B92B318D5252DDC9CAD22BCC37378124BB92CA
                                                                                                                                                                      SHA-256:971C492072C6E6E6DDB0B8584059E9AF58F3B089DECB151FD860599E818AD1FD
                                                                                                                                                                      SHA-512:E1A69A6DBF917D336F93783CB60D4D8FE5D7A2A15B2C993AA27A63DD87CFCE235BB4C9D7EC46359BA65C9D610D6CB369EA3BE5058192410C93C36B73B585A579
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...B..e.........." .................D....................................................`..........................................\......4]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..>...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):327488
                                                                                                                                                                      Entropy (8bit):6.0919814113297415
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:MeyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeRobT28r5RIf7Kj/aaLA:fyDB/IMlG2k5au6
                                                                                                                                                                      MD5:8A08A9BBC3817967911FAEBB23D3892B
                                                                                                                                                                      SHA1:41D7426E52AF9E489767A87BCB3B1D0D10992BE3
                                                                                                                                                                      SHA-256:DF412FE80FB7C2DDA4FC6067641D8A86C53A98C8E8AF2712D657AE8610AE7646
                                                                                                                                                                      SHA-512:F5C77E3DA56FD9C9171EA04B2F28D20EB1B62EA82AD0CCE371896AF592E7B6023FC478343A4481F1D73678425257AFCE8A8A591F724E90CCB57EB72CEAF0B8DE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...c..e.........." .........(.......q....................................... ............`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):282432
                                                                                                                                                                      Entropy (8bit):6.580127272835487
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:2RGmVviIKXox+xDvAOlXMx5qNSj/aazvVP:mGmVv3KXoxefX65hZl
                                                                                                                                                                      MD5:51529BD404AD6A93BACC2FAA88376CA9
                                                                                                                                                                      SHA1:1891AFC0ADAD2250EB4F36988651039BC975BC52
                                                                                                                                                                      SHA-256:ABAD43AD3E27D1E6C8611AE285AD1A7C96127DF36B98DC2FE5674B511B62421B
                                                                                                                                                                      SHA-512:D8F63D61B6BD040FE03A14AE5DBACE73B929E9781EC64A359BF2A832F564DF6D096F0231AB0F408B60C9A6FEA1BD00B15DC0B58152F718C36F3FFA48CF661652
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...F..e...........!.........................@...............................P.......^....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):359232
                                                                                                                                                                      Entropy (8bit):6.269345224951521
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:xgW2yufk0/lGibh/Y7+Vkm5RVsMwbQMohQbwfE15qArj/aa/:ObfkklGibhA7+VlRGbQMoJ25z/N
                                                                                                                                                                      MD5:0259892D2CB710C05CFFCA79F9686FA0
                                                                                                                                                                      SHA1:185CB66A76CD7B26AD2EAFFF6B1222A7B6C0F309
                                                                                                                                                                      SHA-256:843DFFA160083155BCC046EBD3C99FA035044156C203A7AE191C629CD83A0EF7
                                                                                                                                                                      SHA-512:F9A0A25C5D95584055E097593F42FCA04BB4A80BA48A5AC0D592C88273D90896AEB4C975DE72CCB93886209AFFF3F18D771CA7D948AF5BB03B277250D5ED1A97
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...K..e.........." .................D....................................................`.........................................p\...... ]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..&...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):327488
                                                                                                                                                                      Entropy (8bit):6.091915599984797
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:0eyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeHo+TAYr5RIf7Kj/aamO:3yDB/IMlpAw5au/
                                                                                                                                                                      MD5:8C35995DEDA169AF62A83A5F302C9EB1
                                                                                                                                                                      SHA1:A45BE3269442DFC9A4D89EFF0003E2292349C2CE
                                                                                                                                                                      SHA-256:0C5845A003CE6480B24712459725581839E36B00514DA26D4214853107E090D0
                                                                                                                                                                      SHA-512:2D660FB5CEE6C99E3A6AC54872D0F404E9F7A21B141FBCC067BE40EECDEAE29AC2D1E5141211CFB704EE70BDE40C4D5336E3538F0883143245B90BBBB82F63D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...g..e.........." .........(.......q....................................... ......6.....`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175424
                                                                                                                                                                      Entropy (8bit):6.036513000632513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:cQPidj5By4/EeaZL8Z0BFri9WSfWJVVqH9B+bCe5kNtupnu0D6EDpf34fdjdEcRh:heaCSgfuqdB+i48
                                                                                                                                                                      MD5:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      SHA1:184A42476F12A89731F608C7198E47BFC35A8364
                                                                                                                                                                      SHA-256:633B554A26AD05C06DFE33A50F6D69E9160207F3168E15FFD3CB5652B1E8E9D4
                                                                                                                                                                      SHA-512:DDB593D8A6BC515DCA7A4EADB2F50C28C8E61E9A829186BE9B9E8B19371E969FE055104DEFFD8CD5CD9B48F2468EC8B3D7BF6AEE45079E445D3FE42696E2D5A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\............................text...4;.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc...0............T..............@..@.reloc.. ............J..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):124775448
                                                                                                                                                                      Entropy (8bit):7.999996586829686
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                      MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                      SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                      SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                      SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):124775448
                                                                                                                                                                      Entropy (8bit):7.999996586829686
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                      MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                      SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                      SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                      SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                      Entropy (8bit):0.782314859053859
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0e:9JZj5MiKNnNhoxuqU
                                                                                                                                                                      MD5:11BE8AB228B8466DF18860230EB15221
                                                                                                                                                                      SHA1:C4FE0B20ADAB1BF77CC3ADA7B017071E9BCB69AA
                                                                                                                                                                      SHA-256:850F42C7B439530FE1C0A892D7362C719BA34690C57F0B380C95F01A7A18400B
                                                                                                                                                                      SHA-512:5CD9C988794E98332116560739D543665650403EA365BF49019C23464B109C504E0CBDEC8EA3E482A503E0B319C4E475C96816C9E39017A16A847D2789FBE2AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:Extensible storage user DataBase, version 0x620, checksum 0x4b6677e9, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                      Entropy (8bit):0.7556135386997324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:1SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:1azaSvGJzYj2UlmOlOL
                                                                                                                                                                      MD5:2951AB39C94F5C3D27F59791C6372EA2
                                                                                                                                                                      SHA1:25363D24C711C262E0BA67B01F7B04E334847FDC
                                                                                                                                                                      SHA-256:065E06F263E2A0B0FFA95D5A380E3920FD5DC8666433290A7ED8A866B80ACC57
                                                                                                                                                                      SHA-512:D5D9E16E5EFE4471A708BA11180CB07091003962AD608F66CD501DEB193FF50613294A1951A3F9C61DFF1A6C420C7E48B88B1997858637151D5C9698B2C925C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Kfw.... .......7.......X\...;...{......................0.e......!...{?......|..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{...................................>.v.....|....................,9.....|...........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.07953468103455713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:EKYeKT3mZctrvfNaAPaU1lgRsDtXlalluxmO+l/SNxOf:EKz2xDNDPaUYKxXAgmOH
                                                                                                                                                                      MD5:67162BD3C413EF608B6376A5EBC00237
                                                                                                                                                                      SHA1:EFFD6745675A64AAC4A6DFBDBF6891182921E300
                                                                                                                                                                      SHA-256:77C790B7234204B1DB6B4CA3442A51AB9D3A2237137DB422FF18CD4931C1EDBD
                                                                                                                                                                      SHA-512:4D369A5F3883865C3A5EF59BBB1A22BE33369C3DCC3C206D2D86CCD6DCE285A6DCC93C0B78AD97041A3FDE5C933B2D293A80604923DAC2475EC6699314DF9D09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.lS......................................;...{.......|...!...{?..........!...{?..!...{?..g...!...{?...................,9.....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):126
                                                                                                                                                                      Entropy (8bit):4.990509737601928
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:D9yRtFwsSxzqC+eAsZQK4YHFk6uzROqTVoKb:JUF+FqCqwPuZb
                                                                                                                                                                      MD5:0FFDC0BB5802784381F2C96E346C9D45
                                                                                                                                                                      SHA1:89FBB998461985461CE5EBE5A6AC9672AD479C07
                                                                                                                                                                      SHA-256:E92134CEC76EA2CE2F3BF188410D688D2FF4C3D32DB1D04E7FC13291CC916109
                                                                                                                                                                      SHA-512:575A7314F7BD4495421A7572F181072F4B722A327CF634CEC1F688993E9257C989B3F9B915F43D657E623EBCA98CBFFCE22833AD760EAD5713EE93C3128503F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<root><item name="pageVersions" value="{&quot;hp&quot;:&quot;20240314.96&quot;}" ltime="2300257648" htime="31095062" /></root>
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4286
                                                                                                                                                                      Entropy (8bit):3.8046022951415335
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                      MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                      SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                      SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                      SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49490
                                                                                                                                                                      Entropy (8bit):6.093804352560059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:FF5kruq4eVbAXbUX+Q9i1zNtMVwzmO7qPvtlx57qqwZleCiofJDSgzMMd6qD47ux:FFmi3bXYPwz8jOqwfeFoftSmd6qE7A
                                                                                                                                                                      MD5:A27BCFD1A02FA6F3E74875C0649C1A54
                                                                                                                                                                      SHA1:E19045E1D25FF486065F6F69401F5684704E0683
                                                                                                                                                                      SHA-256:8C34FF0709E02236294FE44D6D0F9F485B7EB09262E4850A36CACCDDA8B2B536
                                                                                                                                                                      SHA-512:67142EFA1ECED1D564EAC477834865E92367955EFF3019BB6E6C452A3A5D569175BFB6A33FB85E17B18CCF7122C1E607EEEA436C3ADC76E8FF275282841D8D47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"35BD75700AA35E7BDAC23920A11F7E7D6D8329A6D9C0D1FBCE51719BA0340E28\"","apps_count_check_time":"13355227655872975","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ6fDpur5VpChN9RP8CPW6UkU/
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49490
                                                                                                                                                                      Entropy (8bit):6.0938053068057005
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:FF5kruq4eVbAXbUQ+Q9i1zNtMVwzmO7qPvtlx57qqwZleCiofJDSgzMMd6qD47ux:FFmi3bXYgwz8jOqwfeFoftSmd6qE7A
                                                                                                                                                                      MD5:103562F1C0880DD7D1D2AE780F0B9C2A
                                                                                                                                                                      SHA1:204C9B8072096C4769BFED936D966A08AC778108
                                                                                                                                                                      SHA-256:98D1E089921510FD726F5326CAA5E0FA24161ED317A6FB21DB0BDA879EA40A11
                                                                                                                                                                      SHA-512:444EB7FD314E6CA07DAC2557E0BBCA5D4324FB8B99F3392DB7EE33C200036851E34E1B781E4D77ED4D1C8F5D856047B1162296628236F8D3037F465D53069511
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"35BD75700AA35E7BDAC23920A11F7E7D6D8329A6D9C0D1FBCE51719BA0340E28\"","apps_count_check_time":"13355227655872975","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ6fDpur5VpChN9RP8CPW6UkU/
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44962
                                                                                                                                                                      Entropy (8bit):6.095202842685198
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xWr9i1zNtTiiH9p1NC+L7qPvt9KJDSgzMMd6qD47u3S:+/Ps+wsI7yOBiidjyKtSmd6qE7lFoC
                                                                                                                                                                      MD5:97D80FF2EAC14C0C860DF7AAC3AED325
                                                                                                                                                                      SHA1:951F75B5AA4666DB8552733197C001C2306840DE
                                                                                                                                                                      SHA-256:377DB8C0A9618E7BC3267DA35A1C59C49B0DF654CFCF95DB68B8DE52ACCD6F9B
                                                                                                                                                                      SHA-512:53D11FF2FD3AA39EBEB6796FB08E2B0A34BDD67E42724245D1D7CD72EBD40A4053AC854D14B520D8120465BC4F795B7F4FCD8300CFA95927A56C1D96F2CF9A77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):45105
                                                                                                                                                                      Entropy (8bit):6.094852051202561
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:KDXzgWPsj/qlGJqIY8GB4xQ+Q9i1zNtTiiH9p1NC+L7qPvt9KJDSgzMMd6qD47uv:K/Ps+wsI7yOJiidjyKtSmd6qE7lFov
                                                                                                                                                                      MD5:E17076A2823A53AEE78BBE26395BB880
                                                                                                                                                                      SHA1:BAD586590C7C800BDBD20D211852EFA01A3964FA
                                                                                                                                                                      SHA-256:F60B7839F453B4F6FB79DA3135D373878E9F630640474056063478F5AC5D984C
                                                                                                                                                                      SHA-512:8AB08D0723D7E2B4E2039B4D613F352ECAD84F78F3B14299C7B98F39663403271F20D45A3F5EB6137A6AC35585AE32C93E6FB3615003B914BCE368003EDE32FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13355227655872975","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):102293
                                                                                                                                                                      Entropy (8bit):4.634057283138615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:W/lv4EskMNTQps5Vdw34PsiaM++tDulXridW+LuhVaK:+wRQO5VdwIT+S8GdZKVaK
                                                                                                                                                                      MD5:10218378540D7BC72BD58227D8BB5FD7
                                                                                                                                                                      SHA1:F0CF35D48E2CFD485835400DFD37352537080055
                                                                                                                                                                      SHA-256:D736CD726F00E1507A5F82C3E1B7A8A030717129FF12C03AE5C4FC032D8F4F86
                                                                                                                                                                      SHA-512:1DFEE589D43B9CF62B0083CF821CE22B05779269CC1737AB6B6CF638A5062D1783E4F82101CE55488369E7D5810B28EEF96DFC4335384BCA17F8467482662F2D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):102293
                                                                                                                                                                      Entropy (8bit):4.634057283138615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:W/lv4EskMNTQps5Vdw34PsiaM++tDulXridW+LuhVaK:+wRQO5VdwIT+S8GdZKVaK
                                                                                                                                                                      MD5:10218378540D7BC72BD58227D8BB5FD7
                                                                                                                                                                      SHA1:F0CF35D48E2CFD485835400DFD37352537080055
                                                                                                                                                                      SHA-256:D736CD726F00E1507A5F82C3E1B7A8A030717129FF12C03AE5C4FC032D8F4F86
                                                                                                                                                                      SHA-512:1DFEE589D43B9CF62B0083CF821CE22B05779269CC1737AB6B6CF638A5062D1783E4F82101CE55488369E7D5810B28EEF96DFC4335384BCA17F8467482662F2D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):280
                                                                                                                                                                      Entropy (8bit):4.105637406271287
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHL:o1cUh4Y3LbO/BVsJDbYuDRBOyc
                                                                                                                                                                      MD5:CFE6AA5BB3888F03C04999ADA5DF1C0A
                                                                                                                                                                      SHA1:2F1E4316C1611F3B1E2117090E5E9D177EE6ABF5
                                                                                                                                                                      SHA-256:CB2A3986B16815762A2ABF3D5FAD6B35D13BDC6DC2FAE081F1DD1D94DA1E479A
                                                                                                                                                                      SHA-512:FF824C1A2BA5788461B7762726C869767BC70B163ABBBBA0AA7430999DA31223E487802955627C4F6EB8ACCA15A5B98F35E80B59D9E5AF85E6308DA1A7B323EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8282
                                                                                                                                                                      Entropy (8bit):5.211134834623614
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEgDnEIMkpusY8bV+FiAGWUNWPLMJ:st60UKxs4oLMDtjdJ3bGilFNB
                                                                                                                                                                      MD5:1E1F1427EEAE0F5897FD9C5119BD34D9
                                                                                                                                                                      SHA1:ACFF296D51E615EBF69A02C972BF4BDA33342934
                                                                                                                                                                      SHA-256:B1A96C2DDF74277F55368C72F8F7D121C5A60284D9720C35C2913D9177C7F305
                                                                                                                                                                      SHA-512:70E53E8EF5014AE39875455FD8E617F42C33C737D1FD322AE3124807DBD063473D3467129D09D775A07DA164E05B7F6DD625E1E615BEF6D071E55CFE213ADDD4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8282
                                                                                                                                                                      Entropy (8bit):5.211052445632208
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEgDnEIMkpusY8bV+FiAMWUNWPLMJ:st60UKxs4oLMDtjdJ3bGirFNB
                                                                                                                                                                      MD5:9BE7B5A19F8984915B6922066B02A609
                                                                                                                                                                      SHA1:2D2FC9AEA1CE1F398A940F294CBCFDE97892A857
                                                                                                                                                                      SHA-256:716272AAAE566D9732AA7B1EFEA52AADE3ADE9AAA27DA4770E32890F50B44F05
                                                                                                                                                                      SHA-512:5DAB8BE0D1B5FECEEF193CA78FB0B8FC50B75F979485DE9ED228190D8327A1DF797873CE949F967B4F8776A5CCD6C605F0BFEAE4A6EEAAEAEC4DAFB3399487C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7689
                                                                                                                                                                      Entropy (8bit):5.089246297526234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEmkpusY8bV+FiAMWUNWPLMJ:st60UKxs4oLMDM3bGirFNB
                                                                                                                                                                      MD5:7E98FA343513A10BEFC562EC51F728D6
                                                                                                                                                                      SHA1:B6A6028ADFF54574B8163C8BE55055D5FF2BEEF1
                                                                                                                                                                      SHA-256:7CD805ACB187EA474B089063876BAB7BCAFD7D6B76F5EE3536FBFAE0EFD779E9
                                                                                                                                                                      SHA-512:3150C6DDBAA1078BA1A198CB5E5B7F3F378B37140389E322EEB295F8B384983F959D736B964D6011DEC248CDAA7A21F48154DF4A93E62D259BB5D8E7032C7886
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):30096
                                                                                                                                                                      Entropy (8bit):5.566701220554857
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:njWYsLWHbLoL6PeW5wW8f4fb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPa3MmIz42m9:nSpLwvW6PeWaW8fsbu1jaD3MnDjctZ
                                                                                                                                                                      MD5:819039F3B9EF6EE3F8C4F0A84F70502F
                                                                                                                                                                      SHA1:9F9FDD3021FB42AD933AAB826C9B601BA02AA7B7
                                                                                                                                                                      SHA-256:407766EB1E103BF27251012D32171B206654F93E588A9CEBBE2E3D8109919A2A
                                                                                                                                                                      SHA-512:A2098C7CB58475C0F3EBA72B852434A1DB63650FA1923EA072AB305F80C15B1CA47EE6B154BE56770932AEEB7EC64727BB51428CBFCCE62409AD989255F2AD12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355227655194776","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355227655194776","location":5,"ma
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):480723
                                                                                                                                                                      Entropy (8bit):5.394194915276505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:IbS15tRdAYDI1JcYxI57aDZ7aJOGiMleOebNG/dFd2X13WG:IbcXAYDI1JcY+5WZ0OG1yJG/dKWG
                                                                                                                                                                      MD5:0548DFFD74A31ED3511B630367997845
                                                                                                                                                                      SHA1:BEA87DDB0770CFE59D854D80080860E6A27CD731
                                                                                                                                                                      SHA-256:8989DCA1C53642C37E529992117B8DB64035C371F84FDACA8ECE099E20256192
                                                                                                                                                                      SHA-512:FEE018C66B6A9CEE49DF6CED1BF081552ED4A6A5C8051E103BF01C6BC6127752F8CFD60C731BA39B493EED6AB50BE8BB0F586E49683D87B780D68F018011982D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):340
                                                                                                                                                                      Entropy (8bit):5.168529922250618
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F5TM+q2PN723oH+Tcwt9Eh1tIFUt88CeZZmw+8LMMVkwON723oH+Tcwt9Eh15LJ:HTM+vVaYeb9Eh16FUt8K/+PMV5OaYebY
                                                                                                                                                                      MD5:46A965B62DA627CFD4DF0335C67C3C7B
                                                                                                                                                                      SHA1:7D31F70052E4202D185003118DD19FB316D6F922
                                                                                                                                                                      SHA-256:FB42463C873A1A562208B42D820863CDC9D11A4CA4DC259E871F8C89902426B3
                                                                                                                                                                      SHA-512:4C993B55F8C00EDF88D1D3E09369CCAFE8491BAD55DEE39BAD4429B7A6151DEF7C020B73C0BC346BFE4616FF3879A691A5E5A348705851866CEB429A35903837
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:47.621 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/03/18-10:27:48.337 1f6c Recovering log #3.2024/03/18-10:27:48.515 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):340
                                                                                                                                                                      Entropy (8bit):5.168529922250618
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F5TM+q2PN723oH+Tcwt9Eh1tIFUt88CeZZmw+8LMMVkwON723oH+Tcwt9Eh15LJ:HTM+vVaYeb9Eh16FUt8K/+PMV5OaYebY
                                                                                                                                                                      MD5:46A965B62DA627CFD4DF0335C67C3C7B
                                                                                                                                                                      SHA1:7D31F70052E4202D185003118DD19FB316D6F922
                                                                                                                                                                      SHA-256:FB42463C873A1A562208B42D820863CDC9D11A4CA4DC259E871F8C89902426B3
                                                                                                                                                                      SHA-512:4C993B55F8C00EDF88D1D3E09369CCAFE8491BAD55DEE39BAD4429B7A6151DEF7C020B73C0BC346BFE4616FF3879A691A5E5A348705851866CEB429A35903837
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:47.621 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/03/18-10:27:48.337 1f6c Recovering log #3.2024/03/18-10:27:48.515 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                      Entropy (8bit):5.213671701727497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FB+q2PN723oH+TcwtnG2tMsIFUt88sRcGGAWZmw+8nNVkwON723oH+TcwtnG2tM2:D+vVaYebn9GFUt8QCW/+cNV5OaYebn9b
                                                                                                                                                                      MD5:58F133190BF9EF45778B164301C01BE4
                                                                                                                                                                      SHA1:E4FF6C0AF623971EEB12C1B954556B8529AF4DA8
                                                                                                                                                                      SHA-256:8C2CED8ABDF0951F7A55E7C3EA24262FFD40DFE89B5436862315419CF50CEEC5
                                                                                                                                                                      SHA-512:1BFB53152F1DEB536495BC873E9244A7801D2CB59E9E9DE5F050352506B92ACC045483CBF6E1C0DF996A564A1CF8A32024EDD95F1D3D8376C18B1443CCC235D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.217 16cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/03/18-10:27:35.224 16cc Recovering log #3.2024/03/18-10:27:35.231 16cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                      Entropy (8bit):5.213671701727497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FB+q2PN723oH+TcwtnG2tMsIFUt88sRcGGAWZmw+8nNVkwON723oH+TcwtnG2tM2:D+vVaYebn9GFUt8QCW/+cNV5OaYebn9b
                                                                                                                                                                      MD5:58F133190BF9EF45778B164301C01BE4
                                                                                                                                                                      SHA1:E4FF6C0AF623971EEB12C1B954556B8529AF4DA8
                                                                                                                                                                      SHA-256:8C2CED8ABDF0951F7A55E7C3EA24262FFD40DFE89B5436862315419CF50CEEC5
                                                                                                                                                                      SHA-512:1BFB53152F1DEB536495BC873E9244A7801D2CB59E9E9DE5F050352506B92ACC045483CBF6E1C0DF996A564A1CF8A32024EDD95F1D3D8376C18B1443CCC235D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.217 16cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/03/18-10:27:35.224 16cc Recovering log #3.2024/03/18-10:27:35.231 16cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                      Entropy (8bit):5.159070257521414
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FsBf4q2PN723oH+Tcwt8aPrqIFUt88VJZmw+8qZDkwON723oH+Tcwt8amLJ:Y4vVaYebL3FUt8EJ/+zZD5OaYebQJ
                                                                                                                                                                      MD5:194737FF6101514D5061D16C15EC2961
                                                                                                                                                                      SHA1:37C41AF90A931EDE1F0F563E3919327265574427
                                                                                                                                                                      SHA-256:1E28BDE561168089679F14FE531D49603D0B8EB55D082F02DAE6870463EBC51D
                                                                                                                                                                      SHA-512:483CADF0FD569B3CA058173450B122F8A38B193E4180E109B589E05B02D551990E47AEE323E5D628BCA43731B992D3FC14A699465C2F81E63E98C049C235254D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.225 1b20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/03/18-10:27:35.233 1b20 Recovering log #3.2024/03/18-10:27:35.245 1b20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                      Entropy (8bit):5.159070257521414
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FsBf4q2PN723oH+Tcwt8aPrqIFUt88VJZmw+8qZDkwON723oH+Tcwt8amLJ:Y4vVaYebL3FUt8EJ/+zZD5OaYebQJ
                                                                                                                                                                      MD5:194737FF6101514D5061D16C15EC2961
                                                                                                                                                                      SHA1:37C41AF90A931EDE1F0F563E3919327265574427
                                                                                                                                                                      SHA-256:1E28BDE561168089679F14FE531D49603D0B8EB55D082F02DAE6870463EBC51D
                                                                                                                                                                      SHA-512:483CADF0FD569B3CA058173450B122F8A38B193E4180E109B589E05B02D551990E47AEE323E5D628BCA43731B992D3FC14A699465C2F81E63E98C049C235254D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.225 1b20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/03/18-10:27:35.233 1b20 Recovering log #3.2024/03/18-10:27:35.245 1b20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):332
                                                                                                                                                                      Entropy (8bit):5.1978537107039635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Frzf4q2PN723oH+Tcwt865IFUt88r3IvJZmw+8oVNDkwON723oH+Tcwt86+ULJ:pzf4vVaYeb/WFUt884vJ/+5ND5OaYebD
                                                                                                                                                                      MD5:E34C3F746B8AF577F85B6CE84C1CF89B
                                                                                                                                                                      SHA1:6AC654D4869601758ECD85D1A9217FF096C6EE0A
                                                                                                                                                                      SHA-256:BD65511EC7F3093CE89A64979FFC9EAFDD52928FAA0E6DDA6B5A50825B9B3628
                                                                                                                                                                      SHA-512:83714B88C5F3169FA74A95088AAA0A4AFE2A9044F015721B05BC5618825FF6255A5F3287687501360BFB4C00C6E242712ACAF17F00B53F15177AFF7D20410FB7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.385 1b20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/03/18-10:27:35.399 1b20 Recovering log #3.2024/03/18-10:27:35.412 1b20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):332
                                                                                                                                                                      Entropy (8bit):5.1978537107039635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Frzf4q2PN723oH+Tcwt865IFUt88r3IvJZmw+8oVNDkwON723oH+Tcwt86+ULJ:pzf4vVaYeb/WFUt884vJ/+5ND5OaYebD
                                                                                                                                                                      MD5:E34C3F746B8AF577F85B6CE84C1CF89B
                                                                                                                                                                      SHA1:6AC654D4869601758ECD85D1A9217FF096C6EE0A
                                                                                                                                                                      SHA-256:BD65511EC7F3093CE89A64979FFC9EAFDD52928FAA0E6DDA6B5A50825B9B3628
                                                                                                                                                                      SHA-512:83714B88C5F3169FA74A95088AAA0A4AFE2A9044F015721B05BC5618825FF6255A5F3287687501360BFB4C00C6E242712ACAF17F00B53F15177AFF7D20410FB7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.385 1b20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/03/18-10:27:35.399 1b20 Recovering log #3.2024/03/18-10:27:35.412 1b20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1254
                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                      MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                      SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                      SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                      SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                      Entropy (8bit):5.205216405029513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FhLOq2PN723oH+Tcwt8NIFUt88h8XZmw+8h8FkwON723oH+Tcwt8+eLJ:mvVaYebpFUt8BX/+BF5OaYebqJ
                                                                                                                                                                      MD5:1B3C4232327E7DB03361F9DA48763CEE
                                                                                                                                                                      SHA1:25F5C8D964A4735BFF6925D05C1B8F39CC57512D
                                                                                                                                                                      SHA-256:C669ABAA0E9455799830D6AA008BE8FF11C4946911FA627B5A07134A8964CB90
                                                                                                                                                                      SHA-512:2CD987B63F9580D2B9F25FCB04C507805EED27942D9C2FB4BECE9C14A5EB1C1F05B9F3188030B6C36F5104E8514FE4F16806906DD0E0E0ACA3593B494CACBBEE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.967 ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/03/18-10:27:35.968 ed4 Recovering log #3.2024/03/18-10:27:35.968 ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                      Entropy (8bit):5.205216405029513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FhLOq2PN723oH+Tcwt8NIFUt88h8XZmw+8h8FkwON723oH+Tcwt8+eLJ:mvVaYebpFUt8BX/+BF5OaYebqJ
                                                                                                                                                                      MD5:1B3C4232327E7DB03361F9DA48763CEE
                                                                                                                                                                      SHA1:25F5C8D964A4735BFF6925D05C1B8F39CC57512D
                                                                                                                                                                      SHA-256:C669ABAA0E9455799830D6AA008BE8FF11C4946911FA627B5A07134A8964CB90
                                                                                                                                                                      SHA-512:2CD987B63F9580D2B9F25FCB04C507805EED27942D9C2FB4BECE9C14A5EB1C1F05B9F3188030B6C36F5104E8514FE4F16806906DD0E0E0ACA3593B494CACBBEE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.967 ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/03/18-10:27:35.968 ed4 Recovering log #3.2024/03/18-10:27:35.968 ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                      Entropy (8bit):5.809210454117189
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8720
                                                                                                                                                                      Entropy (8bit):0.21760073165385718
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:c7tFlljq7A/mhWJFuQ3yy7IOWUhSWdweytllrE9SFcTp4AGbNCV9RUI3:n75fOfSWd0Xi99pEY5
                                                                                                                                                                      MD5:B47FEACB194BFCAE90B7E0068B50AE6E
                                                                                                                                                                      SHA1:A4FDDC692132AF44B7448262EA62267A446BA19A
                                                                                                                                                                      SHA-256:914DB1E41F61E8C0E4BDD2085F6F2F298E636616E6A114778E5EA5E5558C9E74
                                                                                                                                                                      SHA-512:A344500ACD80BA99683BB19F340D6FB92A4F5E854F9B63E7748C2306A848256698F6033A4EDF89CB09455EF17521803C83F5906E2CD6D461D932B999CF4BD2A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.............g.7...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):409
                                                                                                                                                                      Entropy (8bit):5.2583566826074835
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:7vVaYeb8rcHEZrELFUt8UZ/+Uz5OaYeb8rcHEZrEZSJ:bVaYeb8nZrExg8URlOaYeb8nZrEZe
                                                                                                                                                                      MD5:5AF900191901E02A9BA6B2539CE9A2EF
                                                                                                                                                                      SHA1:91F3C7A69DBED2774904EC236F7FF34F81B37747
                                                                                                                                                                      SHA-256:9D899338E53960D6A6212069F4C7E9EF537F906BA303CBD23B3B57816AB99C7C
                                                                                                                                                                      SHA-512:391B4D6D9AC764BC2127ED2CCE214D087B2D13CBA1A23D84D7F2549AA28BFC4F0700F8A9D9DA35EAD1A7DE9BCFFC48E3012A43DD9008A25729504C9E501F60DE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:37.573 ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/03/18-10:27:37.574 ed4 Recovering log #3.2024/03/18-10:27:37.574 ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):409
                                                                                                                                                                      Entropy (8bit):5.2583566826074835
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:7vVaYeb8rcHEZrELFUt8UZ/+Uz5OaYeb8rcHEZrEZSJ:bVaYeb8nZrExg8URlOaYeb8nZrEZe
                                                                                                                                                                      MD5:5AF900191901E02A9BA6B2539CE9A2EF
                                                                                                                                                                      SHA1:91F3C7A69DBED2774904EC236F7FF34F81B37747
                                                                                                                                                                      SHA-256:9D899338E53960D6A6212069F4C7E9EF537F906BA303CBD23B3B57816AB99C7C
                                                                                                                                                                      SHA-512:391B4D6D9AC764BC2127ED2CCE214D087B2D13CBA1A23D84D7F2549AA28BFC4F0700F8A9D9DA35EAD1A7DE9BCFFC48E3012A43DD9008A25729504C9E501F60DE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:37.573 ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/03/18-10:27:37.574 ed4 Recovering log #3.2024/03/18-10:27:37.574 ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):337
                                                                                                                                                                      Entropy (8bit):5.1421671261499995
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F0zMN+q2PN723oH+Tcwt8a2jMGIFUt880p5Zmw+80g6VkwON723oH+Tcwt8a2jM4:jIvVaYeb8EFUt8H/+F5OaYeb8bJ
                                                                                                                                                                      MD5:23390E3B4F19F2B2AE0A45FCDF40DE82
                                                                                                                                                                      SHA1:8202BEB8226B9A280045FCD6A51CA5F9DAB372F5
                                                                                                                                                                      SHA-256:E60F4B93081C7AFC7DBD34578DC9554E77F0A928C2EF006C180AA59C01528CA8
                                                                                                                                                                      SHA-512:9C74C9AC789E6781AEA64C97763FEC0F3E12609338BC6488A8D9DBD944341A3E6C5F7E41CE5B61A5E45EE08BB724F2C1264B949B521E65AF1EC2305C4B66C69C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:36.340 308 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:27:36.343 308 Recovering log #3.2024/03/18-10:27:36.350 308 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):337
                                                                                                                                                                      Entropy (8bit):5.1421671261499995
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F0zMN+q2PN723oH+Tcwt8a2jMGIFUt880p5Zmw+80g6VkwON723oH+Tcwt8a2jM4:jIvVaYeb8EFUt8H/+F5OaYeb8bJ
                                                                                                                                                                      MD5:23390E3B4F19F2B2AE0A45FCDF40DE82
                                                                                                                                                                      SHA1:8202BEB8226B9A280045FCD6A51CA5F9DAB372F5
                                                                                                                                                                      SHA-256:E60F4B93081C7AFC7DBD34578DC9554E77F0A928C2EF006C180AA59C01528CA8
                                                                                                                                                                      SHA-512:9C74C9AC789E6781AEA64C97763FEC0F3E12609338BC6488A8D9DBD944341A3E6C5F7E41CE5B61A5E45EE08BB724F2C1264B949B521E65AF1EC2305C4B66C69C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:36.340 308 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:27:36.343 308 Recovering log #3.2024/03/18-10:27:36.350 308 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1334
                                                                                                                                                                      Entropy (8bit):5.3131165759357755
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YcCp/WwC5mWwFGJ/I3w6C1Vdsg7ZVMdmRdstOXyZFRudFGRw6maPsQYhbA7nby:YcCpfC0gCgRsgtstOWfc7khYhbj
                                                                                                                                                                      MD5:1A4B1F797620B2541C226A7B1515B7CA
                                                                                                                                                                      SHA1:356247B23EE388ADC3A31BF9F3FB9695354BEEA6
                                                                                                                                                                      SHA-256:8D81D6ED77687CB3C95D6A0EC56F1A97DFF3E3EF7732A007B2A4501A68657272
                                                                                                                                                                      SHA-512:342D17CA6887183F96F4AE1C2987B3EC48C65FE4F5BF89F26C5BFB22D397565F67CA65B4A9E9E2C2EDD92602E336CB8E88859DE50EBD4F8951EB8868BF673564
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357819658188368","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357819659060936","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",f
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1334
                                                                                                                                                                      Entropy (8bit):5.3131165759357755
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YcCp/WwC5mWwFGJ/I3w6C1Vdsg7ZVMdmRdstOXyZFRudFGRw6maPsQYhbA7nby:YcCpfC0gCgRsgtstOWfc7khYhbj
                                                                                                                                                                      MD5:1A4B1F797620B2541C226A7B1515B7CA
                                                                                                                                                                      SHA1:356247B23EE388ADC3A31BF9F3FB9695354BEEA6
                                                                                                                                                                      SHA-256:8D81D6ED77687CB3C95D6A0EC56F1A97DFF3E3EF7732A007B2A4501A68657272
                                                                                                                                                                      SHA-512:342D17CA6887183F96F4AE1C2987B3EC48C65FE4F5BF89F26C5BFB22D397565F67CA65B4A9E9E2C2EDD92602E336CB8E88859DE50EBD4F8951EB8868BF673564
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357819658188368","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357819659060936","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",f
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7689
                                                                                                                                                                      Entropy (8bit):5.089246297526234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEmkpusY8bV+FiAMWUNWPLMJ:st60UKxs4oLMDM3bGirFNB
                                                                                                                                                                      MD5:7E98FA343513A10BEFC562EC51F728D6
                                                                                                                                                                      SHA1:B6A6028ADFF54574B8163C8BE55055D5FF2BEEF1
                                                                                                                                                                      SHA-256:7CD805ACB187EA474B089063876BAB7BCAFD7D6B76F5EE3536FBFAE0EFD779E9
                                                                                                                                                                      SHA-512:3150C6DDBAA1078BA1A198CB5E5B7F3F378B37140389E322EEB295F8B384983F959D736B964D6011DEC248CDAA7A21F48154DF4A93E62D259BB5D8E7032C7886
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7689
                                                                                                                                                                      Entropy (8bit):5.089246297526234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEmkpusY8bV+FiAMWUNWPLMJ:st60UKxs4oLMDM3bGirFNB
                                                                                                                                                                      MD5:7E98FA343513A10BEFC562EC51F728D6
                                                                                                                                                                      SHA1:B6A6028ADFF54574B8163C8BE55055D5FF2BEEF1
                                                                                                                                                                      SHA-256:7CD805ACB187EA474B089063876BAB7BCAFD7D6B76F5EE3536FBFAE0EFD779E9
                                                                                                                                                                      SHA-512:3150C6DDBAA1078BA1A198CB5E5B7F3F378B37140389E322EEB295F8B384983F959D736B964D6011DEC248CDAA7A21F48154DF4A93E62D259BB5D8E7032C7886
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7689
                                                                                                                                                                      Entropy (8bit):5.089246297526234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEmkpusY8bV+FiAMWUNWPLMJ:st60UKxs4oLMDM3bGirFNB
                                                                                                                                                                      MD5:7E98FA343513A10BEFC562EC51F728D6
                                                                                                                                                                      SHA1:B6A6028ADFF54574B8163C8BE55055D5FF2BEEF1
                                                                                                                                                                      SHA-256:7CD805ACB187EA474B089063876BAB7BCAFD7D6B76F5EE3536FBFAE0EFD779E9
                                                                                                                                                                      SHA-512:3150C6DDBAA1078BA1A198CB5E5B7F3F378B37140389E322EEB295F8B384983F959D736B964D6011DEC248CDAA7A21F48154DF4A93E62D259BB5D8E7032C7886
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7689
                                                                                                                                                                      Entropy (8bit):5.089246297526234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEmkpusY8bV+FiAMWUNWPLMJ:st60UKxs4oLMDM3bGirFNB
                                                                                                                                                                      MD5:7E98FA343513A10BEFC562EC51F728D6
                                                                                                                                                                      SHA1:B6A6028ADFF54574B8163C8BE55055D5FF2BEEF1
                                                                                                                                                                      SHA-256:7CD805ACB187EA474B089063876BAB7BCAFD7D6B76F5EE3536FBFAE0EFD779E9
                                                                                                                                                                      SHA-512:3150C6DDBAA1078BA1A198CB5E5B7F3F378B37140389E322EEB295F8B384983F959D736B964D6011DEC248CDAA7A21F48154DF4A93E62D259BB5D8E7032C7886
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                      Entropy (8bit):5.566812631585351
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:njWYsLWyeW5wW8f4Ib8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPWmIz42mrwX4cpetm:nSpLHeWaW8f1bu1jajnDjktm
                                                                                                                                                                      MD5:82F191254202EA8ADBF842E0C43BB78F
                                                                                                                                                                      SHA1:0347B3DDBEC8C33607813ADE92E69600A99A8255
                                                                                                                                                                      SHA-256:268F4F1FBC4993CD6BF743E3C8EB7981441D8FD4EDB5E01F2D30C72AE4099ED5
                                                                                                                                                                      SHA-512:E607EC1DC5E31BABB994E8D6CF978266F719BD869A8E8B2701D669B5834947CC7AFBAF76C31B4AB3533EDC239468CAA2A7ABC5AC53C4C1F1C674F67D59677CE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355227655194776","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355227655194776","location":5,"ma
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                      Entropy (8bit):5.566812631585351
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:njWYsLWyeW5wW8f4Ib8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPWmIz42mrwX4cpetm:nSpLHeWaW8f1bu1jajnDjktm
                                                                                                                                                                      MD5:82F191254202EA8ADBF842E0C43BB78F
                                                                                                                                                                      SHA1:0347B3DDBEC8C33607813ADE92E69600A99A8255
                                                                                                                                                                      SHA-256:268F4F1FBC4993CD6BF743E3C8EB7981441D8FD4EDB5E01F2D30C72AE4099ED5
                                                                                                                                                                      SHA-512:E607EC1DC5E31BABB994E8D6CF978266F719BD869A8E8B2701D669B5834947CC7AFBAF76C31B4AB3533EDC239468CAA2A7ABC5AC53C4C1F1C674F67D59677CE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355227655194776","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355227655194776","location":5,"ma
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):194
                                                                                                                                                                      Entropy (8bit):2.8096948641228403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljl:S85aEFljljljljljljljl
                                                                                                                                                                      MD5:D7D9437445AA960DCEA52FFE772822DC
                                                                                                                                                                      SHA1:C2BBF4AC0732D905D998C4F645FD60F95A675D02
                                                                                                                                                                      SHA-256:4FF49903BEC1197017A35995D5C5FC703CAF9D496467345D783F754B723D21C1
                                                                                                                                                                      SHA-512:335EB1BA85670550ED1E1E4E14EA4B5D14F8306125BF147A42DE4DEF5E5F75F14C422B014414030CF30378C04F748AC875CF056ADDA196511A0B057B3598FE9A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                      Entropy (8bit):5.166252596465327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FG6+q2PN723oH+TcwtrQMxIFUt88YZmw+86nVkwON723oH+TcwtrQMFLJ:avVaYebCFUt8L/+pV5OaYebtJ
                                                                                                                                                                      MD5:6DB57F15431EE2129BFF13A646143C3B
                                                                                                                                                                      SHA1:6F85389A99721CD82BEBE85F3AD38F72E635E148
                                                                                                                                                                      SHA-256:FBDC00F6B39803FD4C6EFE7871345A5B514E201092B76D43C20325E824511E4D
                                                                                                                                                                      SHA-512:124DD2295F9340A9A77E7897B735A859E938C39C5186FC739A637DB06F0B2BE79D9563917C7F6FEAC1F72CBEA9A6A9E28E288DDC78F10693D2BA4E6E7F02FFB7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:52.964 308 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/03/18-10:27:52.976 308 Recovering log #3.2024/03/18-10:27:52.985 308 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                      Entropy (8bit):5.166252596465327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FG6+q2PN723oH+TcwtrQMxIFUt88YZmw+86nVkwON723oH+TcwtrQMFLJ:avVaYebCFUt8L/+pV5OaYebtJ
                                                                                                                                                                      MD5:6DB57F15431EE2129BFF13A646143C3B
                                                                                                                                                                      SHA1:6F85389A99721CD82BEBE85F3AD38F72E635E148
                                                                                                                                                                      SHA-256:FBDC00F6B39803FD4C6EFE7871345A5B514E201092B76D43C20325E824511E4D
                                                                                                                                                                      SHA-512:124DD2295F9340A9A77E7897B735A859E938C39C5186FC739A637DB06F0B2BE79D9563917C7F6FEAC1F72CBEA9A6A9E28E288DDC78F10693D2BA4E6E7F02FFB7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:52.964 308 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/03/18-10:27:52.976 308 Recovering log #3.2024/03/18-10:27:52.985 308 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):5.11684277106883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F0ovlyq2PN723oH+Tcwt7Uh2ghZIFUt88U1Zmw+8yvlRkwON723oH+Tcwt7Uh2gd:UvVaYebIhHh2FUt811/+575OaYebIhHd
                                                                                                                                                                      MD5:3E8943D1C2F5101C076791D0C2B0454F
                                                                                                                                                                      SHA1:123EDCDE47BC658ECF2A18202F424E8741734BF7
                                                                                                                                                                      SHA-256:6D8EB7427EB5859FC1FA25A106D35282F05A8E24AB6BEC64F69E2FAB45C33904
                                                                                                                                                                      SHA-512:29FEA10165704244FCB731365031C0B43CB57C575319DE0853808CAC2F6D53F8E0A7801C8A0B4DA3D8018E18029A11B22C7693B2FA65E83D7026095E043CCE20
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.404 1710 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/03/18-10:27:35.410 1710 Recovering log #3.2024/03/18-10:27:35.414 1710 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):5.11684277106883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F0ovlyq2PN723oH+Tcwt7Uh2ghZIFUt88U1Zmw+8yvlRkwON723oH+Tcwt7Uh2gd:UvVaYebIhHh2FUt811/+575OaYebIhHd
                                                                                                                                                                      MD5:3E8943D1C2F5101C076791D0C2B0454F
                                                                                                                                                                      SHA1:123EDCDE47BC658ECF2A18202F424E8741734BF7
                                                                                                                                                                      SHA-256:6D8EB7427EB5859FC1FA25A106D35282F05A8E24AB6BEC64F69E2FAB45C33904
                                                                                                                                                                      SHA-512:29FEA10165704244FCB731365031C0B43CB57C575319DE0853808CAC2F6D53F8E0A7801C8A0B4DA3D8018E18029A11B22C7693B2FA65E83D7026095E043CCE20
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.404 1710 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/03/18-10:27:35.410 1710 Recovering log #3.2024/03/18-10:27:35.414 1710 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                      Entropy (8bit):0.0018090556708630734
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zEjI1K:/M/xT02zd1K
                                                                                                                                                                      MD5:D7AA5E8C84CD12A14659B179AD2A0CA2
                                                                                                                                                                      SHA1:E92C0EB5403134A8E79F6EAF16712A930141D745
                                                                                                                                                                      SHA-256:E6212AD1CF70A80DECD4B3A1180E94BFECE1BEE054606592C716ED6FE545CC0D
                                                                                                                                                                      SHA-512:80C6D4F9C746CDB3ED98DEAAE910E1502F23C1E3013DF86CC353D39CB0955F55BDE4260A2673043C17A6DB02B969C0BA7155F3AAB906DBB63F1E1AE50B8A1F4F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):435
                                                                                                                                                                      Entropy (8bit):5.24684573669701
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F09+q2PN723oH+TcwtzjqEKj3K/2jMGIFUt880TZmw+80otVkwON723oH+Tcwtzg:pvVaYebvqBQFUt8n/+sT5OaYebvqBvJ
                                                                                                                                                                      MD5:F5897695F1DFEF041D512FDBDD6982B5
                                                                                                                                                                      SHA1:5B647725AC07D93F2F7A79E30AC5AE542D54372B
                                                                                                                                                                      SHA-256:E1F7462F0E71E8B74C6FAD9D6ECFE1CFA8D2AD00A27B2D24929C2066E72107A7
                                                                                                                                                                      SHA-512:88BED2B353D19F266855EBE5E35AE1C9FA5AF2886F3ABCF6B896C0AAD5AB339547FC2A995D6C7139F1CC6D0FDF5F6D924A7863EFF3A581C4F6C6323B4CEE47C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:36.367 308 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:27:36.369 308 Recovering log #3.2024/03/18-10:27:36.375 308 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):435
                                                                                                                                                                      Entropy (8bit):5.24684573669701
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:F09+q2PN723oH+TcwtzjqEKj3K/2jMGIFUt880TZmw+80otVkwON723oH+Tcwtzg:pvVaYebvqBQFUt8n/+sT5OaYebvqBvJ
                                                                                                                                                                      MD5:F5897695F1DFEF041D512FDBDD6982B5
                                                                                                                                                                      SHA1:5B647725AC07D93F2F7A79E30AC5AE542D54372B
                                                                                                                                                                      SHA-256:E1F7462F0E71E8B74C6FAD9D6ECFE1CFA8D2AD00A27B2D24929C2066E72107A7
                                                                                                                                                                      SHA-512:88BED2B353D19F266855EBE5E35AE1C9FA5AF2886F3ABCF6B896C0AAD5AB339547FC2A995D6C7139F1CC6D0FDF5F6D924A7863EFF3A581C4F6C6323B4CEE47C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:36.367 308 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:27:36.369 308 Recovering log #3.2024/03/18-10:27:36.375 308 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                      Entropy (8bit):0.3886039372934488
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                      MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                      SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                      SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                      SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[]
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                      Entropy (8bit):3.4921535629071894
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426
                                                                                                                                                                      Entropy (8bit):5.255144828980245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Fn+q2PN723oH+TcwtzjqEKj0QMxIFUt88QXZmw+8qtVkwON723oH+TcwtzjqEKjq:cvVaYebvqBZFUt8B/+ZT5OaYebvqBaJ
                                                                                                                                                                      MD5:6EAE35DF140C99E1C4ADDAA4F29F769B
                                                                                                                                                                      SHA1:33BEF47C6EE1571CC8B15725BB55FB5703E08E86
                                                                                                                                                                      SHA-256:25274E8BBFB5847974A9A91456DB31CFC823EB34361B0D66D0703C038E4756A8
                                                                                                                                                                      SHA-512:E4102EC73B63D550DD2E234CFBB158BD17CAEE31FC459CEE62616699D8939F9718EE4EB9760417AB4BE3A6904C8EFE585837109FADDB7B942960F49E9D527D0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:52.972 14c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/03/18-10:27:52.977 14c8 Recovering log #3.2024/03/18-10:27:52.988 14c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426
                                                                                                                                                                      Entropy (8bit):5.255144828980245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Fn+q2PN723oH+TcwtzjqEKj0QMxIFUt88QXZmw+8qtVkwON723oH+TcwtzjqEKjq:cvVaYebvqBZFUt8B/+ZT5OaYebvqBaJ
                                                                                                                                                                      MD5:6EAE35DF140C99E1C4ADDAA4F29F769B
                                                                                                                                                                      SHA1:33BEF47C6EE1571CC8B15725BB55FB5703E08E86
                                                                                                                                                                      SHA-256:25274E8BBFB5847974A9A91456DB31CFC823EB34361B0D66D0703C038E4756A8
                                                                                                                                                                      SHA-512:E4102EC73B63D550DD2E234CFBB158BD17CAEE31FC459CEE62616699D8939F9718EE4EB9760417AB4BE3A6904C8EFE585837109FADDB7B942960F49E9D527D0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:52.972 14c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/03/18-10:27:52.977 14c8 Recovering log #3.2024/03/18-10:27:52.988 14c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):329
                                                                                                                                                                      Entropy (8bit):5.199146714386386
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FpUSQ+q2PN723oH+TcwtpIFUt88pUSdWZmw+8uXwQVkwON723oH+Tcwta/WLJ:7Q+vVaYebmFUt8JSdW/+3AQV5OaYebaQ
                                                                                                                                                                      MD5:CA61AAABEF5F76C648B1752290B93E1C
                                                                                                                                                                      SHA1:D6ABF9914471A4263EF24E9F1C52A8F3671C629E
                                                                                                                                                                      SHA-256:0864D95031042EF31EBC6521DF774B11B138BBF662C3F2EAFE319D837A97635E
                                                                                                                                                                      SHA-512:C74772682C01E2990AFDF4EA54B31FEAE14E251460B1F1A5C292B9ECEA736E2A48B7F6AF33670CA122EC4803555FD640AB5BE77453979AC1B93AAB03DAFD9C0D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.177 c3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/03/18-10:27:35.195 c3c Recovering log #3.2024/03/18-10:27:35.205 c3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):329
                                                                                                                                                                      Entropy (8bit):5.199146714386386
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FpUSQ+q2PN723oH+TcwtpIFUt88pUSdWZmw+8uXwQVkwON723oH+Tcwta/WLJ:7Q+vVaYebmFUt8JSdW/+3AQV5OaYebaQ
                                                                                                                                                                      MD5:CA61AAABEF5F76C648B1752290B93E1C
                                                                                                                                                                      SHA1:D6ABF9914471A4263EF24E9F1C52A8F3671C629E
                                                                                                                                                                      SHA-256:0864D95031042EF31EBC6521DF774B11B138BBF662C3F2EAFE319D837A97635E
                                                                                                                                                                      SHA-512:C74772682C01E2990AFDF4EA54B31FEAE14E251460B1F1A5C292B9ECEA736E2A48B7F6AF33670CA122EC4803555FD640AB5BE77453979AC1B93AAB03DAFD9C0D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.177 c3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/03/18-10:27:35.195 c3c Recovering log #3.2024/03/18-10:27:35.205 c3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                      Entropy (8bit):1.1248092480494976
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:KUM2qOB1nxCkRSA1LyKOMq+8iP5GDHP/0j:Kkq+n0W91LyKOMq+8iP5GLP/0
                                                                                                                                                                      MD5:52DF3BE8A2D467FF9F660C1CA6E7055A
                                                                                                                                                                      SHA1:00B2E307B3E7EEBB89C7C26B54814FCC4C23D045
                                                                                                                                                                      SHA-256:B87583A686F411B0E440D6D0B39D3E606231FFC37F2E75F80DB9A64870A470E6
                                                                                                                                                                      SHA-512:6DE75A1EE2640F8EC33EE3B17BBE58F657DD84C22D4EB52E8AF43D23877F301AB8B18A1F8979558871E35B6AAFFC6E14278950FDD30ACC9096462BFB302B3925
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11755
                                                                                                                                                                      Entropy (8bit):5.190465908239046
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8447
                                                                                                                                                                      Entropy (8bit):5.208392649813578
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:st60UKxsw5oLwFvrEgDnEIMkpusY8bV+FiAWiw3G3NWPLMJ:st60UKxs4oLMDtjdJ3bGijiw3G3NB
                                                                                                                                                                      MD5:62DF5565A36D141911ADA840B9B10B3D
                                                                                                                                                                      SHA1:3E3A16C48D1CC7FE23BFEAD80650DD47542628F9
                                                                                                                                                                      SHA-256:A355371529846575A896F9D81EB73630AEFE4AF6598F25A34DDBD1A0EBAA3086
                                                                                                                                                                      SHA-512:67EA21AC0B4DCA2CA2DAAC212AC9ABD89D0C431074C268280BF87DC395EF8D00233D42C0D112C436962F909BA4D5C1602361A0325D195105E0B0566FF27541EA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355227655785053","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13355227655783306"},"dual_user":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                      Entropy (8bit):5.566812631585351
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:njWYsLWyeW5wW8f4Ib8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPWmIz42mrwX4cpetm:nSpLHeWaW8f1bu1jajnDjktm
                                                                                                                                                                      MD5:82F191254202EA8ADBF842E0C43BB78F
                                                                                                                                                                      SHA1:0347B3DDBEC8C33607813ADE92E69600A99A8255
                                                                                                                                                                      SHA-256:268F4F1FBC4993CD6BF743E3C8EB7981441D8FD4EDB5E01F2D30C72AE4099ED5
                                                                                                                                                                      SHA-512:E607EC1DC5E31BABB994E8D6CF978266F719BD869A8E8B2701D669B5834947CC7AFBAF76C31B4AB3533EDC239468CAA2A7ABC5AC53C4C1F1C674F67D59677CE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355227655194776","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355227655194776","location":5,"ma
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):0.049424530376406366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Gd0ddi8gd0ddi8CL9XCChslotGLNl0ml/XoQDeX:zddHgiddH6pEjVl/XoQ
                                                                                                                                                                      MD5:A364C70716DAB97A286A97ECB635F581
                                                                                                                                                                      SHA1:49202B67B6224CF97962C1D475B27F447CC165A2
                                                                                                                                                                      SHA-256:385C027302FE4F0D60A58C6908C242124B3BB4F8FF63880F05CCF1443EA911B2
                                                                                                                                                                      SHA-512:BAD7427D21D2E8F1A40D7CCA53508B05F07626C5BC37987BE905F01DA5B080692A3F02A758C8496B3C5424B8E0DF5D69A30CD39D393000E571E7CE71EC9B1888
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..-.......................FVN...$J...V..n.c..mv=..-.......................FVN...$J...V..n.c..mv=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):2020
                                                                                                                                                                      Entropy (8bit):5.298922396889016
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:F3+8DSBSKQnPCHRHExqIYjIY0zi3qklMYjMYpy3AlkfAlk93:ZW0KQSIYjIY0zi3blMYjMYgYcYU3
                                                                                                                                                                      MD5:93D9038A1E44C67811C6077329616537
                                                                                                                                                                      SHA1:E5F0B5B259B6A69277D05A203E1B5317DC98040C
                                                                                                                                                                      SHA-256:87FF2CCB017FE47BDFBE7763CD63C1ED6C53F67ADEDD0CB64AAFEE8B24D81776
                                                                                                                                                                      SHA-512:AF45FBEAA5EFA0D40F27831974FBD9433ACBC29163CE4C0A87F581E3A8BB42B9878B41B3F47D0410B709BE33BECD9F7B05E1B392EB15B8CF072517E105500282
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................~v..................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch.....4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo.....4_IPH_GMCCastStartStop...IPH_GMCCastStartStop.....4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode.....4_IPH_LiveCaption...IPH_LiveCaption.....4_IPH_PasswordsAcco
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                      Entropy (8bit):5.215421123290184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Fzq2PN723oH+TcwtfrK+IFUt88wvZZmw+8+zkwON723oH+TcwtfrUeLJ:xvVaYeb23FUt8DZ/+Vz5OaYeb3J
                                                                                                                                                                      MD5:91DA1F7B54244CF859758EF8DCFEA4AE
                                                                                                                                                                      SHA1:0587FC3BA4475AB769BB50F9C6935D5BE699E761
                                                                                                                                                                      SHA-256:9323A91292DD834B85754BF1D12FBB7F38696E8192B82B00FE4A6EC4E6C809E0
                                                                                                                                                                      SHA-512:9FFBEC99FAE037F82299434CDAF4B698B34BD9867499515B754C965D8E9E955A5D7D90195F0F12142D6100EC57EDAD64FE8CB57218E56AC0C7ADB2D5AF3E19BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.832 1a70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/03/18-10:27:35.834 1a70 Recovering log #3.2024/03/18-10:27:35.836 1a70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                      Entropy (8bit):5.215421123290184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Fzq2PN723oH+TcwtfrK+IFUt88wvZZmw+8+zkwON723oH+TcwtfrUeLJ:xvVaYeb23FUt8DZ/+Vz5OaYeb3J
                                                                                                                                                                      MD5:91DA1F7B54244CF859758EF8DCFEA4AE
                                                                                                                                                                      SHA1:0587FC3BA4475AB769BB50F9C6935D5BE699E761
                                                                                                                                                                      SHA-256:9323A91292DD834B85754BF1D12FBB7F38696E8192B82B00FE4A6EC4E6C809E0
                                                                                                                                                                      SHA-512:9FFBEC99FAE037F82299434CDAF4B698B34BD9867499515B754C965D8E9E955A5D7D90195F0F12142D6100EC57EDAD64FE8CB57218E56AC0C7ADB2D5AF3E19BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.832 1a70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/03/18-10:27:35.834 1a70 Recovering log #3.2024/03/18-10:27:35.836 1a70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):928
                                                                                                                                                                      Entropy (8bit):4.0841566368719775
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sx3O5v:LYUtyp5q55NvIp8Sx3O5v
                                                                                                                                                                      MD5:FFD773A32B54CE20C08561046A7359C3
                                                                                                                                                                      SHA1:0457B60240313DE71285F57D99A505601FECA7EF
                                                                                                                                                                      SHA-256:F0FF72019973430411A49A1B5BB5F2C3FBEAA8EAB418944ACB3295CB00DBBA50
                                                                                                                                                                      SHA-512:D8EC47D415459BB850BF7973E9C7583E1A4F16B48216D185EC9CCE7739A641F79E5335B0286E428B51BB761B99C043A5D398D7C51274FC2E4A3BAF742D1EAF98
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .TN...................3_.....{-%z.................4_.....Z.\_.................3_.....5}...................4_.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):346
                                                                                                                                                                      Entropy (8bit):5.200314382055738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FSBEmOq2PN723oH+TcwtfrzAdIFUt88STujZZmw+8SjkwON723oH+TcwtfrzILJ:0jOvVaYeb9FUt8nTujZ/+nj5OaYeb2J
                                                                                                                                                                      MD5:E508133771EF9D43E4D2E478A2BD86F8
                                                                                                                                                                      SHA1:04E035F423728E06B467A3A7E5EA136AEF592214
                                                                                                                                                                      SHA-256:29144505AE6067B4266E8395A6461EF6FE7AB2A40227DB662CF998BDD99D8EFE
                                                                                                                                                                      SHA-512:16DC3A6DCE25257F9AD1C0E441D7B2C2CB995FA713C1BBD1A5E3334A3E98D81AC540646F9708937603A9510C92CD19598EC77D99197531E8B267B79DEA446604
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.825 1a70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/03/18-10:27:35.826 1a70 Recovering log #3.2024/03/18-10:27:35.827 1a70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):346
                                                                                                                                                                      Entropy (8bit):5.200314382055738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:FSBEmOq2PN723oH+TcwtfrzAdIFUt88STujZZmw+8SjkwON723oH+TcwtfrzILJ:0jOvVaYeb9FUt8nTujZ/+nj5OaYeb2J
                                                                                                                                                                      MD5:E508133771EF9D43E4D2E478A2BD86F8
                                                                                                                                                                      SHA1:04E035F423728E06B467A3A7E5EA136AEF592214
                                                                                                                                                                      SHA-256:29144505AE6067B4266E8395A6461EF6FE7AB2A40227DB662CF998BDD99D8EFE
                                                                                                                                                                      SHA-512:16DC3A6DCE25257F9AD1C0E441D7B2C2CB995FA713C1BBD1A5E3334A3E98D81AC540646F9708937603A9510C92CD19598EC77D99197531E8B267B79DEA446604
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/03/18-10:27:35.825 1a70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/03/18-10:27:35.826 1a70 Recovering log #3.2024/03/18-10:27:35.827 1a70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):120
                                                                                                                                                                      Entropy (8bit):3.32524464792714
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                      Entropy (8bit):2.6612262562697895
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                      MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                      SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                      SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                      SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:117.0.2045.55
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                      Entropy (8bit):6.089811644867103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWAdi1zNtPMskzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynALkzItSmd6qE7lFoC
                                                                                                                                                                      MD5:38AFC2281B7CCCDC6D2790FC16183BA2
                                                                                                                                                                      SHA1:FCA425038254330470CFB57AD2E9A4F80EAC3639
                                                                                                                                                                      SHA-256:40E58E39A7DDEAA219028F00D2D6B3059EFE481D68613D53AC8B203508EB8FF8
                                                                                                                                                                      SHA-512:D5FE75D042BBD9F8E6F04926C907766A9FED37087AEB15F672F47F7BC504FBB9C9490330795F9540C119553A6BCAB5DE4DE4DBB32D756B36C126D57AAB98A698
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):86
                                                                                                                                                                      Entropy (8bit):4.3751917412896075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                      MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                      SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                      SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                      SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49677
                                                                                                                                                                      Entropy (8bit):6.097461438055137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:FFmi3bXYJiidjy9jOqwfeFoftSmd6qE7A:6i3bXYsidijuea8TA
                                                                                                                                                                      MD5:35AE2CF1250863E3FFABD2E9FD8ECFE6
                                                                                                                                                                      SHA1:7A768ED3FDCD719BB05A70E5872FA77D0C2366C1
                                                                                                                                                                      SHA-256:F5FD5D9059A8AF50C7C08821438DA64416A5659493560948AC172FF50250AE23
                                                                                                                                                                      SHA-512:40D147C6B04D3018C8588C2D74220AAA00F641B0B870FE0413CBB7F7F1C0D960DAF8823648646C975AC70492758E674276B2285D41DACAF7630F1A8791D637DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"35BD75700AA35E7BDAC23920A11F7E7D6D8329A6D9C0D1FBCE51719BA0340E28\"","apps_count_check_time":"13355227655872975","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ6fDpur5VpChN9RP8CPW6UkU/
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49490
                                                                                                                                                                      Entropy (8bit):6.093797221409172
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:FF5kruq4eVbAXbUQ+Q9i1zNtiVwzmO7qPvtlx57qqwZleCiofJDSgzMMd6qD47ux:FFmi3bXYOwz8jOqwfeFoftSmd6qE7A
                                                                                                                                                                      MD5:A7F38D9D603CD29F971A0FC24307F277
                                                                                                                                                                      SHA1:07EBCBAD3F40BEAFDA622DF41389DDC59F66507B
                                                                                                                                                                      SHA-256:E115AC1657654E9EE2472DD467EB559D9A8CB56EC02E1FF48A5B18DF9576416C
                                                                                                                                                                      SHA-512:565515FC51D3B1D019F17A492614C350501D4B7D3CD23ECB053994A2C6B449E0D445D030AC9F4799C262F59A38C3BD516607611F01FE0EEF3E09834AC6A3FF4E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"35BD75700AA35E7BDAC23920A11F7E7D6D8329A6D9C0D1FBCE51719BA0340E28\"","apps_count_check_time":"13355227655872975","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ6fDpur5VpChN9RP8CPW6UkU/
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                      Entropy (8bit):3.0768388723468547
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:rrJGi4yc/aGiO2Z+j8TLcUddWN8TLWT2HUddfC:nAcZ+j8T4UON8TxU
                                                                                                                                                                      MD5:703A416DBB32AD1CB9D9C6762996EBC6
                                                                                                                                                                      SHA1:05CF5224F550DA29A2532501C39D2CF7A2A17ED1
                                                                                                                                                                      SHA-256:2D40817F14049AF454B86E26922B70FD4974D3C62A4227B685E87E08276E3121
                                                                                                                                                                      SHA-512:0C58CF547B138B3712CFE07C6A743B5F50BC7CFBE9B678C77C5CC8FEB0ED386D7F1993FED8811C3E38C9F961E6D9D7E452403B466F766F8EF4226FB09D885A23
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................P....y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t.......................................................................................................P.......O._.T.S.t.D.A.U.v.Q.n.l.7.h.G.M.L.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.2046577694595544
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rJYjYGx7H79lj8sZypaKvqy6yEyvy5DlsN5Acb9lj8sZypXvqy:rCjYGx7X8sZGaKS9LYu0OU8sZGXS
                                                                                                                                                                      MD5:2B0700F01B1324BA884B15B365D4BECB
                                                                                                                                                                      SHA1:DBA481348A550BE94404B00281BA8181FBFA0DBE
                                                                                                                                                                      SHA-256:9B330077F6CE3C7C7DF74EDCE8AA27DCDECAB76B068CDB8F5A3F23EFD75E319B
                                                                                                                                                                      SHA-512:9DFAF25E08FE72D2FB3C8AF3DB9ECECCD428E19DC3D32F942FBF66D880A865EE190EB517DA8FE80B563912F80148CFE898FEFDC269D97A694874B452723892DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y......................................................................................... .C..y......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.20986556956258
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rJ0zHYGx7H79lj8CZy7aKvqy6yEyvy5DlsNUAcb9lj8CZy7Xvqy:rCzHYGx7X8CZMaKS9LYu09U8CZMXS
                                                                                                                                                                      MD5:CC6988782DD069FB3AA4FC8793F22271
                                                                                                                                                                      SHA1:1408915F31518EE3A0AC736FD5DBE6B488BD11CA
                                                                                                                                                                      SHA-256:5AE7BD0CCA5703C356FAC370DE15EB7E967E944E444545D655F326100386A5B4
                                                                                                                                                                      SHA-512:8B4B0D83F2D8397FE57838B2638186F05A9BF8901686F25BB06C728FFDFAD22E998A8A1FE9A08096B2812C9469B285B2509ABD2FF9DA31A7E8846A5759973897
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.............................................................................................y......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.208027209060532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rJlUxGv9lj82ZyIG01ZKvqy6yEyvy5DlsNUAcb9lj82ZyIGXvqy:rDIGb82ZgKZKS9LYu09U82ZgXS
                                                                                                                                                                      MD5:9DB356EB3801364CF1800C486041F28C
                                                                                                                                                                      SHA1:D903A6BA69990A0583E2390F2F68FB055EC78F86
                                                                                                                                                                      SHA-256:4A36F1233899B276CBFC35B9D05F181BEF6933750414CBD335ADB4E7AA4F6051
                                                                                                                                                                      SHA-512:BB5D354DFE14640FC0AA7CBDFAC6A1BD5FA6E131D317CE2D1AA4DC59E0F7333B87617A00E5B3765C79FEDE0E5FDC4D2A535659CFF4E7EA6B2AA3537CC3EBF69F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..............................................................................................y......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.209228076337015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rAGDJRH79lj8JZy8uKvqy6yEyvy5DlsNUAcb9lj8JZy8Xvqy:rAG1RX8JZXuKS9LYu09U8JZXXS
                                                                                                                                                                      MD5:AB452BBCE08D61B68D5EC23D064649D8
                                                                                                                                                                      SHA1:1EE68E9EA7AB160E898006842B52785E109446F2
                                                                                                                                                                      SHA-256:C2C4888BEB666313AAFBEF86DE1D22FE6A49B4466BAFA4FB9EA2D53A9D530CD6
                                                                                                                                                                      SHA-512:0A203D7C989B111D9114B8CE7F581894EC6C27A856AA63B57F83E25E48BE423F93BB38B2B5213A563BB418BDCC4DD013BA770726BF39995C92FBA52000CE2911
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................`..y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.2104616068127565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rJPrxGv9lj8HZy4+l01ZKvqy6yEyvy5DlsNUAcb9lj8HZy4+lXvqy:rZlGb8HZuKZKS9LYu09U8HZuXS
                                                                                                                                                                      MD5:F5BB08DC096B365B9434C185C39137EF
                                                                                                                                                                      SHA1:2EEAAF7054455BAF9FE3D771D358F3C41855B6C9
                                                                                                                                                                      SHA-256:FF3D7388D491B68F2C87E9AAC0B8E8409D7BBC4D066EE22768E71910AB182A77
                                                                                                                                                                      SHA-512:105746E90AA2DB9846A8DD43D0A74A9D30638A4C26947280429CFD95C1D96000FB55869CD692D95BD06F4613104E3CD49193A1F46292B5FE5FFB27E95CC3C5C8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................+...y......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.209774022719939
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rxGDvdRH79lj8CZyzuKvqy6yEyvy5DlsNUAcb9lj8CZyzXvqy:rxGJRX8CZ4uKS9LYu09U8CZ4XS
                                                                                                                                                                      MD5:64B030050C745C923EE6BCAB444B30F9
                                                                                                                                                                      SHA1:730D80B655808C0DE4964BD6CC45D61ADD13287E
                                                                                                                                                                      SHA-256:F85C268AD771B8CA7ED7DE96D1EFF5ABD0B81ABC9EF605662450A192A46824E1
                                                                                                                                                                      SHA-512:1597E328B3B08CBD6BBA63D959CDDE8F51D2E13A605576718C7622807071E9932E2EC3A591683F6322562F6901A0745EE49B900666B1103AABEEFCB5D1C9310B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................`.=..y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5632
                                                                                                                                                                      Entropy (8bit):2.209069699060775
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rVGDfRH79lj8OZy3uKvqy6yEyvy5DlsNUAcb9lj8OZy3Xvqy:rVGbRX8OZguKS9LYu09U8OZgXS
                                                                                                                                                                      MD5:4A117D9892A76245A81CE9E0E1165801
                                                                                                                                                                      SHA1:5E8E155D698543E4521AA38C1CBC881A16EB63E0
                                                                                                                                                                      SHA-256:1CDEA48B1F4DD05009E79660E2CD27666C0D12FC768B64B9D0AAE5429EE4E70B
                                                                                                                                                                      SHA-512:1B864129F214732D00B57E2A0FD899FFA01A1986244DE44BFC78EE5BF55EEC8E4191FDA49621746489C4111B6266AB262223B311E6F434626D92CE3C53D8E6CE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.............................................................................................y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (316), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                      Entropy (8bit):5.109148751916529
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc41EeKpsKpMRCTD90/QL3WIZK0QhPPNbVDHkEtMjwu:TMHdNMNxOELnWimI00OVbVbkEtMb
                                                                                                                                                                      MD5:48C1C4C9C059286354869C5B6663B6A2
                                                                                                                                                                      SHA1:B2ABEC4622257949EB37208116EE617FF1B4076C
                                                                                                                                                                      SHA-256:6C56E35EA3F3A607A5F51AE4258CFFB21D57B8E1315176E5EF75DE3E26B0D04C
                                                                                                                                                                      SHA-512:FCBAAD0710A8449AD4A0C821EB2056C58E00FD444EBBCF85E3E55B7D0D4D0A069D508F61E580D49369C27C81D915E560602AEB57B67A6182C9C77B5B019E46B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8bf4dc91,0x01da7916</date><accdate>0x8bf4dc91,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):5.136198923251553
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTkeSs1F47RCTD90/QL3WIZK0QhPPNbkI5kU5EtMjwu:TMHdNMNxe2kFsw0nWimI00OVbkak6Ety
                                                                                                                                                                      MD5:D74905143B5F5D21E8953880F9CAFFDB
                                                                                                                                                                      SHA1:3F8376A6EA8538DFFA00B64282769B907B92281E
                                                                                                                                                                      SHA-256:62A92A8F3A389B9C6E81491EE59042A171E98D6935C40A9D094BB0053FCBEB25
                                                                                                                                                                      SHA-512:1477F37357375217DFAACEE6259893B73BD73FD5421BE84367F745D7817E59CF47F27F893D542A0BD05CE77B3686BA31E6D9C56BA030FFCFA9E2C16422A9CF95
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x8b69b40f,0x01da7916</date><accdate>0x8ba9ca0d,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (320), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):362
                                                                                                                                                                      Entropy (8bit):5.123953566364477
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4GLeMeMORCTD90/QL3WIZK0QhPPNbyhBcEEtMjwu:TMHdNMNxvL7nWimI00OVbmZEtMb
                                                                                                                                                                      MD5:42BC93BBB208BE1E0CBDF2A2EB63CC55
                                                                                                                                                                      SHA1:B3B79129F0ADA9AA1255208C594E07CDAA64AA98
                                                                                                                                                                      SHA-256:87CF5C94F3B625588EDC1690109A81F0B58EDC1E0F37455836B81D5B19DE5B94
                                                                                                                                                                      SHA-512:4110C4147127F8A0B78D572A1D516A9AE372363E8E97E7CDD9658AB0A5FF359823EEB383B840330FF1DE87FA4DF0B6379B0D64406362057AA5F734BBD58295C3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x8bf74ef1,0x01da7916</date><accdate>0x8bf74ef1,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (337), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):379
                                                                                                                                                                      Entropy (8bit):5.186438390319833
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltq08eDPOOKaihMbF41MAd+RCTD90/QL3WIZK0QhPPNbcE5EtMb:TMHdNMNxtDPOOKa6pnWimI00OVbcE5Es
                                                                                                                                                                      MD5:01DFEBC6D86A20675DB71E0D44498D28
                                                                                                                                                                      SHA1:103F8DAFB9FDA94E844D5D8189E027952A4EC99C
                                                                                                                                                                      SHA-256:23AD7A598E203642EDAC4587E5FAEE062243039E1A5E728DE38A4179920611A4
                                                                                                                                                                      SHA-512:9DD070A08A8D059E6DB42BF8755447AFCAAA1D49814E1D108320507F4D4D4A3D2270EC5225247E054DC178EA428EB965256DD70A1826EEB9D34010F0B2196D75
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x8ba9ca0d,0x01da7916</date><accdate>0x8bac3b41,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (310), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                      Entropy (8bit):5.147542880113563
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4Je04IRCTD90/QL3WIZK0QhPPNbgE5EtMjwu:TMHdNMNxiKnWimI00OVbd5EtMb
                                                                                                                                                                      MD5:E18338197754E2D556AEB252F0A1908D
                                                                                                                                                                      SHA1:912F98DB6CA246059FE5EEF9E96B8317E59F3EC1
                                                                                                                                                                      SHA-256:0EAD0B6288E787F35F71533FA2CA783544A7F9E9D2FDDA2BF3ED0C45382F1A5E
                                                                                                                                                                      SHA-512:64832042688C701B1144E3F155ABA00EB4DE5D9DA1A13AEF31758CB57266B23108C3D0362ADE88859BAE11A09A80461C2D0221A017C303F45C2D3893B3DCAC0A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x8bb8702b,0x01da7916</date><accdate>0x8bba4461,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (316), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                      Entropy (8bit):5.165774505829529
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGwe3Xs3XMRCTD90/QL3WIZK0QhPPNb8K0QU5EtMjwu:TMHdNMNxhGwyUtnWimI00OVb8K075Ety
                                                                                                                                                                      MD5:1C84A4CDAC905AC7531DF76D246499FA
                                                                                                                                                                      SHA1:7D3603E69ABBD1D8DCC19ACE6D07771F6AE7F046
                                                                                                                                                                      SHA-256:AA49563FEA50A81D84DBACDDBCE9149C2CAEBC64AAFC2B4196A90E3A0C2B472C
                                                                                                                                                                      SHA-512:ECE0C938633FD8542D91C359AF50F3B82A564580171C016684C47CC9A7D21C82FBFE9650E58E12A363206CDF4545139FD452C55F150EBA80AD45B2711260E3AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x8bf92250,0x01da7916</date><accdate>0x8bf92250,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):5.086399364934251
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4Qune9GZ9G/RCTD90/QL3WIZK0QhPPNbAkEtMjwu:TMHdNMNx0n42xnWimI00OVbxEtMb
                                                                                                                                                                      MD5:17AB313029461B73D7C3FCBF0EAF2386
                                                                                                                                                                      SHA1:D11D207EF438C9B4DF8B19DDF6126E28F146C4E6
                                                                                                                                                                      SHA-256:FC17F99004A42DBDE865A68E5568FBCBE15EB404426C86D16F202762140A09EA
                                                                                                                                                                      SHA-512:F78824BB1C0B1767EEC670E1A01238D89770CBFE0C377C88248BC21EE10952BDEC9CA340DD39FA098020EF5CBF8F02FC4975B9FE73CBB71A15901341F18870DA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x8bf307ce,0x01da7916</date><accdate>0x8bf307ce,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (316), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                      Entropy (8bit):5.149468008024442
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4oTexsxMRCTD90/QL3WIZK0QhPPNb6Kq5EtMjwu:TMHdNMNxxBnWimI00OVb6Kq5EtMb
                                                                                                                                                                      MD5:B74ECBC79B902155819A34C767285B88
                                                                                                                                                                      SHA1:34A35A5771C9F4D81A132F426D89EC63AACA1F79
                                                                                                                                                                      SHA-256:A7C799AF9882B39B11B10693F39A48FDAB47125078C871E13687BE58640B85AF
                                                                                                                                                                      SHA-512:31D0A99E039E09034706CBB9467733F0E4117B64E1ADF2DA63833C408C3669CAEE54E17363CA18C7099FD16E862021E7E283A3C2A1D0EE48375EABCDEB3E8CDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x8bf13318,0x01da7916</date><accdate>0x8bf13318,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (318), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):360
                                                                                                                                                                      Entropy (8bit):5.093060321070592
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2ne71dORCTD90/QL3WIZK0QhPPNb02CqEtMjwu:TMHdNMNxci3nWimI00OVbVEtMb
                                                                                                                                                                      MD5:81CFC694095169A0F04027FAA0CEB30C
                                                                                                                                                                      SHA1:3CF6AB81DAD9118D6A6C660162938679582D5D23
                                                                                                                                                                      SHA-256:CE3B3F83AA42F53B61DEBF2FF2E9FC2A3C3277ECB8882468ABF784A210508EFE
                                                                                                                                                                      SHA-512:8B979EF6C0A8E1EEA8C828796CE1D72EA1DFDB3667A4DD751C4871885D61835BCB8E06A1C396DF347BCA2180426956EEACB7A9CCB94AE06560789AFF3B0B7938
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x8baeabf6,0x01da7916</date><accdate>0x8bb11cfe,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):5.113063082985259
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBdc9EMdLD5Ltqc4Ine2rLs2rLMRCTD90/QL3WIZK0QhPPNbiwE5EtMjwu:TMHdNMNxfnhHDHtnWimI00OVbe5EtMb
                                                                                                                                                                      MD5:78FE68A520E2B89E7BA701949C29CB96
                                                                                                                                                                      SHA1:0793044A2C9BB424A50496FD7A1F92B14A68E14B
                                                                                                                                                                      SHA-256:9A824CEDE0D10CB2246765F817E74627BB1135DE2EA62CB589886DC160A1C67A
                                                                                                                                                                      SHA-512:74069635810ADA9B8DFEBA49ABEC1ABB5247593D6C53B1A8B0230D884695E9694E1778FDC2B174CCA53DFA8B328E291D604F086D5813CACBBAC3C9F9433093F7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x8bb5fec2,0x01da7916</date><accdate>0x8bb5fec2,0x01da7916</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):866
                                                                                                                                                                      Entropy (8bit):7.175676008177386
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kUvF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upG6:kUt/6symC+PTCq5TcBUX4bA
                                                                                                                                                                      MD5:5033D2DD18F88B38CF4B78B23F01508E
                                                                                                                                                                      SHA1:5463303F7BC0258AFB913DA947B84B03243F838E
                                                                                                                                                                      SHA-256:ABCEB2958BE66709E0A4A564EA328E599EA47E0BC06504E5F833CD1B36DD8DE0
                                                                                                                                                                      SHA-512:B5B85235EEAA48ABE2D3D917B1DDF288E9C3CE15CE89DC20CF3F93385150D39460DE5EB78FCC3F018B72AF3BF86CBAA6A3A56CB6C8AC8C8693BA56798A39D0E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........h.t.t.p.s.:././.w.w.w...m.s.n...c.o.m./.f.a.v.i.c.o.n...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... ..............e.......e....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                      Entropy (8bit):3.840455101091346
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:uiTrlKxrgxL5xl9Il8u9v9DcUJulTzRsuHNqifGRklhMd1rc:moY7v9DcZTzGGY0tlhr
                                                                                                                                                                      MD5:A42B7CA64442DA3C3BF0C111E720DAD7
                                                                                                                                                                      SHA1:060D79AEFA05E03C553149A9EF4D577D13A6FD98
                                                                                                                                                                      SHA-256:88F78902B85CE210873956ECE5C0CFD28EFBE6701925E8A0ECE31F476913CA17
                                                                                                                                                                      SHA-512:FA26B34A2B09901D520C15799E8EBE1677D2BD38FE0228C8BCC97EB5244001211ADABB3A37D3C3F9BB3BF806878CEC4155185249F68E5A7D5CB6004D14C70B17
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.E.l.D.5.h.5.5.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.S.u.d.K.g.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4622
                                                                                                                                                                      Entropy (8bit):3.993041431516459
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:X7YFX9+tP+lLVW0pZYaROwmUlqulpmichSdbIean5Quh87:X7uXY2LlYaRmpIses+H7
                                                                                                                                                                      MD5:1090D489981D21E070DB435B7D959E54
                                                                                                                                                                      SHA1:470FFEA5CD7E16A176B4ABD8C8314CE3A6A5E407
                                                                                                                                                                      SHA-256:B2F87F07E64CAAFC46A0E510599C9C74A361A90D7FAE798A5631D671C72ED456
                                                                                                                                                                      SHA-512:768F6573720AD76BFA5A60DF1E038785EC8E73CD652C401ECD921621AD63ED1F001BBBC2CE57D9585CDDAE974101CDE29D37F182F52A73148F2681BB0F35E888
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.9.b.E.z.B.Z.5.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.S.u.d.K.g.
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4286
                                                                                                                                                                      Entropy (8bit):3.8046022951415335
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                      MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                      SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                      SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                      SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):758
                                                                                                                                                                      Entropy (8bit):7.432323547387593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
                                                                                                                                                                      MD5:84CC977D0EB148166481B01D8418E375
                                                                                                                                                                      SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                                                                                                                                                      SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                                                                                                                                                      SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2013
                                                                                                                                                                      Entropy (8bit):7.81099098044133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:qcPmqB8c1a5ShKNuK/z3amAq5zGQy7EFUQ9:J178ohKNuK/zLwQ9WQ9
                                                                                                                                                                      MD5:1F3C2A6537F6260FE81A7CBFF4BC431C
                                                                                                                                                                      SHA1:E779F157168D274F1FAB870C85349C9A9F9466CA
                                                                                                                                                                      SHA-256:31D6A3E91B525A985991C7B179331B814C77B54193D22E594B09018FD7AA5637
                                                                                                                                                                      SHA-512:A3004D5701D6E88D35B5F946A26D0C893D681E9F8651C7E0F0996CA85048685C37197BE975C8E9AF3825F77A5582ECEB246687851EA221837770A8DF257DE599
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....sRGB.........gAMA......a.....pHYs...#...#.x.?v...rIDATx^..K._.........n...h..._.T...c...>h.J.OD....c.]....[..4."".B....`..^..~'.>3{.......,.k..3...g....,....CX..c.0...0V..X..c.0...0V..X..c.0...0V..X..c.0...0V..d..vy..)....-j.\..V.^M^x.].._.|!/<...0u.T.={6,Z..f...D.>..........l.......b..i.QM..l..9z.....E.-.Y....Q...,//....^.-.F..............h.@..g....V...SO..+.<.>}.s...'.L....]....3.ah...l.....=.:w....q..}...'/..}.6TUU..OiK0Z..........fNQ.0..oa.....+....D..f..eT...L..T...t~..AG...3 j...0.....r.G..A[[.y>......X:..Xgg'..'.3............m.pww..*.c....E-.eee...3..Y.l.444../.}sg!..;w..'...#G.@ss3y.\.4...6..X...3.0u.b``.9v.;.e}....z..E.....aH...O.<q..'....l....r..i...K.....\,.p....I[....Z...(...w/v..u.`.}.!f...,..E,.....L\.....PK.._S+...p.O~~>.....%KhK0q.CHEE.........,...aj9g.....c.***...~)l$...g...O..q.CX#p.7n...$.'..<..]..D:.U.[.z..9..6m...$...`..p.B....7.T.[..|.2..X.`....-@..... Na..wp..I....!.$`5....ni..FW
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 300 x 157, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68226
                                                                                                                                                                      Entropy (8bit):4.959739580335679
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:7inNt2J9v3/sNjhiVb2f1EdPBq2y+Ce7x6GrheHNBnh:uzesNtiVbS1EeKXlP9i
                                                                                                                                                                      MD5:D758A4D3C931CAD8EF0B73C7D69AF611
                                                                                                                                                                      SHA1:3A6BB6F8970AEEA8B5083DACDD6821D33C30F28F
                                                                                                                                                                      SHA-256:E8D0BEA18834B33660AEE69D84FA9D81C90F14A81A2DE0A9FFDDF4B863BF0B75
                                                                                                                                                                      SHA-512:B2548804638C76EA28F6FB7F7667F014E4E7D44C3735F6096A85EA9AA9CDFCAA27F4C5EFF2AB8FCEF20EC150BE2F3276AADF2DEF798A747AB4B0FB6C7A1C0C20
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...,...........E.....pHYs..........+......IDATx....&iU...}o.{.v.t......!..+H....0..UTTt.U?"."....u./......"A%..&....nw.|...~.Su.N3CX..q..oU=....s.s..D..6.#.@;.g...XmhG...v...#...=.1..lG...G....=hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{.....y<..<....pz.0...L....h..@;...#......N'.....wFL\..../G..?.1X.N..c.+d.U.....6...v.>..h.....F..h..zJ..G...C.).%.......I......lT... .$.v2........&.0k..<..q../..#p...........Nt6?=......:.N.K..X2.V..q.&9..1~A..9.Z..u.+.....9_.C.....-.js.^..`9:q.Ck.*G..iG`m.Z.Z...N.....,.S...U.$9...N.U.V..p@.L\W..M2..Y'9..\.z.F."6..6.`.z.p.K.l8.K....!n.bf..%.&...:....d.^sR.b..mr..v..c.@.Xw......K.R.......z..[....ED..qLp.#....IP|$TpX....'.....Yw.s._...+.(nV..:]..V.....w...A.....<]..C[.......M......#...]<..x1.N@..1@.dtGv.^.r.X.. .pbd
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):354
                                                                                                                                                                      Entropy (8bit):6.851574657438451
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPmNpkB/6TogjnDspd/5eG5S7DpwKq0euaqg73ksgXQwleNTpBSp:6v/7uNpkB/6Tog8b55k5q0xKkjNsdrY
                                                                                                                                                                      MD5:DB2E1DF623C8DB811AC8284932914CE6
                                                                                                                                                                      SHA1:C13272524E195E216CEF4599109BAA04C25298F2
                                                                                                                                                                      SHA-256:6B9A1770191B8F4D2653A45BCA237ED9827229433C7F7EEE55AEC14120536E65
                                                                                                                                                                      SHA-512:4557623E9F729A20688E59406D5F36049A931FA3914894D6AB259EEAD0DE165BBEA29EBC275845B7E346BDC3334430518D0CF8C92FFE88E323118CC4BE46BDCA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...............h6....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b|,..@.`b ..B.,..')....Y..O....1rq.}....= A....&..&_A...&....q...U.E.*X.Uy..j.gO.:.EF...=@...g.e77.y.$......Y.na...g.)@Y...]@.O...v.YP......=..f..R..]g...}..T..:..@..@G.m.......p.+4.h..W.Z.@.....!A.2.@G.y......@...)....4....E.fc..x.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18737
                                                                                                                                                                      Entropy (8bit):3.212188501541689
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmmUxNXrNXNsc5MrxM:bSDS0tKg9E05TKk6l5OxM
                                                                                                                                                                      MD5:94F9CE6CD8A814B9E860BE20E21CD53B
                                                                                                                                                                      SHA1:670A39DD13E1788140BA2B457A497B32E59ACF9A
                                                                                                                                                                      SHA-256:0DF5DD498B0860945EB94B3C56CF77D9E6CC6CC16AF1B5AAD2B7FD23CBF9A38A
                                                                                                                                                                      SHA-512:F96D19541A7405FA3B1BB7B6883CDC704777BE5224F3556E3236F60FAF7E0234C3916CF6BC45FE0C3353BAD66DF6BB254B349AD96FB3BFFFCDDB020CD5D28E3E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2866
                                                                                                                                                                      Entropy (8bit):7.823298649864203
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:KNo7FTMJI7f/cvDb427U3/5JaALY8z9CBfmRtHBGaXudrqKbbe4zEOg1YY/puiZn:Ko7FbaH4J590Q9CBOHhGaXudrqKHe4zA
                                                                                                                                                                      MD5:495600D29BFD03E8DD412FF39F5B2726
                                                                                                                                                                      SHA1:705620FC4C594D3E88CA4B5ECBC663616BA1F9BD
                                                                                                                                                                      SHA-256:98DA4334131852FE3FC727AE28FEECE55016295F5EBBD5970A0B4398400792AC
                                                                                                                                                                      SHA-512:3A30378EEB5B465656AC587DF43681C2C71A619CC591F698EED2A8703A541C4DA3FFEA71E122DAD4ACFD766EC2CCEDA9B533E3438CCBDD5622A186EA162ED7ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...@...@......iq....KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?>..`.....IDATx..iTSg...I@P....&4U.`..V.Z..mG....}.*...cg.L-....6.@m..X.\+..j.Q[Y......I..$<.A.m.s../.C...{..y..w...<o.FD.?..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-M..b6..@.fM.1.5....FC....m..nG....O`..ID,^..c.......b..CC...X,.4Z-.....AA.Y....?{....GuU.Z........8@.....q.:..............(y.....@Xx8&..........(cG....2......F.c.l.EL...~....,Z.@L...Y.J....d0..`....ys.(1..........1..2a.{R...2.....D._.&.Q&O. O..8e.e..J<..I.5g.?SL....'....?.j..<.^^^x{{.....V.. ....>7.[..Wu....o.....<\\t....*9nnn.:..@....J...._.`_.^l6.|.5;...PQ^....#)3Z.f.'~E.B\\\..r_n...gcO.<<<..Z...j.o..!..Q
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18737
                                                                                                                                                                      Entropy (8bit):3.2062466761310993
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmIKJHxNXrNXNsc5MVNzhpA:bSDS0tKg9E05TKk6L5gpA
                                                                                                                                                                      MD5:23961A289D57B15CE78E725C8DB95124
                                                                                                                                                                      SHA1:AD22B0DF2C88DCF74C75618042809EC228660100
                                                                                                                                                                      SHA-256:0B428DC30D2F11B851BB4790799644079FD5102F760496BCEE1DDD5447B3233E
                                                                                                                                                                      SHA-512:D90984851193DA69AEF3FFA6F5F2710D230533205A190619A47F006EE9D6CE92085B0E04C23BED04269057B3620B3CA732679A1EE4F1134B6C60C7498672CC53
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 16x16, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):941
                                                                                                                                                                      Entropy (8bit):6.976699709097011
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QqJSk/ehpK2o0XxDuLHeOWXG4OZ7DAJuLHenX3LZMeYQE/grQ:38k/zuERANuZQEYrQ
                                                                                                                                                                      MD5:4C107602B0444C92F80651676F732E94
                                                                                                                                                                      SHA1:C2F042E84982627F9E2BC9F32D6A7561138D86D6
                                                                                                                                                                      SHA-256:8F3ACC4F0FEF4D88F5A7BD0728D4697E56FAFEDC692764A55FC78865850673F2
                                                                                                                                                                      SHA-512:2F6DEA4C98E4A63A2FE9764C75C208D49C2039F81368B72671AD5A0B3F17F87CEDC8C45D47C0241E3506AB19F7CF1BFE2F7DBB50377752AEE43BDCDBC53ECB6E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............NExif..MM.*.................>Q...........Q...........Q..........................C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....o.._A...G@.%....{.w...."y...E.|..#.YL/<....d..n...P...&.....n.]5.]....u.\..i..i.Z..a...R..l-.bTwm...P.T......m.......<.w{....t/...m4..4..>...J...>.pI...?.?n...c.{...o.^#..........G*[.i.........}....[C(`W.(...........y....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines (58442), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):191012
                                                                                                                                                                      Entropy (8bit):5.461737437675038
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Cqj97UqMa1ar2FlZmV/3GDM8t6GdHLqEe5AglWG4g6U5NgW8ua0/dCOpI/FpVHDA:JjtRNFb4/WDMihc/h5Nyh0lCOpIS/xYy
                                                                                                                                                                      MD5:64C15C5C72AA6BF23FB5FEA5C41DC0CB
                                                                                                                                                                      SHA1:FBA3F9EE2CC318312A4868D4EEE4FB5825846F26
                                                                                                                                                                      SHA-256:C0759D8FAC2CB3702700B913AF298670BF15D1CE5BB71050D1E4E956C8C05B1D
                                                                                                                                                                      SHA-512:4142C03575A58348BA257793C56C015079C0C27F10833D6E936EEDD164FC8EABFFE734631FDA1BC8C78D9236510415223DB43DB1DA015E032A3D84A25E0A0816
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,mms-sc-sc_tags_rev,prg-ar-ap-c,shp-xap-gr-ps,prg-sh-carrsb,prg-sh-enitlea,prg-sh-enitleactt,prg-sh-genreco,prg-sh-genrecocreative,prg-sh-genrecosubkeytest,shp-xap-gr-noux,prg-sh-fashion-t1,prg-sh-fashion,prg-1sw-sauie_t1,prg-1sw-sa-ltmig0311c,prg-1sw-saql2restrictedt2,prg-1sw-cwv2bat1,prg-1sw-p1size-i-c,1s-wpo-prg1-nov23rec,prg-1sw-hupsell-ctr,1s-eaop1,prg-sh-badgewc,prg-fin-hl,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-twsenc,prg-1sw-samhibrnc1,prg-cg-upd-genre,prg-pr2-predidxr-c,prg-mscl-hld,prg-msclck-rf,1s-fcrypt,1s-shp-xp-ecrenrich,prg-sh-ecrenrich,1s-aadptsiz-c,prg-premier-pr1-t3,1s-prealgo857,1s-xapentprong1,prg-1sw-pro2pre,1s-wpo-prg1-ipmdl-c,preprg-1sw-ccq-fixcc,prg-ctr-pnpc,traffic-p1df-3r,1s-wpo-pr1-ntrfd,1s-wpo-pr1-trfd2,prg-1sw-dft-tskb,prg-1sw-dft3r,prg-entpremier-pr2-t1,1s-prealgo855,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                      Entropy (8bit):5.986656121330302
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                                                                                                                                                      MD5:34760615AB0C180EB4B48739297FD0F2
                                                                                                                                                                      SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                                                                                                                                                      SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                                                                                                                                                      SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39155
                                                                                                                                                                      Entropy (8bit):7.8985187905985486
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                      MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                      SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                      SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                      SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27928
                                                                                                                                                                      Entropy (8bit):7.701164569435742
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                                                                                                                                                      MD5:862D29153222B9B15C3C73B61B930335
                                                                                                                                                                      SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                                                                                                                                                      SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                                                                                                                                                      SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):23972
                                                                                                                                                                      Entropy (8bit):7.983082688064765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                                                                                                                                                      MD5:64C4757048F068394817EE126FDBA8A6
                                                                                                                                                                      SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                                                                                                                                                      SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                                                                                                                                                      SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):19568
                                                                                                                                                                      Entropy (8bit):7.959471510423509
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SVnfgQ4kfJozzsibC+tJa657q56l+3khklggzIvpQPqA:SpfgQvJoDbHqlkhKUy/
                                                                                                                                                                      MD5:39DB909CB79186DC25A306AAF9351ED9
                                                                                                                                                                      SHA1:B26107DD939120E955D71D5682CF579C1493029E
                                                                                                                                                                      SHA-256:3C66EC6A893832DCDEC6356CE49B8A5A9DB7C220606D64C896693392266012BE
                                                                                                                                                                      SHA-512:4D6B6D81D70470A4BC64F105CEC65DF280CC97D9F1ACB206025DE5FA5E4D4EE987334A2932318533B79B3D8BF03A569ECB499605D9D622F01B6C257FB2AF4E1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...'.....YUrx..?.....|BE..F.....}.s.?.XxNh.mm.v....|k...../,mn.Z...-.Gz.+O.5...+.\.N..q.".;j.......]...'.....f.3m..@.J..]..^..X.4gq$.`Y..........*G#;n...L..T....].........;\..3O...7_...W/.ZJ."0.......4l..kj<.....3_%..k4.....8"....Z.g3.........."....VO.5.......&.4./...',P........o....Q.k..QN..R.'..E.{...1...v.w>..u...I.^.K....+..{;.j.ld..#...O...".8.k.7.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9208
                                                                                                                                                                      Entropy (8bit):7.949683292004297
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SgGWkplKDq4gPkNUytWlozLTve31aeM/VnLPfAwOjESicD0rjA:SOkpQDqraUytWlKXv61aXV4Vim03A
                                                                                                                                                                      MD5:05AC66F4AD35C4A7FD98238E378E9669
                                                                                                                                                                      SHA1:32E30B877DC98603DC9B45798BAF88F248F48539
                                                                                                                                                                      SHA-256:75835A18F96C99BE6E7466380B1C4398E41CBC607E40A8B2879FE37EB3F3BF3D
                                                                                                                                                                      SHA-512:6FE11976EF3A393FD52114BEA4DCADF4C59EBDBAF4B1A49189CD673639D9CE52498D64127A938B96E19716EA52B396316E35C66B361258546E00E64877917785
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Kq=E!.Q..Ni...E !.M.d..E@._...GN.@..|.W-..gFqV".........j...$.).O.3].......(..Kia...n..Y.8...,O?w....V.J...5.F.i.t..<.+K....Y.....d.p=.].4-Z.V..M..u l...==H...X.._......V1...k.....].c#...q....r..4....u......B..pr.._1S.(..n.........?',.-R.o...I. q..\~..A.Q....?4d.^....T>....#....62.j.6..x.....g....#.~...X.e6h.....@3.k..q..g...dS..T.?2.*.2W....d......w.K....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):17425
                                                                                                                                                                      Entropy (8bit):7.957009550828201
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ScFtEkx35ZZpfW/VvoirN3cDdkWKftmBGXhqppYiJqIN:ScFOkxXetvoirNAjKfMGXu/N
                                                                                                                                                                      MD5:D759EA6F7CEEB797B9AE212BA8CDCC4C
                                                                                                                                                                      SHA1:C5CFD5D5F1D197844DAC6F1CDF24A362F0D0FEE8
                                                                                                                                                                      SHA-256:72B6447AE5340FE14890E546727A419252BCEE1426EC98AC582FAE98ADB33564
                                                                                                                                                                      SHA-512:CC7241ACBD1992E1BBD3DBF234AA7DD0398E5B38138A2C32BBBEE0FDAFA03421997E0087112A36DB1191984EFFCEA96ADD8083648863F518B3AB7D3549DA1CE5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...U...-jd..h$..."...~....JTn\y+..y.\..4...8X#/!.0.d..^?..|].{..S-q(..!.c;TW....._..iW..~.Q.=x.....Z..#OPQ.n.>y.....m:...%.....aXdm....g.....4d .a.a..9..Mu..^....F..c..#.......I.|....\.6.\..R.".[.......d...j.J..x..B=]}:r8.}A..&.H..Z7w...ou.w..^)FU....S.NK.Ve....c.+.f{P$.u,.1-.$.9'......_..F..-.qirD...b..@...F.&.....f..Z.%...H..OZ...YMm...."1........j.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12822
                                                                                                                                                                      Entropy (8bit):7.962284267393135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Swp7I4rvk7eGbL5VYhDhwnbYadIeMGqD2Re99d+pS8:SG7I4r8eGbU1G3IeMGg2o9sD
                                                                                                                                                                      MD5:52E86ED1C93BD60934B731BF2C1BC577
                                                                                                                                                                      SHA1:2406D516F51C7D240C5CB6E2CB5E0DF4408BB2C8
                                                                                                                                                                      SHA-256:1DB3FCD9E6D86FEC08CAC244144B639CE67457CD41B9A047CC26810AE7229EF9
                                                                                                                                                                      SHA-512:4269C849B913705362B41A2392D54440E7EC30B9B92228051300FF7CF3C26EF21744ADD74DF8565A198AFAD289A495EF5FC0424E82A7316ADEFED4F1D9266209
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.._A_......=..W1.<.<..-V...Y...cCe....Sr....oB.i.[.|. ei.Y.U?..U.x.P.........w.kN...%x..4.,....?.y..e..I..(yC...R...t....o.L..J....z.|.)..;.{.0..:...(..F........+.G.+&5...D.s.....~....<..e(...+..ir.......i...=..f/.M......jHv...?.%...(..U..c?...-y.+.$_.?.R...........~..v..../tK.....{.^z.T.x..8....m ......B...t.B....^;..WC..=@=zV`.x.:......$.~...G'fG.kth.j
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13771
                                                                                                                                                                      Entropy (8bit):7.961196312518179
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SYmu9xFILltbQW43GRzxoNGYks9JDeFOXE0dHvD/O:SYmu9xFGGW4KzykdIXndHL/O
                                                                                                                                                                      MD5:6F8278AC6F559D3195E4923BE218A58A
                                                                                                                                                                      SHA1:3D94A6C3717B442FAE4657DC67DC13923BF85896
                                                                                                                                                                      SHA-256:E8510D140911825DB2259E9BC2394B6C5390AEBC6C1343E2F93E36A37D088246
                                                                                                                                                                      SHA-512:6955F1AD2F1346F2666905D7C7DB441434D1229E7E15BCC7EB0EA447A025655551BC35A5649AF4B0B843571A90E9E6284714E93CB8F048DEE869A32BC74E5165
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........."....."...K}CM.K.....i......?...S.Q..X..a..h6W....\\N..P{.AA.).G............5A..O.g..........#L..W...\D....c....?..c....'...:..5......|".7...X..V.7W..[..|.......j..,i?....k......8.X...g...#...S.%.........1....8....U..7.4..kz.........]....#........}...SM#E.QE..k...r....q....=.6>S.a.G...3....P:....Z.D..g<....s..J.......m.4..M.T..y#..|1d.i.R.?$;..>...
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):90799
                                                                                                                                                                      Entropy (8bit):7.972325057787252
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:R/KlTimstV+3IIeI5+3vDmvwTPUDJU5aAoM4ukPqwQCBq6IYNgMmTpmCQhlhZbbU:4ZYko3vU0PSy5aAoM49qwpLIYNgvTs1U
                                                                                                                                                                      MD5:AC4BEB7BA88225068C00B756C357BA21
                                                                                                                                                                      SHA1:DFF68849D286386708AAA5318FDC512469F1F637
                                                                                                                                                                      SHA-256:178054C4DE54215897F598E291AA0C959572C44BB34C3418F36E5E23F03E2DC5
                                                                                                                                                                      SHA-512:5DE312E3A32A32326D353AAC8D75CC7066A64E1246AED5A189D302E6A2D2C1CE664736605093E1B3117E6028A929BFFB29D86B11AD849FAE90013DE0BF568496
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..X.Tl.sH.*6.....%D..,..D......}i.7..>..8..WC..z..X0.Y...?JY0.Y..z...$.-V}..FN[....;...+.c.......- Ts. .....b.&..h.q..Y.A.1.r}:W.k...._:8$.... I.y.p8F .e..zu..H..5....&x..+yzc.8.v|...b}N..+.6:.-._.jQ[.q...J.....v..=9.c.y..A}a1..*.4G...9..8...nj......Wv....,.-1B...H..0..?.r^"..5]Z..wr...H]..P0...R=Fk)..]...}wI.!....{y.8&TR.........^.._..x.E&X.?xJ.$.j.....|..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13166
                                                                                                                                                                      Entropy (8bit):7.946920020194469
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:S4BfMpDwGzpdAYZLkkF446lAPZhxKdnRl:S4GpDw8bFV/Zhx2l
                                                                                                                                                                      MD5:67AC08452311B43D2A9BCC54CF4FEC36
                                                                                                                                                                      SHA1:2885AB8EFE3AEFF524CD2E17EB1A1DF01B4DCD3A
                                                                                                                                                                      SHA-256:9E5A9E673317692A6C8E23FF15E7411EF3A225590856D4039809FA94AB717D86
                                                                                                                                                                      SHA-512:266CA4560A73E5A150CDD1AABF8BFB5991F3BE1F25E8C45DDFC3A9B312AA3598E7F3D1E8C7BA982BDD1D3FF3643F85F7D1B9C03306BB58BBE8C246123D9C5D58
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...._.I..T..wJ..tu$b..5,b.>f..,.kVh.>b.._9..]..v......i.HG.G...-By.*?*.].t..a...l..+.Y..NzV.C..Kk...Y.c.%..2h.Y..=j....=H....V|.Z._j..q.....7u....v.k=....)./..Ww*.e...Mf+....;.#.n..:T..\....%.k%..Y..~.9..a.b0..4.\.H..i.E?.op.'...dd.eV(......v..0..v.e7....|..4....|O.k.`......;....Y...).....?....j3..3L.P\.../......e.........o..@.u.5..+?Q,........;D..>..Y...#
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15712
                                                                                                                                                                      Entropy (8bit):7.937633822610293
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SLAgU0dsnhF577s8ge08sTydDtMpPwltG3L+am:SLA2aRL08VZoPwu7+am
                                                                                                                                                                      MD5:04B29BB4A417D987238D31DDC83D8DA3
                                                                                                                                                                      SHA1:659F9F2CE902CE7EFDC879B3F8B6B3615243A01C
                                                                                                                                                                      SHA-256:D2254AA8114B043780753F5CA12E40FA19EEA1EC16F1054B19E836752F0913F8
                                                                                                                                                                      SHA-512:1B9DC94189730F865FB6C687BBD404202CE5CD5BB79D9C90FFB5BF4AAEDE1B19DE2ADF9245025181D50717B9207BF3F36E29F3C4C278B1CF52231010D0A05F90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....Q.A...~...".._.....2)2)..G.h.2)r(......8.|..Q.}.../.....-..[.6.....9&.$.+ WB.!./$......C_.~.W..?....u.*mZ.;M8..W....Mn......;./e .M.i...~2O.[..j.'..[]B.;..t.o".8.H.S.F[#q.X..q.......+).t?.Y.E....k....._j:.B..2.9....}{..k.U....Y....u{....g..;..\2.\......~...4..S......Q........w<....".l.*U1UiU.m9Y.o.5...-;..+.^..U.J.-t...k|...Q.#....o..>...$.F..D..H..#R....2.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27109
                                                                                                                                                                      Entropy (8bit):7.969967087660166
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Sal1U2HG4ANu0ctOcoTbAUcc+IEAjRj+RHZ:Sav/NjAtTpDEAjRj+dZ
                                                                                                                                                                      MD5:94D669CACBEB87C2EB31043C2E0BBF4A
                                                                                                                                                                      SHA1:4A13A8588E428C9AD261C7739FF860085B4CB799
                                                                                                                                                                      SHA-256:7544BD3D722E253974F4EA5CFE9536088BAB7D459EAC295DE90DFF9780BCADB8
                                                                                                                                                                      SHA-512:38C5A0BA1558D293C3DE3B132D7397C2AAF3CA36E0801745FCA4DEB2CED026454A374536B77D222BF725EDAF2C369F2D2BE4B9B2BD9AA829A9458C56677EC1B7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....7......4.{}B.l...0+.w....5y...........n&-<.z....q..........V7....W....c.C..a\....J.v.&.....%.#.DT...8...^..Z)r.p..v.I_........?..iv..Z..Z.E+km 1E..O9.}A.....[G..V...0.i.Ld..v..!....'...C+8....:M.m.%..e...s~......^..;...c.w.uk../............W.P.....*..X).w...>....s....7.Ko......Hmo...^...;..5.h. ....f..m[O....%..?. .b.pW.t>(...cC...'..Q{y.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11682
                                                                                                                                                                      Entropy (8bit):7.951843936717351
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SEPI0eK5ln8vn0ObE8Rlw8sXuIQdUlJbosy8obrVlMTOdWZLuvdVOYmDjJVRY:SiPnn8v0D8UB4nF8oYTwUuv/O/Djm
                                                                                                                                                                      MD5:C5BE65E20EC3760733C4F23978CB993E
                                                                                                                                                                      SHA1:FF7F08226E24BF2731004B0A67895A75DEB1CB7E
                                                                                                                                                                      SHA-256:8677EF23B678CA4E6335F6702D2C30B61C18D3B787D54843F6B2BB8F274DE1A1
                                                                                                                                                                      SHA-512:384BA462DF65F0A2388770100F3E878A33F93865871AF6A445297A92B548E4B9EB373C61137D0EBB2740C6905CD31EAFA43538C330BCCE8B79102AB04859399F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...G)o..&n"...~...`M?\........5.*.m...^Ez......:0..j.7..}f..;|....W=.M./.A.........Mdx.Aw..*...?.}.U...p;..jz.3....:..3..?.:....z.v..\J....2.:V.G;.....%...W....&.l.|C!...[...Eky@...G.....9......u[G.a.{Zj.....f... f.@.(...Z.7@..8.}?..O..\...G#5....Yse.......*.j..m4....zE....^o.O.....9.........!_Z....sqa...<.>$\...M..+.<&.n...k..Y...`.x.DZ.._.m.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11685
                                                                                                                                                                      Entropy (8bit):7.955736760559236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SQG4tY5K/FO4uKRQa+NAgBkavk1VDyrxgZTWChyY8MrTEIG6FwalxWD5JJ3aS:SuY54O4uvBtuDigRD0/iTHOSxiL5D
                                                                                                                                                                      MD5:C2D53179FF6B80E850453D65F6433DFB
                                                                                                                                                                      SHA1:07C0A081F7A6C52EFA0F131B53FDC377D9D5B710
                                                                                                                                                                      SHA-256:29D5FF55C5F1B3BFDD364FC502A65F7124445D1DB15C32EEB34F64E5508FC3AF
                                                                                                                                                                      SHA-512:EC32B23F3FCA21942D61786FA315481D0F96011D0F2B0BFE1D210A2CA8283CC357B05D057DE227D9E559E4102B12F92D2140E4B2E679CA964669D25C840C27EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..i[.8.8.f.....bO...5.';;z..X.+.>.....K..-.2..c..........S..8.;.P..5....G6.'.].....J.."WR..O.+....ts.\4Km".....c.......NJ..8J*..o. z ..%.....M.....t......(c.'......G......P.3B.#.4.....^.:..Z..3H.U..A=..5..i.}?.1#.......#..^5n.........<m(AG.X.......$.s.O.:SY.6X...0....@H..z.z7$.a..s..d..)O.3a..F.r..;.r.'.c...qB1.G>.+4.'.c......u.....Z....-.=.C.....?
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines (58624), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):190830
                                                                                                                                                                      Entropy (8bit):5.460033340244768
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:CqOwUqMa1ar2FlZmV/3GDM8t6GdHLqEe5AglWG4g6U5NgW8ua0/dCOpI/FpVHDAV:JOwRNFb4/WDMihc/h5Nyh0lCOpIS/xYy
                                                                                                                                                                      MD5:8806C9D3A198A8E5239F375A166FE927
                                                                                                                                                                      SHA1:028AA4CA56001D8F8568948BE12A59973EF45F64
                                                                                                                                                                      SHA-256:C506DF93BC41921ED1878F32FFE208066682D9F8EC744825F6AD47EE9CA689D7
                                                                                                                                                                      SHA-512:435960FE7D4829494F7B87DC0B9A173D389FF82C736F05C6A0FEF8542885B307C4DA0260C2BBEA050E852DD46CC848078DA13A5C4649C48F58681156C59E606D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,mms-sc-sc_tags_rev,prg-ar-ap-c,shp-xap-gr-ps,prg-sh-carrsb,prg-sh-enitlea,prg-sh-enitleactt,prg-sh-genreco,prg-sh-genrecocreative,prg-sh-genrecosubkeytest,shp-xap-gr-noux,prg-sh-fashion-t1,prg-sh-fashion,prg-1sw-sauie_t1,prg-1sw-sa-ltmig0311c,prg-1sw-saql2restrictedt2,prg-1sw-cwv2bat1,prg-1sw-p1size-i-c,1s-wpo-prg1-nov23rec,prg-1sw-hupsell-ctr,1s-eaop1,prg-sh-badgewc,prg-fin-hl,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-twsenc,prg-1sw-samhibrnc1,prg-cg-upd-genre,prg-pr2-predidxr-c,prg-mscl-hld,prg-msclck-rf,1s-fcrypt,1s-shp-xp-ecrenrich,prg-sh-ecrenrich,1s-aadptsiz-c,prg-premier-pr1-t3,1s-prealgo857,1s-xapentprong1,prg-1sw-pro2pre,1s-wpo-prg1-ipmdl-c,preprg-1sw-ccq-fixcc,prg-ctr-pnpc,traffic-p1df-3r,1s-wpo-pr1-ntrfd,1s-wpo-pr1-trfd2,prg-1sw-dft-tskb,prg-1sw-dft3r,prg-entpremier-pr2-t1,1s-prealgo855,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1287
                                                                                                                                                                      Entropy (8bit):7.753286328828527
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Qkmkb13K52UTcyiUJlRq85hww6qJyPGbh166BaK23P:Qkm613KsE+oLDBrJyPGbD66d23P
                                                                                                                                                                      MD5:9B8059391E9315D157357A18A6A0191B
                                                                                                                                                                      SHA1:C466111C02D867C05CD522F2F362CFC23FA22B9C
                                                                                                                                                                      SHA-256:379BC8D28440A12EA8A540917610C7B6A2B865CDA7275285FF922D69CF46B5E7
                                                                                                                                                                      SHA-512:CB19000C7425C1CF8DDA9A8D10DC220D4961D34AD9B837E4DABF2C649D57223F0497D344671782E4F4782BDAD82B06CE702E27D67F2176168DA619985BAC5848
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`.....m..o....IDATx..]l.U..........MD.ra.h-.c....?.F.T....@..ik......6.......pC....x%....DJk.......x..-.......$.......w..U........ :R..)....@.b .1...HA.. .R..)....@.b .1P..P.<.,+.nB].p&H].rI....G...D..<..V...~;...z..w..?..%V.~c.z...B..=(.z._V.3.=\.)..-%......w1.]e..8.P7....kC.j.......nhT+.H..B4(..Zg..$J....I.W..:{..S....VC...74.....^,..6X.....8.jX.W.._.~E.....w. .....e..x...kB....z...3..?..m...z....d.......g.D....n...q;GNo.3N|...%.._V.i~.....!.@p.E.k.[.(..D.lW......$H..Q$A./Z....jz.K........-.G8A.B5....P........q..-.a.)..u.U.a."..../..4.Q..X.....{........$, . .....+)...^..+.U..fz. ...-$.....#n..j_..z.Pe..O....ts....w..B.........F7..(Zq1...{.q..w.._.,.Zk......T.H....,.<.h.g.>...........f......%7...l*T.&..ykrr:Vo.S...f....S..~#j..A1........C9I':.......t..NO.......,..b..e}g..I[c..7..Y...B/.@...8}.....!...7.b..N.c.......m.pz.E....8...... =p$..A..s.K.......M...B:...q..W.O.`...;....E.......{.P..... ......-.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2013
                                                                                                                                                                      Entropy (8bit):7.81099098044133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:qcPmqB8c1a5ShKNuK/z3amAq5zGQy7EFUQ9:J178ohKNuK/zLwQ9WQ9
                                                                                                                                                                      MD5:1F3C2A6537F6260FE81A7CBFF4BC431C
                                                                                                                                                                      SHA1:E779F157168D274F1FAB870C85349C9A9F9466CA
                                                                                                                                                                      SHA-256:31D6A3E91B525A985991C7B179331B814C77B54193D22E594B09018FD7AA5637
                                                                                                                                                                      SHA-512:A3004D5701D6E88D35B5F946A26D0C893D681E9F8651C7E0F0996CA85048685C37197BE975C8E9AF3825F77A5582ECEB246687851EA221837770A8DF257DE599
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....sRGB.........gAMA......a.....pHYs...#...#.x.?v...rIDATx^..K._.........n...h..._.T...c...>h.J.OD....c.]....[..4."".B....`..^..~'.>3{.......,.k..3...g....,....CX..c.0...0V..X..c.0...0V..X..c.0...0V..X..c.0...0V..d..vy..)....-j.\..V.^M^x.].._.|!/<...0u.T.={6,Z..f...D.>..........l.......b..i.QM..l..9z.....E.-.Y....Q...,//....^.-.F..............h.@..g....V...SO..+.<.>}.s...'.L....]....3.ah...l.....=.:w....q..}...'/..}.6TUU..OiK0Z..........fNQ.0..oa.....+....D..f..eT...L..T...t~..AG...3 j...0.....r.G..A[[.y>......X:..Xgg'..'.3............m.pww..*.c....E-.eee...3..Y.l.444../.}sg!..;w..'...#G.@ss3y.\.4...6..X...3.0u.b``.9v.;.e}....z..E.....aH...O.<q..'....l....r..i...K.....\,.p....I[....Z...(...w/v..u.`.}.!f...,..E,.....L\.....PK.._S+...p.O~~>.....%KhK0q.CHEE.........,...aj9g.....c.***...~)l$...g...O..q.CX#p.7n...$.'..<..]..D:.U.[.z..9..6m...$...`..p.B....7.T.[..|.2..X.`....-@..... Na..wp..I....!.$`5....ni..FW
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5511
                                                                                                                                                                      Entropy (8bit):7.889096537320819
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:QA2VFzW3NotH6T/XqzjPVrW/Xso+Hv0TDYO8RiD:QPQNSs/yI/Xsoc0Pv8e
                                                                                                                                                                      MD5:4471351A27307B9385852E410CC15AB5
                                                                                                                                                                      SHA1:36B2C2159F86AC74C96F8643357A7E97DB51879C
                                                                                                                                                                      SHA-256:206A438D8E4F46113CDA28E3EA38C221E643A0298B5FA92DC4ED537791736F7F
                                                                                                                                                                      SHA-512:8008E5226EDF78A5002659EE4D7E67F518F266ACCE73B8646D7FC5F6180FC1AFCFB0D8803264774A8A580FCF8FD0B5EC73F823FE6DFDAAD1F0F1B42DEF166CCA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`.....m..o....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:ABE46D0790E611ED91229C357C9A2DB5" xmpMM:DocumentID="xmp.did:ABE46D0890E611ED91229C357C9A2DB5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ABE46D0590E611ED91229C357C9A2DB5" stRef:documentID="xmp.did:ABE46D0690E611ED91229C357C9A2DB5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...t...g.h.$.......}...../$@.@..HBb..;.9=-M.is......%/.+....$.....B a...v.j...`.1..E.F....$..%.4
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 275x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):7.939280115024219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:F9lGM6Au2kHstvcB+xcc7yU/BSXKAbdJU5KBq+O:FXgvHsB+Q/SBq
                                                                                                                                                                      MD5:E2F6A4F16B96F48C8B0DA69A896A3376
                                                                                                                                                                      SHA1:8FF00F35119806E113A85E369533580D5BCD6159
                                                                                                                                                                      SHA-256:35BD53E493BA1F0A0360B8CB272BAA5751AA25C5AB73CFE9F9794DEDA3835D20
                                                                                                                                                                      SHA-512:B1E448B98443189BB5563AF5D1F5154407B35B1FCDD3AA62BDE3CC3D03C06C1A30D7EE1ACDDAE33337EFD338B406E560A3665F081E68D3B9E9A9B146A2DF5CAE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`............................................................................................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..t..O.4sq.....Q_[I4.Ime.D.Jq..3n.....u.LU...k...VI..._[_]..>E.2...h|......v.....J......0K.C.R..6i.i.U.|e....?........ie.:..WKC.?.k.&.....|......`N.d......+.......x..G..E...<.+....6.......5.?C.S.*..i.....pp.S..^..:.Q.....\.Q..g.~......Zi.[k1..`.g........)P..X.Fy'5...Z.%*.....v..OAU.......Ew1.F..e....^Cm..YJ....z..7..F2...j...k...{..r..n.....:l../$...'...,.."....Ae.....0V.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):692
                                                                                                                                                                      Entropy (8bit):7.534817252690219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/78///chmDPwxAaj3chuFkdSR7jtactgym87X+KiIIDbubLvw:Fchms2aj3Oc0etttgb87X+bII
                                                                                                                                                                      MD5:2A0E2BAAAE6828BECE259DCD5D8A62AE
                                                                                                                                                                      SHA1:CA96F038B1038E55D5A2F91CEEEB3229898F07FE
                                                                                                                                                                      SHA-256:00E87AD38F534C8F45AFE06B0498472F15499AA83B0C36107CF72F16D751622F
                                                                                                                                                                      SHA-512:CF8DC80C98F165DA486884F6F7439791CF44AB17FD47DB30D8423F32A56CE0F7A9988FA9F79E096B8692EF1FAE45AB517B97F4845142293739DA648AFC322200
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...IIDAT8OuSMh.Q..V. ...MJ=.............U...wS.Zv_.V...H.`..?gQ..".GA..A...zQ..Q1....7..M..!..|3.....Vz:i.....e...-V.&]..Uq...3..7.{...........I.rd. .J.M=..2.O..6.<...k....,-<C.dH;....4....P.J..n4eo..6.za..../.rW.....I...7)....)...U..%..Q..(].k..#.... Q.~.X..w..[...,kz.W..&..VTa..B./...@-...du.>M.$-VK..q...C.'T(...F...& ........L..].,... >......v..9..a..S.}n..v..6...$.].......y.z.97.-...8..-y......aY..5....}YV.E.}.Z.(.....MC...X.......s....O....*g....l..z...zLV.AU.z......G..j...X.N..N...$..$..Q+...sN6...{..=.x.b.&.;..W.A...hu8.C..t..........{..N/..\.H..(.?.t._.Y.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3532
                                                                                                                                                                      Entropy (8bit):7.898834558255451
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:C/6rD86PqmSUC2jKD/YDIkYCsPC7eKckLHvis8aVyt51nl648svBInwA9NunIbQx:CSrXzC7jY7l+U/ckLPiaG79vQMXYRLu
                                                                                                                                                                      MD5:47D01EE8DA7EF964B63B713A8562EB5F
                                                                                                                                                                      SHA1:742B956BD1BFEC102353CBE7050A99B8046A1A50
                                                                                                                                                                      SHA-256:FCCB19F39DD8A2AB0B87B212A020B5B61CCC954505DC8DF3799D9779382F0E4F
                                                                                                                                                                      SHA-512:BDBB9A109E4E39B885A40F91A5E2183443036B4B84B014F6A857645FA622DCA3A59C3B5B4BE100174E609216E795D5E01E4F04FD83BE490648571AF8358589F0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....aIDATx..\.p.....>..."$@.+.....@|.8M.....2...@..../D.2.QQpFh.%..Z.I.[..tL.P..(..I..bB...l..M......._f...=......s.F.|m.lH..lH.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.........8i^.A3C........}. ..-.....6z!..\M.2&Q.+.|..j.:C..*....:}M4\...%I..)..&2..B=#.8.G....s.'..7..1...=O..x...?..aA....;UW[XDQ.`.2S...Y[......l..$.....'Ew[......^..n....M)N.....X.w.u;Z..,fQ.o.S...v...S.,$.O@.If.(...#3...dC:.3B._`B.uF._`T.$...ihV....h..d2BF.....!.H'...D.$.;....k_.t..Y..: .:.A= ..*g.&............rK.m5$.CF..1]...a...o.;.`S...5._;T.K.....:v.K-...lN5U.:..4...K...+.....4.......e.i.U..`l.s.Pm......Z.?....X.5Ac.@...57......U....K.[.p.`.._.....).....'+ai...W.tZS..m....6^.u.X.3...@T;...ic........._..|...)|....s.......R..ZXG.wHW.M3..h|../u....^................Ku].....Q..eO..P.....v0K...q.....I6...../....|...e......i>..v...v..v...BL.A..X."H[.K.. .=^2.;z....9...d,..G.5.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):375
                                                                                                                                                                      Entropy (8bit):6.87758620040477
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPkR/C+8HoKLQdS46aAazIF0mAhff99rPRRCOeASsaZaxsI3gdO/F//sup:6v/78/QoKUdHb4GnfpRCOSsp+Xd+F//N
                                                                                                                                                                      MD5:5FB146D39598C0C1A4FBCB86463E5E8B
                                                                                                                                                                      SHA1:D5933A543AF3F53D1F650360752ADD3591852803
                                                                                                                                                                      SHA-256:A0668BA34F92CDD39F78D152645FCACD9CDCA8BC1759A7D123124B655BDD4816
                                                                                                                                                                      SHA-512:C84E98DAF374CE1FE999B36A79C33DCD9AD016A9178841D173D3C0E187422DC06A1FAE375F2C1CA73C7E8CDD84B87C266AC92D0B8677F54EAB3C09E13D0F9481
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.O!.....:.?x......._..4....]0..Qs....y....?..}..,............f..s.....M`v..`..9.f.i....7...f+V.%..^.g..f7m>..I2.z...LPv..`.$.@.)}......o....G1@.b.Xp......V....\.k.~...g...5`5 u...b.......p..O...A...?~...........<.....?...^.......V..7^..........P.........Ih..jAv....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3086
                                                                                                                                                                      Entropy (8bit):7.698546602813401
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Q5o7F52hYNS4Ekd7iJJvmpWFBJwk14RQmS79:QO7FJfqbBJwLzo
                                                                                                                                                                      MD5:253CBB9102A657C6603A481CAB38429F
                                                                                                                                                                      SHA1:988334229B054B37C6DB6CB29534661AE0620CAF
                                                                                                                                                                      SHA-256:5A5EF1F25C8A9C6EA6EFC7AED9656E6D6D21DC1AB5028466731A53AC911B23B2
                                                                                                                                                                      SHA-512:E8FA29124D15A941317F5C4DA78E44D49A219739F44EAC3270735D81BEB82DA56BBBF96F0C92FAFCF6DB331E9C868C0D901C72A69A92ED66DB6E9079A41E23AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`.....m..o....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmpMM:InstanceID="xmp.iid:8E26D4335FF211EBAD7FA902696A1752" xmpMM:DocumentID="xmp.did:8E26D4345FF211EBAD7FA902696A1752"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8E26D4315FF211EBAD7FA902696A1752" stRef:documentID="xmp.did:8E26D4325FF211EBAD7FA902696A1752"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.5.^...~IDATx..Y.TU......*..`..*(...!.&.B...a....<..@.....0B0...`4..]...5,.........2@...z...}....3T...]..:....:.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18952
                                                                                                                                                                      Entropy (8bit):3.353299287394925
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTHWvkiRAnBNGQsvGfNXrNXVhsc5M9l/+IM3S1re:bSDS0tKg9E05TGki2KA561LuY2
                                                                                                                                                                      MD5:B0C5B60BC30092276F01279FBE43D074
                                                                                                                                                                      SHA1:9A7786FF2FDC56025828944DD68BDF63194CFA78
                                                                                                                                                                      SHA-256:5FDB4FD44A287B24417DC495B50C71923A32AD4F71E4C18208D05AC70FE0EA10
                                                                                                                                                                      SHA-512:534B4D26503DB6F36AF7C02A6F2A967D8B37B335481EE477144267BFF7396667A63DC035D68096DE873234C90D763E1C6DFA31D15A9F18F374073E8D73132580
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18737
                                                                                                                                                                      Entropy (8bit):3.2741816790960105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmW/uxNXrNXNsc5MkCndJL:bSDS0tKg9E05TKk675HCndJL
                                                                                                                                                                      MD5:857789F6CE7B651FE7D3DBA2946B1B6F
                                                                                                                                                                      SHA1:203EACC3C09E048E8967698970BAC4530402E08D
                                                                                                                                                                      SHA-256:3A958FD6CBFE4201873D52B25D798EEB66BAF83B8C26144C8DAB62E750B802FD
                                                                                                                                                                      SHA-512:F35B85BF6E51081F9F7691516C2ADB273D5B08866C52291784247E2DDDF91AFD64F84569E5D1883893EEF67DB74DFEEDD033787C32E75FEB35032CB5078A23E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5238
                                                                                                                                                                      Entropy (8bit):5.318420332432278
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:rJecBCn4C5KZcDgWIsRHACuLZ8Z4D3g0W:rJeyfd6ghspAxZ8S3o
                                                                                                                                                                      MD5:866D8D7DA9A7EA6756057F9B69A2DCEA
                                                                                                                                                                      SHA1:4FE3B601155532FC73BDA51D3732BA5A5B2DA974
                                                                                                                                                                      SHA-256:9167A7B5EB917356C4175B496CC48481324ED9FD854DE91F6D0C0AEC216A08DB
                                                                                                                                                                      SHA-512:5891634061470DC18F0D82647E6B35A7CBB01BEC1A71BA178D270208DD8E6681390DFD09792915C1114B34ED7C1DA40F7FD0B7FACFA484E814E8465C9F7473FA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"$type":"list","title":"","_isPublishingLocked":false,"_id":"BBI4MeJ","_name":"MGXStoreWebPromo (old Backfill list - DO NOT DELETE)","_sourceMetering":{"isMetered":false},"_lastEditedDateTime":"2024-03-15T20:00:27Z","_links":{"self":[{"href":"cms/api/amp/list/BBI4MeJ"}],"parent":[{"href":"cms/api/amp/section/BBREXz4"}],"children":[],"feed":[],"provider":[],"references":[{"href":"cms/api/amp/image/AA10QAZe"},{"href":"cms/api/amp/image/BB1hDfA0"},{"href":"cms/api/amp/image/AA19yQae"},{"href":"cms/api/amp/image/AA1md5qf"},{"href":"cms/api/amp/image/AA16OGZj"},{"href":"cms/api/amp/image/AA1e8Efj"}],"section":[]},"tagEvaluationGroups":{"_tagsHash":"3145739","tags":[],"vectors":[]},"_locale":"en-us","sourceId":"BBlbsHE","keywords":[],"facets":[],"labels":{"category":[]},"list":[{"link":{"href":"https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=tradingdesk&esourceid=6475206&mtaid=2D09E&rcode=10000&s2=borrowhomerate_snowflag&ctype=sponsored30&cme
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):285989
                                                                                                                                                                      Entropy (8bit):5.423856930260713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:6I1jRk43G0L5LqGMJZyjZVOSmo3/qziV76+2rGK8yhxlFQ/uMB+X1sSU:6toPeiV2brGxuMHb
                                                                                                                                                                      MD5:18DA63C0A02C46A707E21BC344C23D30
                                                                                                                                                                      SHA1:E840BC9423CDCD3E7D38A8E569E5D10CECDD0E83
                                                                                                                                                                      SHA-256:57B2ADAD8E860A8F24C8F3888926AF0C3A04C2CC21CE1C13F9AFD8E363B6B5C2
                                                                                                                                                                      SHA-512:07218829A787C943D55D49B0E8534FBCEB2F590E35AAFBA4BB43052BE4717C7067ED83CAA04B329E33C6F1AE897D2FE72AC178331074836561B2A471A66B14AC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:"use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["common"],{54085:function(e,t,n){var r;n.d(t,{p:function(){return r}}),function(e){e.Desktop="desktop",e.Phone="phone",e.Tablet="tablet"}(r||(r={}))},21290:function(e,t,n){n.d(t,{GB:function(){return u},Km:function(){return l},Oq:function(){return v},Sp:function(){return g},Wc:function(){return d},_d:function(){return p},cm:function(){return h},e_:function(){return b},kJ:function(){return c},oH:function(){return m},r7:function(){return a},yG:function(){return s},yL:function(){return f}});var r=n(33184),i=r.z.Alert,o={build:""};function a(e){Object.assign(o,e)}var s={id:22010,severity:i,pb:o},c={id:22011,severity:i,pb:o},u={id:22012,severity:i,pb:o},l={id:22014,severity:r.z.Critical,pb:o},p=(r.z.NoAlert,{id:22021,severity:i,pb:o}),d=(r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,{id:22027,severity:r.z.Critical,pb:o}),f=(r.z.Critical,r.z.Critical,{id:22031,sever
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (62058), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):234686
                                                                                                                                                                      Entropy (8bit):5.768283217926616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:r7c/ckbS2b/pVQAWjhw3d3qWnQHdRJg7hJ5BjHnatGJNyWVzskPNjlqAGu/gzxKb:fvkbPug9MmyWsard/KJb1rNA
                                                                                                                                                                      MD5:6AAE93A7CCE3FE8BC016C5F4831472DC
                                                                                                                                                                      SHA1:5FC3CE2919A27837CD1848084413E965D658A645
                                                                                                                                                                      SHA-256:B650CAE4BA73157B7C226CBF03D86804774B35563BA24B79AF644BD45F749FBD
                                                                                                                                                                      SHA-512:ADD7B13ABE7B2AA799263217AAD8806C607B3D384E151C69E47F81585D15C637FC16C4679A258393AF6FF89E26325AB61F5FE06278A5A7CC1996BB74EF412042
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:!function(){"use strict";var t,e,n,r={12451:function(t,e,n){var r=n(8460),i=n(2132),a=n(82589),o=n(9925),s=n(96838),c=n(56595),l=n(54616),d=n(82512),u=n(98182),f=n(8488),p=n(30786),m=n(4108),g=n(23159),h=n(65212),v=n(87738),b=n(54085),x=n(3460),y=n(91898),w=n(42390),k=function(){function t(){}return t.trackCallbacks=function(){switch((0,x.Bn)().currentColumnArrangement){case y.K$.c1:case y.K$.c2:t.viewType="size2column";break;case y.K$.c3:t.viewType="size3column";break;case y.K$.c4:t.viewType="size4column"}return t.viewType},t.getTelemetryProperties=function(t,e){var n=!("false"===w.c.getQueryParameterByName("enableTrack",e)),r=w.c.getQueryParameterByName("ocid",e)||"hpmsn",i=u.jG.ActivityIdLowerCaseNoHypens,a="0",o=!1;if(d.Al&&d.Al.ClientSettings){var s=d.Al.ClientSettings;"true"===s.static_page&&(o=!0),a=s.browser&&"true"===s.browser.ismobile||s.deviceFormFactor===b.p.Phone?"1":"0"}var c=u.jG.CurrentRequestTargetScope&&u.jG.CurrentRequestTargetScope.pageExperiments?u.jG.CurrentReques
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (65448)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):94620
                                                                                                                                                                      Entropy (8bit):5.4076498069548435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:wYqLAnwLD2AFtbo2k3DG5wsxWkNcdJ/r3LLnt9+tISGtOMHiYnEvlwXLnt+79VlU:w7L37ivM1WkNWnt4KClwXLwsoxsE+
                                                                                                                                                                      MD5:095130BBC3EEC571FCE0F8B59513E250
                                                                                                                                                                      SHA1:391DFF8E9455FA291AF53500A60BC955B4E586A8
                                                                                                                                                                      SHA-256:F834D3999811C38EACD96A27AFC0B913B38E84BB68D14D3F6DDF815C7D1ECB3D
                                                                                                                                                                      SHA-512:35101C2CD26FFF76719977B4A99D769A0713B23BF874E43649F4EB6699E0A01BA74435A870C7C02B56DA1C928417B66EEE019B9B1ED3752F06C95CA8770D3E1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:/*! For license information please see microsoft.afc9b4502f5cf6f88cca.js.LICENSE.txt */."use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["microsoft"],{39115:function(n,e,t){t.d(e,{Z:function(){return M}});var r=t(68897),i=t(44611),o=t(89734),u=t(98693),a=t(38629),c=t(64648),f=t(73966),s=t(64973),l=t(26105),d=t(46540),v=500,p="Channel has invalid priority - ";function g(n,e,t){e&&(0,f.kJ)(e)&&e[c.R5]>0&&(e=e.sort((function(n,e){return n[s.yi]-e[s.yi]})),(0,f.tO)(e,(function(n){n[s.yi]<v&&(0,f._y)(p+n[c.pZ])})),n[c.MW]({queue:(0,f.FL)(e),chain:(0,l.jV)(e,t[c.TC],t)}))}var h=t(27218),m=t(24200),y=t(92687),S=t(28055),b=function(n){function e(){var t,r,a=n.call(this)||this;function l(){t=0,r=[]}return a.identifier="TelemetryInitializerPlugin",a.priority=199,l(),(0,i.Z)(e,a,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[c.MW](e),{remove:function(){(0,f.tO)(r,(function(n,t){if(n.id===e.id)retur
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9980
                                                                                                                                                                      Entropy (8bit):7.920872687927839
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SpAzoG8Slncosyud2bgnMcuN7nmTuTcq0HQ25P2gdGQNBWt6sorFkJbGmpzF:SpA8G8S2Qudr9+7mKTjkQIPBNBWF0kJt
                                                                                                                                                                      MD5:821190A9D20F904FF12D846F890A16FD
                                                                                                                                                                      SHA1:F8840AC7711A6A55811D6994AA893B915B482E51
                                                                                                                                                                      SHA-256:7883F322FFCD67DB8361C5B553DF860D3482DF2493FBB3C7C59D7DDD9B55C9F2
                                                                                                                                                                      SHA-512:D0315E02AFEA10CC30AA4E2C625AA8F94B64EEECBEC7ED8DFD1F8A5D1B48EE723007CD9FEA9F8DE449BA4F4C9451AD527698E18AB5CC3EC749506D08B9B53988
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..v..1V...d@.....C.YE.....4.D9.V"..Jp..W.}G..............!U.T$..._-~5....Q..........g...J..a~.E.Cj.}.E#.~...w.....SDs.....W.x[.l..ZK.kZk.X.w......'"....Axr..#..K..P...F>.?.tw..>.[F.u.8.....r...t.A;z....V.G.h.|6....0.qF...p.....~0..>0c....{..3.....Y....lUH..$..............q....;_...J08....4..B.....^....=.Z.l..6mB.d...2.;..@....8|9..c...N....W..'.....t[;
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):19868
                                                                                                                                                                      Entropy (8bit):7.96867322297606
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SGF+HwIwhPHeBLiYwZpfyz0iuN9GIBDOPpFIsjnBF9Lfg6:SGF+DyhZpfhiu2sDOU8B/fg6
                                                                                                                                                                      MD5:FC01CFD8BFE0371FFC55BDF9B23CBF49
                                                                                                                                                                      SHA1:BE57C83284702076CF0B730AF8D9637AF79D4353
                                                                                                                                                                      SHA-256:65D5BE8F2B0C04D87D27B7056AD1F4997E8B28B16B1B7BBF012B91E57A7BD71D
                                                                                                                                                                      SHA-512:46D3A4AE5CCC798942D37CE49833C66133DF72EF3989E224830B45A90F3F82B1E6A0344F7389B317DB44CCB466E155DE5660E732CAE8BB0549E52B3A2B41AFA1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....J.4..5F`........8..@v..~......B..0.^.)...T..OJb......JX.cS...1#.oJ.(.....8.p...c!..U.bn...m..j....n.q.=..H...w...$.+...|Q..=....1...>Jc.....W..W....u.B{...6.....<...;........ .7.i..(......<-...:...-*..$.o......x.../.#E....e...i1F....O.k.......a........,....(..>D?.....z...;.&.;.6..KXF..P*.......\..$........."..B.qVm.y95i"..4.....5/.....`.........B......
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):21900
                                                                                                                                                                      Entropy (8bit):7.95802881739318
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SnA91DjhRfRsXXZFjAkUqMsAWfbDlAbmBYWJdLUfPt8t65leHWH++ABoK:SnAjDt+pFjAkZxTD+bmBYhHKZL+coK
                                                                                                                                                                      MD5:F41507EFE8B1BA354D32C2A9E57485B8
                                                                                                                                                                      SHA1:3A4911444437DEE5E3005468C70AA910199DA2E7
                                                                                                                                                                      SHA-256:1402FF8B19E3203949440283C5D0C769139E86E1F04D1694E521E2022372EA87
                                                                                                                                                                      SHA-512:4372BC3A131764B8EDF73EE1DB548986EC3B85596BE12330F4EE1E4AA0A6E05C89DDA346B16039D2C69F6D3E71F08AECACFD35C3A8F5EDCE90BC85131D63CE07
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?../G.M.7L1.=v._.....n>.|......2..?......o..[."......i..1....x._/....[R.=.....<...b.[..k..a.....5...w....w.<....*..Qi.K.RI..t_._[..ty<...m...U7...z........yO.V....4+..od...t....B...+FI.W.A].c.|U.K..FAs.a.wq.W.....w..!wu9.s.....$...*.2.. ..*.._h..i........".u..rBI..9W4...i.).sr.}.r. ...*...k.tO..).......p....H..W..K...5H..Nhn<.%L....E..Q.Og..n....y..k
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13484
                                                                                                                                                                      Entropy (8bit):7.961200136782674
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SFYF/BjSqNioIHlw13Qy6S3xO62pI87wi6aQB84:S2dBjS2irHlcAy6ExOyuvQB84
                                                                                                                                                                      MD5:4DBE07E2B3EF02A4930ADE043BBE082E
                                                                                                                                                                      SHA1:8D46DEC364AC03EAC6165894230519CC802658B3
                                                                                                                                                                      SHA-256:7B67A844182E70447D7B89D6FE1663FE0E6B968AB905782BD17424615EBFA009
                                                                                                                                                                      SHA-512:EF2A70C23BF7790BD3F0514C9CD0116CA1419FC94B919EE33F86D54F685F35315B6E7028AEDA04D6A03DBCF6E9F3DFF847D13FC2AAAF6377611D31C1BEC2477F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..f.....?Q.....N(..q4.....#`nl...H.$d+.....8...Q..{t.Q.9I......#.TK.jX.....F.fq..g.x..H.VV...#..ub......n\.p\.V.0..:..(..@.J..9..e.[......y.dg.dRFMO.M.-..V.[]U-gf.d!...>p}0s....u_..j........#...U....Me.r8.T.>Z...RH.EY....xqV.S|.{."BI-.=.kh.....5%.mMm....v.q...SH...8......5.F<...!...R....^.34.F.T....x..u...9.s.@.5..D..#.Pu.x.......[..B..x..2.7.V..$.4Y[..:V..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (44421), with NEL line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):196564
                                                                                                                                                                      Entropy (8bit):5.416918453049597
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:5yggyMjcPJF7iol0cQtK7bKXZ7x7/3DwLqsop:5yggUJN3CE7cZ7MnQ
                                                                                                                                                                      MD5:87B6340D5C378650AB6B6DBFC2FCC200
                                                                                                                                                                      SHA1:42625DD447DD664F0078D831A020BED9A71A92A1
                                                                                                                                                                      SHA-256:27F89E7501CE8BF61E542F918284E6DDA03C31ADE11BD4B2174AE34D50EAABB3
                                                                                                                                                                      SHA-512:1BE5C0AD1109FF789A1D1A7D1145C1421E756A26D7350F512C0434DFF1422477EA36DA6BE886556CAD37B75ACA5942A10E6E71761A87263151419451487E5EE6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:"use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["vendors"],{29558:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},74322:function(t){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},25135:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t)&&null!==t)throw TypeError("Can't set "+String(t)+" as a prototype");return t}},6664:function(t,e,r){var n=r(23362),o=r(35093),i=r(79549),a=n("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},99027:function(t,e,r){var n=r(58306).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},57699:function(t){t.exports=function(t,e,r){if(!(t instanceof e))throw TypeError("Incorrect "+(r?r+" ":"")+"invocation");return t}},45150:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t))throw TypeError(String(t)+" is not an object");retur
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):562
                                                                                                                                                                      Entropy (8bit):7.382724611442315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/78/gQT+n4X8NcZvd0rw2GzCFz2xw750pu6pLXh200:J+M8OZvWrw/WExA50pu6N10
                                                                                                                                                                      MD5:CC46CF2DDAB2AEF0E8992B27E187E14B
                                                                                                                                                                      SHA1:9B2D26A6F60E228EFB0F780AF55A59C1E11EEDB6
                                                                                                                                                                      SHA-256:717491CF887100ED2C330F0CB5DD7E8A71A250E0563368C305B54A159778CCCA
                                                                                                                                                                      SHA-512:8AA0545B409DE7D03738926F862C3C4E91827691B42CACE82E735186D6FFDE6CC33F7F9FCDD729ED279071FC18238F3D75A06E2C41F247400408B4FC61DA4356
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O}SMKBA...d...'...h...2...Y..Z...Ra.A..},.>.T.h!.........L..{...|.{*]8.{.93wf^.(..A..~).......r.."v....p?.M.3.A.a.r>.PIA..*...<.~6...e\{.u..Nfb]..'{.W.sO..\6a..m....)".C.b..t.x.....2.o.`.2.....*..eZ.WF unQi.......L..!{.O&Yi.<Y....x.......{8....B^Z..\...Ri.-......Y)..C....b.`[.a..ZH.n.(.!.=.u..A.jG.a-.A.."..T..3r.*>.\R\#ya...Rxg...8.V...P..M....M. j...'...Q..8..9=#......(...lW...do.....4........D.V.k....[g...$\...B6.../....Qt.$..?.....^=.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2880
                                                                                                                                                                      Entropy (8bit):7.879136096857446
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:C/6SyJtSJGYielqeKcdbk2QPFKxfGYMs+dqRmRIg5SZcgjsKs88hPTQQQQv:CSS8tODlqbce2jtGu3a5SCgjsKs8+
                                                                                                                                                                      MD5:04BC888A67735209F284676628AA9325
                                                                                                                                                                      SHA1:BEC523E7378599AC1D59FE2069797F8A1223A7B3
                                                                                                                                                                      SHA-256:B108D167C84C2266C0D96B5413A08694EE9BB1C70952794A5296B2CC3A0111C7
                                                                                                                                                                      SHA-512:65C47B01C55262E9F36AF461493F08EE626B1AFFBD0B910A018DC62BBFC449CC13CEEFF54B9E2103AF2A829497ED7AA2CF69EF1FA4EE2CF9FEB59257C09192A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a.....IDATx..Kl.E....v....*.AH..8h,...h..I..%....r.`|..D.6.D........r.-...6..x.5...@.. >p...e...<.....'..?v.?..kfZG^....x.:..J..3A....<...L..3A....<...L..3A....<...L..3A....<s=.!:W.&..#...."c3'b....F.N.....L.l..T..?..W.eC......|...<.9"Bsv....O.zrd..U...;.M.~.*.:7C..]&M.U..,....V.$!..R.~..t......_......x..{sv).{...5.q....8GZ.]$..K...)...........z..0B.....=..........I...H.....E..1A2...1S.c@e.2u..W5...F.kk&.E.#...u...c..Z.?...AM. f^^...m.Q..[.8D...'4.z.r...'...6..?x.....'..H5x..?...XDsv&.x.q1..8Vp....r7.%.`...2.W...5...I....Yq/...w.|1..4.....Y.V....N.......#m...{......m..`......../..:u....U..8.n.... .}.o3..|.s...O_)..;g.w.[......g.hcv....KA..#...B.#.......0c.#.).s..9[.....C..=S......kU"B U..@($w2..;g...6Y...............z.........?........3......"..|......T=...".xxpDB....#. .JD..{h..{/.k......9..g.........."..#....0Tt.W.g.....FL.>..E....x...|..|.<...`Y.....$8....g
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):673
                                                                                                                                                                      Entropy (8bit):7.615587910313665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7ImefM9ybzcohquCjr6zkDLmQ2Fg6GDKIt3IeT90dPcDeyXXGTYUk98R4XN:5mekUfHhYXmpxGuIF1udUDtmTjQ
                                                                                                                                                                      MD5:07987C39CCBE8222C659E3594D42463B
                                                                                                                                                                      SHA1:933B6536F1BC88DD506EADD7D68837E407F281E6
                                                                                                                                                                      SHA-256:E93F9983F3945E8A7EBB52276F619D8F58B8BCEF4C1B75D677331ED656799F41
                                                                                                                                                                      SHA-512:9CA066A0AD3BB5E0DD46745F4B1544520C3AD0347F59B1E77873C1DB5E7157526B6E13A88096DC71CAE7FC5FEE045A87BAF53F424D24579DED19432695551028
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a...hIDAT8.m.OHTQ....7ol.-%...2.6..B......j..Q..".6...].....j.."j...jS.H(...*hh..b*..7.....q.....|...w.'..%U.\.......}..`......p......m......gQ ...s .?*m..HP..y5..._...`./..z>.v...h.W4n_...C.C...<..i.Z.f1...&.......+./..q..q...o...K.....t.........4.5.d....)...4..B..z..&h..0r.....).....H..d-p.A........PK..4.h.;5@y.bg9....D.}A.!z..S..L...2...Q.......'3P.u<......7..0=3..\....|......H..oy..m.@>0.51.I...wp..;.%.8d^D..r.a.......}.@B...k.w.l......)..3.m....<X.&........o!......T....L.^......;@...._....a..TW.8...O......[..8.}.."v....4..C..@.v..Y..X\.VL...B%^.b...Q..p..K.K..B....{.}..$.!./..J'........V....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines (58442), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):191012
                                                                                                                                                                      Entropy (8bit):5.461686001443668
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Cql97UqMa1ar2FlZmV/3GDM8t6GdHLqEe5AglWG4g6U5NgW8ua0/dCOpI/FpVHDA:JltRNFb4/WDMihc/h5Nyh0lCOpIS/xYy
                                                                                                                                                                      MD5:E434056769C5693B3AAFF29D51B0F22E
                                                                                                                                                                      SHA1:6F54E05DD79266CD71C500B2D72C86ECF9A1FD72
                                                                                                                                                                      SHA-256:24F27A9C7197134E32682014A5C899845C5367503908C60F9EE81AFDE8A8390D
                                                                                                                                                                      SHA-512:F81159F8ED4D157950E7608403EA573E461B6023BE8B5A3C38BB6FC6E2FC99FB3BF0F28382AA8A80FB94C439B7122E7E4B4049D82BB7114E6B364AFCF8C31CB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,mms-sc-sc_tags_rev,prg-ar-ap-c,shp-xap-gr-ps,prg-sh-carrsb,prg-sh-enitlea,prg-sh-enitleactt,prg-sh-genreco,prg-sh-genrecocreative,prg-sh-genrecosubkeytest,shp-xap-gr-noux,prg-sh-fashion-t1,prg-sh-fashion,prg-1sw-sauie_t1,prg-1sw-sa-ltmig0311c,prg-1sw-saql2restrictedt2,prg-1sw-cwv2bat1,prg-1sw-p1size-i-c,1s-wpo-prg1-nov23rec,prg-1sw-hupsell-ctr,1s-eaop1,prg-sh-badgewc,prg-fin-hl,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-twsenc,prg-1sw-samhibrnc1,prg-cg-upd-genre,prg-pr2-predidxr-c,prg-mscl-hld,prg-msclck-rf,1s-fcrypt,1s-shp-xp-ecrenrich,prg-sh-ecrenrich,1s-aadptsiz-c,prg-premier-pr1-t3,1s-prealgo857,1s-xapentprong1,prg-1sw-pro2pre,1s-wpo-prg1-ipmdl-c,preprg-1sw-ccq-fixcc,prg-ctr-pnpc,traffic-p1df-3r,1s-wpo-pr1-ntrfd,1s-wpo-pr1-trfd2,prg-1sw-dft-tskb,prg-1sw-dft3r,prg-entpremier-pr2-t1,1s-prealgo855,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):533
                                                                                                                                                                      Entropy (8bit):7.415663553371965
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                                                                                                                                                      MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                                                                                                                                                      SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                                                                                                                                                      SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                                                                                                                                                      SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines (58442), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):191012
                                                                                                                                                                      Entropy (8bit):5.461760499488283
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Cqa97UqMa1ar2FlZmV/3GDM8t6GdHLqEe5AglWG4g6U5NgW8ua0/dCOpI/FpVHDA:JatRNFb4/WDMihc/h5Nyh0lCOpIS/xYy
                                                                                                                                                                      MD5:F47DD14F89E56129D25BCA5869372F48
                                                                                                                                                                      SHA1:254816E643A0036E977F3DC0429CE4CCCB60D8A5
                                                                                                                                                                      SHA-256:1B0BC31906EA31A2E81101C2D2AE821ECED1184FF277F2B3E42D398394AA1798
                                                                                                                                                                      SHA-512:6579F91BC39F3F27F2FD5668084B8F0A14F80869949094DE289A8CEE37777D6195E0EF46E790F437C71CBD026148A82BDDC6A8E93C809B703E258A4C036E3CD3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,mms-sc-sc_tags_rev,prg-ar-ap-c,shp-xap-gr-ps,prg-sh-carrsb,prg-sh-enitlea,prg-sh-enitleactt,prg-sh-genreco,prg-sh-genrecocreative,prg-sh-genrecosubkeytest,shp-xap-gr-noux,prg-sh-fashion-t1,prg-sh-fashion,prg-1sw-sauie_t1,prg-1sw-sa-ltmig0311c,prg-1sw-saql2restrictedt2,prg-1sw-cwv2bat1,prg-1sw-p1size-i-c,1s-wpo-prg1-nov23rec,prg-1sw-hupsell-ctr,1s-eaop1,prg-sh-badgewc,prg-fin-hl,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-twsenc,prg-1sw-samhibrnc1,prg-cg-upd-genre,prg-pr2-predidxr-c,prg-mscl-hld,prg-msclck-rf,1s-fcrypt,1s-shp-xp-ecrenrich,prg-sh-ecrenrich,1s-aadptsiz-c,prg-premier-pr1-t3,1s-prealgo857,1s-xapentprong1,prg-1sw-pro2pre,1s-wpo-prg1-ipmdl-c,preprg-1sw-ccq-fixcc,prg-ctr-pnpc,traffic-p1df-3r,1s-wpo-pr1-ntrfd,1s-wpo-pr1-trfd2,prg-1sw-dft-tskb,prg-1sw-dft3r,prg-entpremier-pr2-t1,1s-prealgo855,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:HTML document, ASCII text, with very long lines (58442), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):191012
                                                                                                                                                                      Entropy (8bit):5.461686607531203
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:CqH97UqMa1ar2FlZmV/3GDM8t6GdHLqEe5AglWG4g6U5NgW8ua0/dCOpI/FpVHDA:JHtRNFb4/WDMihc/h5Nyh0lCOpIS/xYy
                                                                                                                                                                      MD5:C88AA5B5253EC19E05890C437A7A0792
                                                                                                                                                                      SHA1:3BB7951A4EF982E7950AFC98F968CDE7F5CEFCA9
                                                                                                                                                                      SHA-256:4212232DE626D37016DF25AA525352F7DD12107479457EA00C633C17F33618E7
                                                                                                                                                                      SHA-512:97A0FC3492956FA938D9EBB359F923E4D9B96BF6AFD2B50EF45EA57FE09DE8C8F4BCB11706082C2EB040243A39D513727B938935F9FDC09B04C639AD0E9DA405
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,mms-sc-sc_tags_rev,prg-ar-ap-c,shp-xap-gr-ps,prg-sh-carrsb,prg-sh-enitlea,prg-sh-enitleactt,prg-sh-genreco,prg-sh-genrecocreative,prg-sh-genrecosubkeytest,shp-xap-gr-noux,prg-sh-fashion-t1,prg-sh-fashion,prg-1sw-sauie_t1,prg-1sw-sa-ltmig0311c,prg-1sw-saql2restrictedt2,prg-1sw-cwv2bat1,prg-1sw-p1size-i-c,1s-wpo-prg1-nov23rec,prg-1sw-hupsell-ctr,1s-eaop1,prg-sh-badgewc,prg-fin-hl,prg-fin-l2tnews,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-twsenc,prg-1sw-samhibrnc1,prg-cg-upd-genre,prg-pr2-predidxr-c,prg-mscl-hld,prg-msclck-rf,1s-fcrypt,1s-shp-xp-ecrenrich,prg-sh-ecrenrich,1s-aadptsiz-c,prg-premier-pr1-t3,1s-prealgo857,1s-xapentprong1,prg-1sw-pro2pre,1s-wpo-prg1-ipmdl-c,preprg-1sw-ccq-fixcc,prg-ctr-pnpc,traffic-p1df-3r,1s-wpo-pr1-ntrfd,1s-wpo-pr1-trfd2,prg-1sw-dft-tskb,prg-1sw-dft3r,prg-entpremier-pr2-t1,1s-prealgo855,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):92412
                                                                                                                                                                      Entropy (8bit):5.361663979758311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:ee7i6PuVoEqG3S52ZKZzuyLrlLgiozSsy1UpfqwoLQ+2Cl/Po3A2Vi2WrzaHP4I8:eJzRZKZzuy9vsy1UpfqwoL7DG1bKRRl
                                                                                                                                                                      MD5:57996ED9AE1008CAA92FD7FD464484EB
                                                                                                                                                                      SHA1:D915051DD9736E2F2B35D77405253FC67C1C7884
                                                                                                                                                                      SHA-256:DDC0C270BDF53C1F96427C0A2AB1DC8A81CF9ACBCC3EC471936F87923E4849B0
                                                                                                                                                                      SHA-512:FEF4D3B82B9529903ED554AB21BA085646FFDA6A8AE51623BEC83E1A06D839275A7C916D4E50B6943ADE6970DC9BEB5765DDAB9D09DA7903B87065FCE42E0B70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=3e7d2d4e-4008-49a6-aef1-9c5809ec1fa8&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1k30SG","type":"article","title":"Former Vice President Mike Pence calls Trump's Jan. 6 hostage rhetoric \"unacceptable\"","abstract":"Former Vice President Mike Pence made clear on Sunday that he \"cannot in good conscience\" endorse former President Donald Trump in the 2024 election.","readTimeMin":2,"url":"https://www.cbsnews.com/news/mike-pence-january-6-donald-trump-unacceptable/","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):80965
                                                                                                                                                                      Entropy (8bit):5.3299896183239435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:eioE+3AVoE4tly/7AwAwLzfV5AnxCe9oJ5SuZKZzuyL3pFhhktZCJQ83xzm5iK+N:eEkFmSuZKZzuyFuMp97jF
                                                                                                                                                                      MD5:6EAF9985ACB8B0B3AD2FE9ED7918A48B
                                                                                                                                                                      SHA1:A15243802FF0E35F1BD89B306ED27734B96C4D31
                                                                                                                                                                      SHA-256:0F5DDAC9F6EF4E38922B6E4D0D2609B9DCFA90A4FBC42DC8FB9C14780B8A6432
                                                                                                                                                                      SHA-512:42D6B18D043C795B2C9EAC1FD360F24DA16572D3116F226BF6AAD38373A297F7CDFFF94F111D68A08061C6306B638A6E7C9434E5786B2B04899D4B95917BF127
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=83981957-8e9b-43c6-bd5e-10846e13a926&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1k4cWE","type":"article","title":"If TikTok Is Banned, Free-Speech Litigation Could Follow","abstract":"A legal battle would force the courts to weigh the government.s national security objectives against First Amendment rights of TikTok and its users.","readTimeMin":4,"url":"https://www.wsj.com/us-news/law/tiktok-ban-legal-court-challenges-fdc06180?mod=RSSMSN","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive","score":678},{"topic"
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11367
                                                                                                                                                                      Entropy (8bit):7.958487720940249
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Sy9hogmTZuCXewAc/PgmwSAEg9Yohdl6nmnV8L6n7mIHlHaqBRjNcJki2Kp:SlgKpOw9gHzESqmnV8L67mIxLBTeBp
                                                                                                                                                                      MD5:272954FE3217328F9CF4AD234CFE1A23
                                                                                                                                                                      SHA1:FE12F12AC73CE77F2C238A3D5196C20BFC26885D
                                                                                                                                                                      SHA-256:378C817527A7393187EFC0C4D8EB073E3D9FBE79BBC48B399136A10F52452903
                                                                                                                                                                      SHA-512:6B91F9D69B8E5C473EDC7DC9AC9F47D010C35D10A601C1DBF03708213411B5AE4DC1CD65694B22D06FDFB42D231ABD9235F6A147EDF9D5C9C02B549053FC3D31
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......^.:. =*..^A..4u.h..p....-qp..._.|...-.j...x.V4..#....+A .<..j.q...w.p..j..Hl.l....."..%...G.v..>...C.....2sW.CP...eB...O..\....He.....2..R2......4..h.Gp<.U...p........;|.^mQ.h@l0.F=}k].]...4-....9...=.?<}*..,....1...[h...X..u..ot.......5Xn.{.B91!...+0.m..r;.\.....x...y!.yw...../z.PM.....GL.w...#o.j....`I.$._.,.\B.......N.#...d...x..L.7.9P..)..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7875
                                                                                                                                                                      Entropy (8bit):7.928520544129559
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SKQ6jDxk3YHsSlaIuMHM53t2lObbTsVa4p+:SKQ6HxrMSlxVHq3IYbfsEl
                                                                                                                                                                      MD5:C3C6DC505756BD3C45E2005C050F035F
                                                                                                                                                                      SHA1:E46F5D02036E16427B832FD8E202EE292263BEB5
                                                                                                                                                                      SHA-256:CF043FB2A11AB855A53BEB4E298513894EF4B32A2779E5FCB4431159A884CD26
                                                                                                                                                                      SHA-512:C5418C6CBA76BFF5D86130764DE2227CB5F692BA56DEEB7FF1F79FDD32109E9147A697449AC6E1A95AC2AA1E904386B82EE35250EB172ECD13D179148BF2D92E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W`.V.......=7C.(%{..v....s.........~...........+:k4=M...s...>....q'c]-......l=.t.+........p5.k.....7....S.....Hfo..NqR.F....XR0......u......SG.*y......4..h...{u^H..o-....o..iZ........C.@......e.\..5j..F.......i.k2.Bj.:..1...tH....r.W......r/..5.a...+.U.1K...&..........u...zb..j..(R.5c..T.g......5.4.g.TOq.l.FT:.5f=.Tt.(n.........b...).GU.*.....T.)..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22171
                                                                                                                                                                      Entropy (8bit):7.959660917311711
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:StnzzExGOLDGAXqlwfzvrzp0XW//8nFZ62VL4djFDkLD5HZT7sT/BEIf:StnHEEql6Ezp0mOVL2jFDkvT7sTWi
                                                                                                                                                                      MD5:EA5E900793B1569FC14B547F6B2758B5
                                                                                                                                                                      SHA1:BB2839CC73973C9F0D1BBFAFD80D4F0D6EEF240A
                                                                                                                                                                      SHA-256:00BF5204D2A5A2F25DF3FF4E3FE37D71066CB5CC9CCA8C40FB9FFD5A2889D784
                                                                                                                                                                      SHA-512:FA6E3BF975A72DF57C00587C7E1671A787CCB97A0E3F84D32AE8EC96F78611A2E685D8C5976A0EC0D096A79B1E3D139749E940D024EF4E7FD303FABA5472DCBC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...P../..`..Q..c.{.l:..nd..f.!...b.......*yP..>.'...8..<.*G.K.<F ..0Z..<2.rG.X....O...^......t.i.nZe..c....^MM..i6..N.z.i.|w....X.{6=...l&..KV.Ts.q$r@w).#.}'.[.>..x..G.f.SY.....i$.r.?.c.#.g.w:.)....9.....X.IB1..........xj..z~~..e./.c..N6k~........o.c....<. 2#+0.....Zg..O.O...p..O.Lh...|.r.1^.4Q..m.!w...pj..A2....)..'...yr.z).0.z................<.^...H......cop
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13336
                                                                                                                                                                      Entropy (8bit):7.955090961654166
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SkvJJGQPZQsZ2MHpeOehqhMEo3u7Mrzj/1EG16zGGinN3sXNc:SkvJJGQPZQsAQeOa3N+7ejWG1iGGinaa
                                                                                                                                                                      MD5:17B9AB420F0D28CA3AE8892D7AE19361
                                                                                                                                                                      SHA1:97168CF5E3750C36A245BF22C6139E5ACCB07C23
                                                                                                                                                                      SHA-256:EA8676D3AC1B0CF762DD2227E04126DF79D6B47D32A22FA5CD05CE7406A7AE16
                                                                                                                                                                      SHA-512:8E8B403F2D708139B765CC818586220F735BB94DD8A79864A2707A586193198798D954B1BD9AD9D746A577C5EEA992A28DD0928D7928A03281ADADB9AFC9D1E3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...U..[x..<....V[k.U..0.n...Y~....|>..4n..<..P..c..f...i#d.&Nv...uS..O.u&."s..C..+.6:V...#.....S..|7o..5...8.A?t}+.|}..mA..J.Ebi.Q.1.0....o..W......K..[..6...W.[x`x....y...........'...j......u..f...j.t.....J.......Mi...pq.....i/..........y.Sh#....O....k..[...#.y.g...z.R..NH6.&.{.M.0.Up.Lf..J.~..|.._/.5...utK....5.N.yjt!!u;.=k....=.....;M?.V..Y..L..V7.....3^..k
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14395
                                                                                                                                                                      Entropy (8bit):7.953190974382825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ShKR5rnMxc0NtxtxQpBlXOjAMY0Ui4vcHmtAP+:SAPrncc0NtipBRAPuUHmtAP+
                                                                                                                                                                      MD5:FB05B0CAB7E2213A250EFD596F2C82C2
                                                                                                                                                                      SHA1:AE9CC4BAE4F131E4D31389C920E5508B5D3BB02C
                                                                                                                                                                      SHA-256:59A223D3A3D3B568381C6C39181DFC4FE9EDE081537C12E9F2536EE735A8301F
                                                                                                                                                                      SHA-512:6318BEC65AB925262BF6C03781F37787F0EF4D0F94FBEAD4BE33B12688AB4585A2F304C76D0D700AC5E8C3DB0DC11200390134988E707ED5D8CB4D618D25F5EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....... ..,].R.Q*."..c._..q..Z.O.x......Ff...i.m...e.F....g..9..!..8".i4[H..$H._.....S.......r...n....Q._.uuy t.W......`.8....a..e.*........^.......%....e.k..$.....h,evw...Z1b.S.YA..M{..M^..^..j..P.........8>...^;.f...4&-o?}...?y..W>.....~*...G.....Nw.z.....W..5hPQ...%....2..Rq..o..........<.p....F...5../.K...]....|.7.s..9.. ..../Y.a.*[.cu....B.dm.\.b........x..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27071
                                                                                                                                                                      Entropy (8bit):7.968964130411443
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:S5wVkxI8sF0CM0uVNyjKx26Sar7GcsyqLLCqM+:S5wVkxI8qMB2K26Sar7VsyXt+
                                                                                                                                                                      MD5:F9084B1F2819783DEA4F7F3FD1205439
                                                                                                                                                                      SHA1:826FF0C459DA30124C1EAE054E7935974B97BA63
                                                                                                                                                                      SHA-256:CA79264F611A35388309A96CACB1C9654AE45DA6E6DA092F2324C4C7A8B2A5C4
                                                                                                                                                                      SHA-512:25C229DF827E2947C3DA9587E2406131714F90C4A2E5586AAA93BD997AEF2B084EAFE80AF87F7D81A7405A28FA7BC969AFBF4990E80BEF2E0021FBB679EA0802
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..O..T.....j@..S..NC.Z..._.z.{..y|._.4.,.7..E..6..b.x...+....YI7.=+X.`e...^.O....le...#n.0.;...../...O.\.J....q,.>Li.t>_v.N2Oa^_...e..C.F.?.K.iV3q....H.....Y.V1...E..($...WV..=K.5.......`..}...o...H.x ....In.@.3(a..6E.C...G...[....J...6.M..5...>..&...R`.L\09...Q.k......|a.......O.Y..e.Kxb...|.fT8...Mt.W..9Fq..@....]/..........xa.S..y.......T..u....j
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20751
                                                                                                                                                                      Entropy (8bit):7.9676521975019075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SfR8SYrIix5+Waqi8XDHl44H4H2OHTcaPXKEdbzntpxgkBFfSljJQ0qI51e7eTkX:SpVO+Wa8Hlr4H2OjSybBpn6pCore7wc
                                                                                                                                                                      MD5:49A2EB545274E6643F0E054C421D0415
                                                                                                                                                                      SHA1:B9B4059DB56E3F5CB2FF6B8D008DEE872B971583
                                                                                                                                                                      SHA-256:CC5BB595D804FD086B4ED6EE45974E3115E9199E7DFBE0A52780B2297BBD08F5
                                                                                                                                                                      SHA-512:1746CC7DDDCC7A88BE9E8C811394B724F859AAA0D2A75ED9E43FFD10E64F1293E6441164B72AB4C39CAB9103061F7DED52E35E31CA5AD658BD4FADACCCC84588
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..ZO....{....dF .....]L,.C!.....7.d...HFQ.......OS3....+.n...r...|.....g@..g.... .$..W...<........i...@.o-o.....mf...W...V.j.)%..........^..'..Y....=.O[H.m.o8i...........Z.f..y/e.....d..5.^(M..a.L..s.aj..O..Qz....._..>.....4R.ip.].W~...'.d...\.W.Kw......U>Q.s.b.....K..`...52n..W:.-j...>u..1D....H.c.....o.{....Cg.#.^.p.g...6s.....Ih"....a._+..I..]....E7...Z...
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):80158
                                                                                                                                                                      Entropy (8bit):7.971574512522267
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:RjJ8entYSKg0VVU9V6MFHuLNGxGppUOcWQeg1SHO17v4xS1EgtpXb9KJXhU:xJ8entYSpSuVFOLNGrYtdo7v4xAttWhU
                                                                                                                                                                      MD5:0011B1A890C056DEDD4E1A3FCDD84EEC
                                                                                                                                                                      SHA1:5BF94FF4F750BD0DA879717F04B448E051A7E64E
                                                                                                                                                                      SHA-256:52D9F5BE0607940F922D595CE7982A99139F3C189ED4B90330852A72CE9E3FFF
                                                                                                                                                                      SHA-512:19D6F78945CC0CE6691A9FA0B8986122F35AFBC95B3DF1045A23B7DEC8292352379FE8D3B6E4BF03D4B9905BCF6729D14030F9C3C48D570FEBCD3E0CA343285E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...I..T5-H..U8......r..1...z...u.20..H.."...n;V.l..+s=...67...|e..}...$v}....Z.M_\.6..5.h..9 ..........V.....[.....F..5..gcog..o..V....$...|.....d.kN.,...$..3. ...=.?.m..`.x.p.....#...i..M...Y.t(.$e. 0. .r\,y..#.V~&m".9Vh.L.+2...R.<.^.......U...{....M?.....er....{......5i....+....8....O.e$s.....6........x......u.E.C..n...m.JW.....7.4... ...Q.$;..H7g.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):21649
                                                                                                                                                                      Entropy (8bit):7.964842495763956
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SquAP8dHwtPaWuEg5ElQWIYn2mp70R0Cc8CEgE94TOFzUgDP/EsB+X6gQEhw200F:SazMBY7HV0fcEgEk2oQUssXTFh1TTd6I
                                                                                                                                                                      MD5:7B879EED7221D562F241192A6C47D818
                                                                                                                                                                      SHA1:BF6941B4B2DA43CF04754AF2396F468BE769C14A
                                                                                                                                                                      SHA-256:E75977B988B1F8D04CF90A49984EC5BEEB6E863277BB4C7A59A5E829A1D9C11D
                                                                                                                                                                      SHA-512:1B9C4B07423E9A45FC227FE5913F282A361509865DD3048AE7B0C8DCDCBDDDA7605B5DC1F0B6C0944A67A72137D1FA9E1BD71B2350341AD18D4C7A8002C4725D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....T.z...ZK..^.g.G.w,D..U.O.I....=.H..<n..i.Vu..m.B....3.....9.k7...r.C.#.Rh.n.....Vu.D6..Phf.!NEF.{...g.YI...&......08.~V.....PJ.9.p....v.....Ia.u..E..j....952b+.j....v..Ua"....J.s._z}......PE.Z...l...u....Wh.{..A.....99..0...S$|.QS.EY-J6........(.u?.!S.h.B8..[...;.#.kMm.Y.<k..Q..>.u.9.....4.gG.'.[...f......Z.~........V,...R.Q}...[....'J.?w4.]#.j..b.@.[...L
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):19880
                                                                                                                                                                      Entropy (8bit):7.964954898152231
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:S8dRhDvBQqUG9aQPVl+2OWIN+TPvk/8oRogs+tqGR24GAAdMU3S4P:SchD2utPVlZVINIToR1lRm3q4P
                                                                                                                                                                      MD5:0D1A2B721C42C46A52C92922EA47A637
                                                                                                                                                                      SHA1:FEE70B8A2DEFC662AF3F3BF0EEEF681F63C479AC
                                                                                                                                                                      SHA-256:2C0B58A6679C26215ADACF393C84C108111D283FD64EF965BDBC3D87F3B4644E
                                                                                                                                                                      SHA-512:FAC87ADC076A69E0AF8023111A119746EA0DCBFAAD6319887FF00689A9497B177477AD1F0630D6862FC2FA8A8DABA0291ED5E3C0B265B71726F30C4CB6B8B721
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?../.^Mo.Msl.n.Y...ld...p}y.^wcs...].&..,.N.q. .n2z._I|H.F.....,u[..,...1._-...u8,.._:x...u) ..@.....r........*S...m...N....O...X.kkp-.2.7.,...@.)t.......6mV.Y...q6.=rPd.5K...W./..e..D....9.=...^.....1.-.........0.....pGq.^.#Z.7Q......J...?..w....[..][...Iz.......zz.M{....w......H..[.j...>S.0^T.v.z..-..g.h...5i.v....NG...i..8..#../..C%..1iZ}...NQ!.k.0aw.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10476
                                                                                                                                                                      Entropy (8bit):7.9463729892981165
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SCLtocJTU+FbgXcF+ZxIO/oTeaSkTxSkOL/AGUSLdCexmyk0EOwQC:SCLRJI+FbgXs+zB/2910VL/ApSRCEmpd
                                                                                                                                                                      MD5:6F8BBD6AE1B80C89147057FBAF1F46CD
                                                                                                                                                                      SHA1:94BEE55C5629C2A95E6ED21D11E7D81CE1E4F834
                                                                                                                                                                      SHA-256:87061262CD973B68A496C0C3E10DFE06C56207272D0CDC1E6F32588343449A9D
                                                                                                                                                                      SHA-512:26B2E46C3FC7C8B5303D2C4B917EC04F984058843E01DF00D305DE00C41FF8E73DF3311BC0EB1F9CA6A773FFA752A579506D1C043EB731A56D986EE6858DED27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..7.Us.B..@...vc....Q...\.fH.N.qQ....>d.c.....IG2.."..4y.w.^I...B.I.q..g......s.....*.l.".F\...$i...db9.`7J1.9.r....M...\z..F...2)7.Z.{HGjkH.7 ...P.ry...8..E7"....M...c....]..d..iUNsE....Rn.Z(..(g.iY.cM..).7.sz..0....R.Xw.Oj7.m.\,<HA..c..V._.O..Lg..."...]...._.6.t?......vF&...R..O...n{.........b.FG.....bk\.W ..4.eO....*1..=......L.yd".{p..E..9Q.%.=..J`.a....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7212
                                                                                                                                                                      Entropy (8bit):7.929277389664045
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Sn2mCMu6gLwRbICsOjsDP5MpOZ4y9U37VT3kmW:Sn2mS6rbI3xDPoDprhW
                                                                                                                                                                      MD5:2662776B352F2F23CAC03B2148D3135C
                                                                                                                                                                      SHA1:640D5A4FE9B76D8DAA006E82C1952F92913D4C4C
                                                                                                                                                                      SHA-256:D85EADF7D775C64F04F9B3D5D48FF49885C4C1A3E2280AADA69B06C107966489
                                                                                                                                                                      SHA-512:2B0DD200FEB6866E5ACEA64C156AA08C51C0208C13534AB9EF1AEEB5E32413E54A624D99C21FBBCDCBD3635F9A8C70297008E114C1737C4AE8F44B370B27EED2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..|..NP3N.9z..G.{..J...J.*.&.6..;.j ........H..1JW"..j.o..i..RX.).ZO..UeNx..O..e....$B.5..a.j..R`R.....p).....Kp.G$....O.#..k9....^.E9l7.Jo.....F..........Lj....2.%.+...T.......JN.n>ni..X...5..Qk.*.)=..i...\]....X...\....(.(.H....z..7J...x.e..!".@.H...u.XJ%..kS..q\.q.L=i.....VRE...R.=.:..KGI..?.Jvh...<.....x.QW.H.Q...R..;..Q.....9...P..:1.U../..O.o..sS..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15851
                                                                                                                                                                      Entropy (8bit):7.9556641591349955
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Sz7IS8K9AO0/z7Jbn4oFhQHEHSLIvAOW3RpE:SzUhosRbn4AbS0TevE
                                                                                                                                                                      MD5:7849A08EF5856AF5E5870499D3E4DC08
                                                                                                                                                                      SHA1:CCCA55D6AFF6AE87F9F1E7ABA4C77E94A72445D8
                                                                                                                                                                      SHA-256:342D26D47FEFA4B5FB5ED0079C9884F6AF1046355C1091F2276794F019B47236
                                                                                                                                                                      SHA-512:216E258A6453140C8C6DB9FFBF7D1DE11DD726F8B666B625F870174873B75C996996577D6792EEC3CFCA7252A5521A82A93290AE9BFF28F68618FF5097E39AA9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........#5...e...^y.\......IY.F......-..i6..m|W1.{3.<#4.%n&\c.j..xR+8..?.;`.\U...i.....FH#.Ro....Y&.a.qMM;]j/g$.....Y....8.<A.f...w{.....ehz.?.Zd.............P.7..c=.Nk......r...,.e..Z...0....k..y6..I......l....RH....`...vK..]}...s.Ek....6gE9.Y..,..A..X....CU..u]..Ig..W.Mx"U.N..S.1.....9.J..b...B3..Q...r.).../.k....2.M.".5..k..]......EW..E{......$2..'.MK.m*.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11159
                                                                                                                                                                      Entropy (8bit):7.948516852494091
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SjUOKQOSuvZh88TsEmQ51bh1315F5J8/4Q8OkyHcq2ZjK7u5scbgm:SjOQgZhVs1q1bz3152rkyHcq0j95JP
                                                                                                                                                                      MD5:D55DCA0E05406B5D29B09BEFC341F272
                                                                                                                                                                      SHA1:5915E5255E57EBDA94483C6FEEE20EE2E49503BD
                                                                                                                                                                      SHA-256:C90DB2A381E9BA8BBE9E50550CE73D3BD50A468335EAD44CFBE023436BD0BE47
                                                                                                                                                                      SHA-512:8B831C152CE79484788D6A68E74288DE22D62C6EF77ECF1C9A24B23A37B6564BF9326F825072787E70998A867F3DA35594F2C5E5D96C44722A8BF1B9ACC2558A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....GOJ..;T...p.YKFf.*..6..#oJ.9.Z...Ov...*9..Z..u.......;g..W...<.r..*TZ...8.j.9.,%.....D.b......y;.!S...+.SNU!G.`..Es.X......lY...V.|...:..#.n.Z..l-.R.=..!....G..z...ym.n.^.@l..J.s....i...s!s.[>.cz.@.....%.t......N.\.C..Ea'..u."....PX.9a...hG......85...Y.&#b....j.ky..V >>A.Mm..38...ot..M..`(.V|..VF.8....7g.$r.~o.G'.#.J..B.kN..x....7..r....w...........M
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16045
                                                                                                                                                                      Entropy (8bit):7.960391803528666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SgHEh4POtrAvZYAeK8eK5Kh+VcidyYyL8ThW5JWiGgiBRAkDUp9HB:SgHEyP08vZKK8ekJINzgXBnUPh
                                                                                                                                                                      MD5:C0F232C6F3D9D77216C60577C63B0754
                                                                                                                                                                      SHA1:B18ABB1CE1B0E7109B4F8B5846E1D67D4764CA83
                                                                                                                                                                      SHA-256:F1F39BEF1BADBE6CF6B001861C315F94D3D5540AE97E310AF02077ED1AB0A6E1
                                                                                                                                                                      SHA-512:5203773B583AF5A3F19943F909017F1BEC59FB66E1AD4168232DF63A8BCD71B397A009D20676CA58A70E2BB1211CCC98C44B9C1E000CCED1D10048192F322933
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....9b.*...[Z...\.z......(7.2..M......0S........^#..mo!X.V?Z..\...{.$..v,O.Kfd...:.ie..9'.....|F...x...?..j.....]-....c<M..`}.m<.&.FQ.M3.'W..A.E9..hD...(..p.FI...?.K...cmR.|:<r...|.u?2.;........D6V.k..GBr.z.....u.Jo{!...-..WM...t72G....G..... W...u{d.d.H..I..V...1.U$...AY...w.\.k..1$B..q.~.:....yf.*...x....n<0...X..0:$...bj.v.a.u.*.y~e..z....q.1De.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33416
                                                                                                                                                                      Entropy (8bit):7.954617856322549
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:RY2zg83VS9e+NBEtVifR3KxikakmNKyXl6dykRL7o7UsBjk52h4QX5:RYugmVSpeERyiemNl6X7oILk4QJ
                                                                                                                                                                      MD5:12657A48DE4B61BB370D41A54F04331B
                                                                                                                                                                      SHA1:D4C931205F39482840FE5075ED28BEDB5A80BECE
                                                                                                                                                                      SHA-256:0463ABE69AAD65B9F0BAD7E945488146DF76FB658623CE133AC765C3327F7C8A
                                                                                                                                                                      SHA-512:8CB0600D98B0AE500BF4380CA8C236CBF18C3B109A24B120E1F2FE33624768C12FDCB2C77B458858C5738881167FB3752EEE60E8556F88E53E93A20586823E51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....8..x...6(......T.q.....c......6..v..K`~...>..........->K./....y.rr..y.....x.Q.X...5....^&...(1,.j.\....'...`..K#2}.*.....^..`#`MA!..4.:.z...cd..W...M.qTQ...................q..4a...J..[..mq^7..R.Y...|.........|K......kf........?....sE.3.)<.d.U..7.y.q..Y.k.9....*....'x)s....u..6.?=..z...HV...H..Z...........hy.?..~....LS.|..ni?......X._.O.....n=......?
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 275x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):6.711996485767956
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:FI9kc/1UGNCyluNqq0SPrZ7u56uRf9cgQ5j:FGdUZyluNq3aZ71Gf9cgQZ
                                                                                                                                                                      MD5:01FA4C58E0E73B9C80F6D7F5D82E0415
                                                                                                                                                                      SHA1:53493A2E6349B9D033AA529BE13292929AA4A083
                                                                                                                                                                      SHA-256:438FD5C271BE5FA32889D99A7F97280D764CA34A83E509C8BEECCCCD31BB76A6
                                                                                                                                                                      SHA-512:E2418BA0F9B7C1434E7E75013D305F8D5B99B9FE57BCD31B1CF084D32AA79813DB04EBCEE24DC70598A5AB093512A8E0A4E1B032BC36A556FE46B025EA66BD68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`............................................................................................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....z......;.4....-..a....i...b...P.q..ZV..R@&.C..-H...a..."(,...@.I.@./.^..<3.6..|&c..........+{.r...n......x.......+...]....Hm.H...:q.'.z.E.&...!..y.}WW........Yev....T...5..c}5..Mm...!......f..z...?h........<.@.-...?A'#.5?.^...O.#..,<Ky....H.[.!V..~........J.....>..E....+...A...&h.M..}...Z.2h.(...!...u.....!'...b.2..j.(.(..w.=h(;.1.4.(..h....K`..KP... ._.X.i0.8.............
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10591
                                                                                                                                                                      Entropy (8bit):7.947093927600611
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Q2Sm+wRxnYJZy+RETJr2vyvNQsjG13h/XzxO5nFF9AETMIY37jcVZ+bNgX2qrER/:Cm+qxnYfyhT1vq33mnSETYMVZ+pALER/
                                                                                                                                                                      MD5:99D654218B3BF07E9352814F317EB4AA
                                                                                                                                                                      SHA1:1CF4275579067ADB7D455D8BE3A277F0646859C9
                                                                                                                                                                      SHA-256:9FC0884A35A26D1B2CDBA35910BD49AFD688AE1FE93EB8706D37725B3F644273
                                                                                                                                                                      SHA-512:0492AA0AD83910EA9F78AC9A0C02143DF28320BD2BCACECD8D33EACC5D1AEE3A6586C632047363429F9A170A6F49553A7562F55DEBD00C4DA7A4B5DDB9E2376D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`.....m..o....pHYs................~iCCPPhotoshop ICC profile..x..=kS.....M...v0.C.;....... ..X!...m. I.7.........U...._@(..$...."H.C....x.?.px...q/.'.....qy}-.Tk..g...d..%..%'..{..[.E..i~..D.g......6v.aJ0F>......W.5.C..S..|{.....7.....\D.r.a..dzX..F..?.r...[(. Q.nM.a..'..k.....l........j.H..F.M..XSS..T....M.....MN..L~\f.1G.&..O'.....y.?......x.->a.>/_..s^...iX.. .L......r.w.7..}.;...=Joy.....w..A.t.XU)b... cHRM..z'..............u0..._..:....ow.....'[IDATx.}i.$.u.{/".......{v...%..]..%)..J.,.d.. ...A.......!....6...LP2.X.e..m..).H...>..c.....33.=.....g....FUVdd.........?....."...~.yQ...wE..'."$....n.[.....<...k....G.DD..h..}Q..1.q..[...p`X...G...G/Dwl.&2xo.>{...1Fk.6GD.$E...R.DDfff""".1.m..>..BD....n...EQ.y^..o...{G...3. ..6.[......(....w..f/...u. ,}C.GZ ...e.Q..E...|..Av.....Z).....P~..,.{...m.;.d......Z.p..[5@...Jq..7..)..`..!.^ ...*@,.......D...._.lG....=.Y...snH..Rh.....r.1f...~f.QD..#y0..w...0.JI.....!g...#.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):237
                                                                                                                                                                      Entropy (8bit):6.146894524487237
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPkR/C+q/EFce3NIjFe7ebl/DDlbYFplOzuzTp:6v/78/+/EFce3Nse7eJ/D5YpOzu
                                                                                                                                                                      MD5:079A09D1F18FAE47C000893F6E5481A3
                                                                                                                                                                      SHA1:A58B0AA0376ECF1A951B65580A76063CDF3B59AE
                                                                                                                                                                      SHA-256:FECA813866D96DF36878A16B51D58B0381B223CD3A5B3AA2B34471254F261D2E
                                                                                                                                                                      SHA-512:E5D428CAFCA9CFEF83B44A019226CC33AA919218AA0B9C9A1CDD9281700831BBB3177A4367F83BCA1810BA55349B57264FD7E8CCBC39C24B76BE7A201C23C912
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.0....V(.<.4...$....F .0.....P&N...@<..;A...- ...U@,.. ........p.q.....h ...R ..b..K.......f)...1.`B. ....D.06q.=.(.....N..j.......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3583
                                                                                                                                                                      Entropy (8bit):7.9158821748174555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:CSGH/f6BMBxJkgJKG35Q9e2OcUYIlU6DIyLs5:CSanpBxJveacU7i6cL
                                                                                                                                                                      MD5:CB1B7ACCCEB7DAAA53695BE7E92262BD
                                                                                                                                                                      SHA1:FBAB831544E0B16FC53E326F98C14CE48556FB2E
                                                                                                                                                                      SHA-256:420271E503C1283EF18058A3132C738F8D5F93F4A3171CBB6258671806E1ED04
                                                                                                                                                                      SHA-512:732CE095832573D566C4EF5F81D7A63F888229E7ECE9FC04408D2551111483DD3A7CCD81B71C2C0AB760B97D5EEE9289C850E908E4700D3131EB0DEFDF13AA23
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a.....IDATx..}l.....g.4N.@h:.$#a}Q[.Ri...+!.H..D.x...t.*...:F....@....a.V..V&.../...R4F5.Z....e...+!/.....g.|.;_x..}$+.}...~..9[.zz@".nx.+..8.:.3..8.:.3..8.:.3..8.:.3..8.:.3..8.:.3..8.:.3i4...{...~..u...}.r.....3..hw~%{L7.9.....cL..e.".K..>.A.....{.$... ..3....AE.m..i.(....rz...>..U..ODw0..v.M=......6:p.E9...0...k...J...,#..d.oFD.......!.m....Y..V....i$...sn.0,;zT.............+x...U....3..}......[....x.."..*I.j......o.;..Ak..I.:.I.k1.|..8.{....dhe..L.........3. ....p.....}...a...V.d...w.s.PoE.6.r+dUc...b./..&ew._3\.K.u)....?.xY.xH..>3..'..o.ec...Wi.(..;.hK.bja.A..^x.Z..2.YL..d..S..d....&|...%...Q....#0G..sH.t.9..%h[.r.+^.g|P..J/..N..fQ1{...>.>.d.N./...w.$+\....';H..H.t...H>.......".q........I..#.N.^`..g.J....h>..+O`.g.e#'.....s@`..Vv....N.c.....9...=;.4.n..k.......6e|..D..ON...Z0..4.Q..SF......~]1....L'...../...Tf}4,...S8.j.Gd...F..'..t4;`j.=.j6..|.7.)?..7...n.S8....
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):331
                                                                                                                                                                      Entropy (8bit):6.836736228609407
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPmNpkB/6TogjnDsp9aXaZ4eJcAVKOt2sgLNHvEE/BsaOxycp:6v/7uNpkB/6Tog8sevNt2sg5HMSBe9
                                                                                                                                                                      MD5:217F503D30923BA5958A41D356EFB324
                                                                                                                                                                      SHA1:BEE9CEB356810DAE6729FD3194E98CF84FF13770
                                                                                                                                                                      SHA-256:78AEBC311A219FCFE478659A02EB863E15671651B77D283FFB71E9197C2E999A
                                                                                                                                                                      SHA-512:14ED9DD8325F7FE88B7FEACA1BA2AF6DA4824A01B65D6801EE6A2C0B4A009E21E44ECB1A2CC2F291CAE887DB20EE0CA76D182B8CEDFC02975668C1CD483A31ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...............h6....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..R...0..e....j.......I... ../:.y<.n5x....e..[.+N.9.>...(....:.?h.p..r..{...<.Z..u.......,@.u.K.y.A.......}....iPW_...q..u]c....<x.B.E.........(.[E....t..-!..0g.. ..,{p~a....p..m......a..a..B..,....?~.....d.n9.A.h....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18254
                                                                                                                                                                      Entropy (8bit):3.249364975869355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:CXHt+JcNgOSiS4XsAYNpf2ESNLkEWmRsxNXrNXNsc5KmE6ZaxGu:2oONgOLPXsAYnWk6U5You
                                                                                                                                                                      MD5:55B4CCFB61063278E3AFB62CD52E90F2
                                                                                                                                                                      SHA1:AE23530272B04155E104AE93080B3D56C681FE22
                                                                                                                                                                      SHA-256:6D7E84DBE1A19AA1EBADD92D04EC0DEC54CDD2345811F21AAF064150FBA02068
                                                                                                                                                                      SHA-512:5BAA1AA60A1314B10444F49B58A50F163DF1B1C2F8E0D7B9975D344C88A4B45FFC01305D99BE038ED988805F34CA6907A148E8A053F6E0CBBD32A29CC08FB498
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8378
                                                                                                                                                                      Entropy (8bit):7.952053387087231
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:fPu1RBKmdP2CmeEhPnM65NJWJitBmz9L9OlTC7giwbBHMrEE:30Rks9m3pMqJv8/OlTCciwJMrr
                                                                                                                                                                      MD5:4409864E01F632CAC2A351E255C6CC92
                                                                                                                                                                      SHA1:4B6A3A7A9631EFD99ED75D97E24AB870CCC2BC6B
                                                                                                                                                                      SHA-256:045D2CD80AD4BA4C4F1C65BA860C4775636F13D7C8B180378894421BA532DC8F
                                                                                                                                                                      SHA-512:A09FD314735C143896BF7A25D79391833777BD5ECC5E0D67ED1F8C662D5E4A893FE9D8D99C2CD8F5351C7A294FC2BC04901A6FCC3720CF144E00BADBD232850E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....sRGB....... .IDATx^.]..U.^.N.Q...F.`C.PcC.,(ET..Ea..(( ..D."...}.(...(..X?K....].....i...o.......Q.&/.....svY.Z.j....f?.V.5.~.........;...^|.....F_..}j ....1.......uz...u....K.d..H..Z.! ..x.P...O.C....E...I...@...rs.$.......v..LXU.V...q......?...a~.[q....g.e.-_'...]...T.....z....%...XZl...Z.W.:O).....a......+.E.8?..N....2$..\.....Ui...j1.3..............hD0|}(...a..l.m.......P-0..[.. ...,..|p]fGJ~..=.H.+)HA..iO..u.....+.V......Z..u..S..!J.......AX...V._..K..?y).[.?f......P...}.lL....(h.iO.Uui...BK)BYcL.......F...Gx. 4@..mYJq>.n...diTS..<.Z^c..).-@.%.....p<$..J......3*.......3Y..,....l.....8]_K.>Q.J......}..h]zs.J.z..7..v....*.T...l.Zz.....u,Jl.\..BxP..............).wL.s.v^..b...H:..F......f...&...0..k.V..G[@.. .p....y.L.r..{._.RY.A..Q.s.r....&....QF- .).=...?...c.....dE..1S..;..9'..r&.P`k.).F`...@..J:...f.$....).7zM.....Q....U.-........f./.%Pcxl.6-.....%+.4..1........nD.#.n. /....f.R[.j~6.7.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18737
                                                                                                                                                                      Entropy (8bit):3.2844151735912424
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmgCxNXrNXNsc5MCrdL:bSDS0tKg9E05TKk6x5R
                                                                                                                                                                      MD5:0E24DBB269909FB843B94057283D62C3
                                                                                                                                                                      SHA1:1876120A624E3A7EF745C9EB0E05B5E47FBBE657
                                                                                                                                                                      SHA-256:0952BFC78774D1ABF4729092EFDF61B96FDA8BA06F47E0A95A7347A5A41BF0C1
                                                                                                                                                                      SHA-512:0E4F02B8C05BB2BA7E6924025A2222EE3583BA60DEF3FF48AF3A46669E5ED396CC5F7A90B9858B7CE0DB5C7E3FE7B50D6C9877F1F8DDE2DE7C2D8A6AE72B2205
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4091
                                                                                                                                                                      Entropy (8bit):7.591919306845678
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:CSs6knmWIIo/l353oXMHUszXR1sAzcChmgNR7ig6AjkYLX2BeBv:CSs6knm353oXML10e7ig6Aj9imv
                                                                                                                                                                      MD5:6B589853118D854D111B821D219BCE85
                                                                                                                                                                      SHA1:DC7E9153CE635FE0DA566F8CA051C4D793C35B9B
                                                                                                                                                                      SHA-256:80572643F0186F29978F26F4F0893A9F62809304C238558AC1D978F72A0E2369
                                                                                                                                                                      SHA-512:5F37FB7AC20247D948B3B289FDB8CA045E9E304CFFB55DCF6818016D75E2D32CB4D01B6E60594E0089A96DC42076599DEC712CFBFC785E6AC62E48AE78918C74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...`...`......w8....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmp:CreateDate="2021-03-04T14:42:11-05:00" xmp:ModifyDate="2021-03-05T08:34:10-05:00" xmp:MetadataDate="2021-03-05T08:34:10-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:7c3aeaae-e7fa-45c5-ad07-ab542cadec77" xmpMM:DocumentID="xmp.did:7c3aeaae-e7fa-45c5-ad07-ab542cadec77" xmpMM:Origin
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):7.681182632559876
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6kyNGQsXjNnM3VN3iBSkFViHQhzaNH/8PCfrj1:6PFsXjhMLiBF7VaNH/
                                                                                                                                                                      MD5:49CEA769D9C08B3EC1F7582D2A4BAA90
                                                                                                                                                                      SHA1:1C6AA090BAD7D48208CA2D3D0B8E01E1489B0694
                                                                                                                                                                      SHA-256:60BDB2B66D36D61DF8FCF0E5428304FAF0EFB38E133D6910FD0194212255EC81
                                                                                                                                                                      SHA-512:212C2970E84ECFAB431F6A8C90EBD09DB46DF262C8886729EFEE6BEA05DDC6350178DA8574260EEEAED3D07279FDAD4349D76EA57461448DED2EB70492770BFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`................................................................................................................................................,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......uXm.{GX.f......c..x.`.J..IK...)......k.0....`.m..d;p.y..+.)..z....}K..0..U.\..TU.........>...j......z..l...|-{4.0...0...N.u?7..}F....MS....ad..^......"e`....A.3....A..y?Z.7-u..4|.z#..y<G..g.y....n.9..1...kJ4../a=/..j..g.....=M.$...6......=.x...x.F....9>._..(.r..-B.].QM<O)..r.N.=1....y..S.U....odpZ.....c....Y./]....*.{......J.Y..-z.;.ls.X.U.].. ........>b0T...]
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):592
                                                                                                                                                                      Entropy (8bit):7.578589676001941
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/78+QOTZD7cechojiorckcpFwDSAFGSEpMFC2Cmw8qTavN+M8MIQ7LLiQp:jsZbchoj/4peK6FDBwQV98gP/
                                                                                                                                                                      MD5:4124D5FD304564D77589DED83FE598BF
                                                                                                                                                                      SHA1:8AC689BD506AF7312E8FBB06AF3A215B9A609A23
                                                                                                                                                                      SHA-256:BA66F541FD81AC7C99D86BAC4CF071C9F0000F408B7487AFC1BD5E35E20B87FC
                                                                                                                                                                      SHA-512:4F490E4ADE3C0AE6C117C92BDF8266D29D1B1FB2A80510EFD447BA228B9939DF3C70320FBB5ACF1CE6B2D5646B6CC45EB2C45DC7D26CB28C002CC4C145016BFC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR................a....gAMA......a.....IDAT8....kTQ....e.IX...F!Z...H...`'.....`ai...`!v1....(.`t....V#Y\.....5Q..y... ...f..{.{..v#.$K..1..i....U.\t.[\s.trB..v.v..4kU?._...&.l.Qy.n%..n...V}..Q....)......q5.W.U..-...N..S....>..a..l.....`a._..d..q2..c.G...0........xl'\.......1b..UP...BF.v.h^.....:..v....VU..MQL......[...w.awV.._....+...T.<o^.z..'..vt..AI09..9..J....U.Y]...7.Q..@......!...v3)y.z.....>......T.WuF...H....U...g%e..<y.....b.O.6.]7l.5/...o.E?(.5..]..;..1..?..H.t.D.u?...........Y.0..v.ii+y.:..B.2.Z.j.{...R...u..[......r....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):125250
                                                                                                                                                                      Entropy (8bit):5.366459254148267
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:QY0mqjfSB5TUVJTwzIYo4c/tJX+QiKCWczYxreKan5CPO4a8+DHAizsjqLZ7Ea7l:Ata5T+0K4KaQiNuF24AdsWLZ/7l
                                                                                                                                                                      MD5:4851F99F7147D56FB954D81055CA2D3D
                                                                                                                                                                      SHA1:8D7982E0B6329C0460F0EE61CCA0151181326F2B
                                                                                                                                                                      SHA-256:97711CF6D03D55D6DFA7BA68473B2D0D3C64C963463100F87F6792A4D0D080C1
                                                                                                                                                                      SHA-512:21F2B58E5FAAF45A80D5E472901A430F3FE49286694991E303939D1280716885F4A31C422411843B02A9CE9F409A8042E0A39320A4CAF0FF1F114870D581F7E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:/*! AST v0.61.2 Updated: 2024-02-13 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:a})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var a=Object.create(null);if(n.r(a),Object.defineProperty(a,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(a,r,function(t){return e[t]}.bind(null,r));return a},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=12)}([function(e){e.exports=JSON.parse('{"o":{"UT_IFRAM
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39155
                                                                                                                                                                      Entropy (8bit):7.8985187905985486
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                      MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                      SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                      SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                      SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):89947
                                                                                                                                                                      Entropy (8bit):5.290839266829335
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                                                                                                                                                      MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                                                                                                                                                      SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                                                                                                                                                      SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                                                                                                                                                      SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):85486
                                                                                                                                                                      Entropy (8bit):5.325918533053929
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:eT7T6FPM9o8t4oG7AwAEqKGyMLiMUoLoChf4kyKa65C3ZlJZ6ZxzZE1dF/Ew03j1:eL6OmdZ6hy7Z68dX+QD79yMvx2L2767
                                                                                                                                                                      MD5:105F6F2E14B1F765D9EB9152B684FB58
                                                                                                                                                                      SHA1:13B07AABDAAFFB91F782CEB594F60299ECCCC090
                                                                                                                                                                      SHA-256:4F8D8A36B7B5B7EDEB0B197BD0145041DB1ABDF6533C7C744BC8A51F2E14E8F3
                                                                                                                                                                      SHA-512:B3A31200FED97EB54328838C4D3E41A0AEB2AE61DEC06E317FE885C98D48347FC0490D3B9F560075DC31A4FA37BEC46A887567C1179EE1CFCAF43960E57F4F5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=e7974c58-6658-4be4-aa0c-8205ad0bdaec&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1k30SG","type":"article","title":"Former Vice President Mike Pence calls Trump's Jan. 6 hostage rhetoric \"unacceptable\"","abstract":"Former Vice President Mike Pence made clear on Sunday that he \"cannot in good conscience\" endorse former President Donald Trump in the 2024 election.","readTimeMin":2,"url":"https://www.cbsnews.com/news/mike-pence-january-6-donald-trump-unacceptable/","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8420
                                                                                                                                                                      Entropy (8bit):7.9401565160437775
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:SE9T3xfLxv57PNTzS3BIfekKcfCQNonSgS9u2VMcvjxaSqZ06QoVkv4zxlyR5WfS:SUBpzSRqKGuuFVMJXjfC4zfGQfHOI0v
                                                                                                                                                                      MD5:B35494709B23B5E60A3FBE6B30C60856
                                                                                                                                                                      SHA1:87F8767E34401F59A0D7268152CEDF3D1AFD6686
                                                                                                                                                                      SHA-256:7EDDD8462CAEC52F5107EFA1F4F3773260DC568DDEBBA2496832AAA4C90F0E89
                                                                                                                                                                      SHA-512:C9DCB646061FCCA65EC52524AB00EC7FE49BE22ADDBBEBCE6E3806706ACEFC876212F3B3B66105AEE27E0BB4D2AB5A188C3FE097F1C1FB8C8BC62112537E4762
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,S..f}.T..s4L..=X..SR!.!.H.-0....)..?.9z.3.9O.T...*Ea...p..2I..O..JF9.n..j#6....).|.I..Z.5.<.......U.h.j.'..E&...)...._0{2.Li~Z.q..E.T.23I".Y.....|7.....i.dp9.....g..F.o........n........../.3&..X=..~_#.r,.m....d.&.. $...]V.e...1....L..o..g.u.h...d....M......Y...=..he.X.....c....<V.....b=x...s...&..YW.A..d.$.N.Z.....dU..+...B...z-d_.C....i.....f7go.
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24055
                                                                                                                                                                      Entropy (8bit):7.960513045951106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SYJ7BoLhMrnCgQsbeYZlLXkXO01aiUEIfJP4ZLKVZQPLHA8Go25ZKPvRO4LO:S81ZQsbXHXkXlvUEIhYHzYZKhJO
                                                                                                                                                                      MD5:F5A338B85A7AE1173FF656FE98CE5D9C
                                                                                                                                                                      SHA1:128C42C2D65F994AC97D819570C772E672DEE290
                                                                                                                                                                      SHA-256:49BA2A090C27FBB7D51879D026470D6129633CB3442CBD988179FC775284AC6D
                                                                                                                                                                      SHA-512:5883D79320B8568D8120EC7D0099AF1FE224FF72ABFBA6F6C1E7EA1918D5A55BA5BFEA57B677D5DDB765954ACEF8F9C5D47F8E5A55809DD82DCF20B2C861298D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..<5t..OR.I..j..Q.@..k....Gj.e...T.#J.m.Gr}.+...!..L[..5&......I.3.....1..bF.U7..2TbUX...H>.V.1..6RqwG.K}...:.)k...q..~.}.Eu....n.p....6.{s...04..r.XD...,P+...*s.k.~+~..A.)|.4+...G...>.J.o.X.vb...nQ.%...O...V......Q"......._J..}y.i....Z......;...vA...@.\.._...u+..."..$.%h.m...$F.N#b....@'$T...-...Ox.P.;A:.$..:z.....j\....M8M.....8.a....\.Y ..Q...R...?Z
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):23254
                                                                                                                                                                      Entropy (8bit):7.96601438700204
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SS1q9N4Ok2UDwLb7/hnzIrLdu2d8oN+janMH4UFj930EvI2L/eGOPjZYUc:SScNXPzIsz2TU5930axL/nYo
                                                                                                                                                                      MD5:CF0ED08C315D53804A12D5563EBAE2E9
                                                                                                                                                                      SHA1:3B656EEA28BF489296C0172080E7A1B1BE57558A
                                                                                                                                                                      SHA-256:62084D6DBF715214233CC0EEA160AC315137FAE25B1E859CFC0FAC13D6929FFB
                                                                                                                                                                      SHA-512:6B5C6FCCA10D11D9EA943488064F07F32607F425B654EA237C1F70C019F9522B3A932EA4208A07C68BCF5AE80667792CA3381C61EB7448D521B15735CBFE1A99
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....jH.X.....?.L.@..dr.1..''...u....Z..Y.....*...i..&.2+.....c.....u.s .cT.....,..A....4s .a...i..O.6v.O_.I._....T`1.k.*W...A....D....k:.V4..3..V.9..{..w=:c.[.i+.:......y..=. .f....;.t.@.s..3p.Jx.Q......h..y.(.....nzUg.%-...I...].w.%%.....E-..7=.....|9.K8....?L7!..o.1$.q..V....;.rI].8.dmnz7>3^yc.M[QI5H5..M5K...,wH..$iG z/.y.]...k...}.....S.G..7%~...14..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):17048
                                                                                                                                                                      Entropy (8bit):7.957710734445302
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:SFr7/CnRPjafBQOR+BlC2zZb2u219J5ruwyVd2rMOcq0:SFnCRPdOR+BlCYZb2u2Z5ruwy/2A+0
                                                                                                                                                                      MD5:9B368F660F38890F421203BF87F0E546
                                                                                                                                                                      SHA1:D00FF5B202446FA2CFD2572F96C5EF51F540C427
                                                                                                                                                                      SHA-256:C0296EB86419FE4F7EA98F93E6E04CB3EAADAA7435F52960D7F32474222123A2
                                                                                                                                                                      SHA-512:F37748719C6BE52F899DC3C1D396900F68D8625C171433942DA3FEDB1A27AF87962ECA10C517991C8D00D03FF5F5A032EA32F16C6A5592B5A3B6AE54296041BC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c....Z.....M....+..q....$...k;.Y..I..umY[.>s._?...........:.v.=EXm.?:]..~u.1.:.....*...?..5.Hv<..:..I....=.k.ui.|F.......v...2FUg.?J.&..\k.9.r.=Mpf..^.El{Y...%79'tP.\....5[Om..g.V.h.|X.1U.]I+.g...H.&PA.Y..[G.j.}*..8".Ll....t..r.}..c....,.xTPY..Vq.).F+Vs.X..7h..|,..~...?.ex...n.k......$/..Z.F.......c.3..>.......s...#..u.3#5.....<.b.'.+.!)(%.._.~~....^.Y..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15472
                                                                                                                                                                      Entropy (8bit):7.9646390406608605
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Se06Nk2oEhzrLSyyqtD6E0MDoWJODNcsopLzM9JC/AOSXx1bmvVTcReIbH:Se0662oiLSyyqEE0QoW+cnM9THy+dH
                                                                                                                                                                      MD5:2DB9F5CCA4546304F782958620BB9DDA
                                                                                                                                                                      SHA1:E32AE933720F8DB7129B08FAAE2E21B8D6B648E9
                                                                                                                                                                      SHA-256:193711802DFEAF91E4151995585CF0D21EF140AF0DB2E6B1978F0E23418A337B
                                                                                                                                                                      SHA-512:787E89014438574B7E30F2C76F85499061D45A6395161CDABF0C79A671B9D212A84CF19D4AAA3BDD2446DBA0F0D8F1CF331A589A608ED9F581DBF43E1F34ED64
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...l._ys]....u...{.m<.i&.'......}.i:\+.... ....ErV..r.z.V/.^7..1..Q.\>......i.n.....X{.+c.2^_l..X..... _'<.5..F:=...][..h.#....Y......c..@..n..J.....kK..5...M?.....'<...^..Z...%....j^H.u..jVp.X..:.5...n.....O.O...... 0.....t.%f.h...p..T..cR.h....~....*....x...."+._Z.]z{..P...S.QT...P.,...O.fu..IF.^.fmH.^..c5.x"...$.FB..[.7F%....t.We._.x.S...M..d1.G..9.~.1.2.t
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11634
                                                                                                                                                                      Entropy (8bit):7.938919542660497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:S9w7uEBXfukgu8Muq/g8XR6s+3rWcAAt/BX6/+TaJc/seD056SDZtPqBD:SybItdGX+icvt/56AO5NDZtPY
                                                                                                                                                                      MD5:EC41AEDACDA1005B68D47540218DD278
                                                                                                                                                                      SHA1:8598D2F8CA509C022443D290D0C98DA160A1DDCC
                                                                                                                                                                      SHA-256:5AD9F46D5CC153374765AEBB4A692000C1AB82403DC89F6D03E767F47E4709E8
                                                                                                                                                                      SHA-512:066D9A6BDA94D25198315295B098DD2F3DFFBB8AE626356C8C91E7130DF3D8E460B4AA33C68EC971B9689DE647B7892467DAA5FA6F85412BCB33074C0F3EBF2A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6v...P...4YZ..=....j...R*..+...Z..".$.....X:..+-r.J..n..._(....k..A.r.s..)......X.Fi.Ao..}Y.n.dWf....|..V.(%.v.. ..?...K"...."..{V.:....+9..*.j._...h...;.!..s%..b})l..#E..B....(.F..W=q]...t.M8=v0X.)ZG.}.D.y&.P...8..SC.h....Z..c?.x..^....q8.k..O4.g.T........Gs.....*?........W.].=.t..Wh...z.Q.L...fh...z..".>...m..d....%.g.......+.=...Hb.e.n$b...Zt.-c..
                                                                                                                                                                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49120
                                                                                                                                                                      Entropy (8bit):0.0017331682157558962
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Ztt:T
                                                                                                                                                                      MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                      SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                      SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                      SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 118802
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):242356
                                                                                                                                                                      Entropy (8bit):7.991210403664034
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:iRhzb6d0X7ayN8De2ei//LiBCNBs4vIVeJvx:iRFW0X2y0e2edcbveCp
                                                                                                                                                                      MD5:D01AD4937EEB60A02BB525C82C8276BA
                                                                                                                                                                      SHA1:1B3EB2D065E83849A22E751C40B2AA220C26C339
                                                                                                                                                                      SHA-256:C59193D5128C21AED2F5311517F6C4DD0B4C1D14CB9B6E1F01F53DE57775F70C
                                                                                                                                                                      SHA-512:DE981CDF56BC22D02DF548539EC3A411472B9D23DA960C466C6423A09F0559803088694B190DD0B4AE6432803A892F01ABFD438F68ED2E73AB5AC37314016574
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........}k{.F....W.<=)Y....[...&N.mn'N.M].?.4..P...|.........Pv.&..mwc..b0...`.e.[Y..........3~........>9.G.d>Ob......Y,..{xx....]......].r.{...3qsv.C.....o....A.J.......X.].v~|..t...0.].2..2.oO.O...a'.Y...ix..I.q..Ox.{+.c.JZ.'I..=..Ir..i..Xn......2:.N].._D.W.....Vw.jko.w.{w..}s[....F3P......&..9b.;....'.l.onz..d~...i...9O.......F..6N.ix...7..9..%w.....4..7..<.....O..J..O...N.../X.V.r........waH..... ...V.gy..y2m..........OS...(..$o..(j..q.dY+...T...r.Y.1.1..8.<...p$...E2.O.......~NC..c.@Nv.s....%...P..#p.....Cyl-........~......R.i....x....e..3.....@..x...:......nY....Z11>..S.~|7...K.....h..to..~Z..]Ly..Z......V#.L..E..I.x.K....Bho.z.x.E+....[....ZZ...*.>......0...w..o.?...=..../1.....p..w...2..E,H.$.0k..X.L9...X.....q.e......H....I......<.....=.. ..D<.................W.".........7S.!W.8...6|..0.....j....0.`....v...`<+.l*....._3.lh#.!..(t...}j.P.._...7'.......Q........F.u).@....~f.o...3x^y}.P..H......>mwEP....q....,Y.c..?....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):98960
                                                                                                                                                                      Entropy (8bit):7.702941019514499
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:EMgLUGcY3s6U4W3NrUeNWy4cSbJUQyuW+8hXuzoLdN4pu1FIc1/x/iDhoA9lo:bEUGEKer/W0KJIudO6Mn4pu1dpKtoX
                                                                                                                                                                      MD5:FC21C3084ECE86A867515F4112126D22
                                                                                                                                                                      SHA1:7AD412386EEDA21136AB332EDCED98AF075CCCD2
                                                                                                                                                                      SHA-256:378723490592C0627AC18A287F9A9CB74970C3C6E10A177C322282BFC1D01E01
                                                                                                                                                                      SHA-512:37777D2F86D5586B5DB02FE8DF853814FF0B1FCF0141ADB8CF0A42CE3C15C5DA8F65DE89E2DEB8C13040302F95C6B0FF523A4288C5D38FF7977212AA011B1309
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Cr24....d"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........S.S.H.{..a./-X.....Q.B'E..^...+....3..../`L).&w.e...`...v.V.v.....$.RB..IH.7wJ..a..r....t..b.'.V.5.{.O....5.x........q..........R.I.P.o\.FCx......l.%..5.1......O)d/O H?..S..1.o.gK3.*.6Ug.5<..k.....\........Z............yK.W.?....C..gh...R/.W.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!.....T...B.l........~_&.K..HH...!.....6]..~.g....n{.f...Q2..Ip..?s".>...........|[s...._.Z......o! 01".]@]]...`...$.t.....vWw.t...d.....CB....M6...0.....6.5M[.......y?.....t....g}..f......m*/.XJ}|s.....m#7.6[U_v[n.......^.j+...y.6:.."P.....}|.w..].>....C..?v......vK.}|.=^....GB.X..x=_.....p.q...#.g:...P....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):124775448
                                                                                                                                                                      Entropy (8bit):7.999996586829686
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                      MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                      SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                      SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                      SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                      Entropy (8bit):5.421647623628977
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0NLJU5xW0iP5M:JIVuwEw5MUFZLBQLt8lMuM
                                                                                                                                                                      MD5:95E1A98AC8F67EA546387DEBFE011AA1
                                                                                                                                                                      SHA1:1EF0684BB14AFB3DCBD24AF3C1ED1A5CD38FCE4D
                                                                                                                                                                      SHA-256:6B8850C9BF705294EC89C5C29166B66A393CE1574457F96718EF4E5A436F6BAE
                                                                                                                                                                      SHA-512:DF46F9A40719D576E44E3D82BA90333F3079BE558DC8263EC99928462549F17BB9E72EC313146DC95386711226F179F7212E551456B13D7C08315B2AC3089AFB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):5.8889033066924155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9815
                                                                                                                                                                      Entropy (8bit):6.1716321262973315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                      Entropy (8bit):6.174387413738973
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):962
                                                                                                                                                                      Entropy (8bit):5.698567446030411
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):98960
                                                                                                                                                                      Entropy (8bit):7.702941019514499
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:EMgLUGcY3s6U4W3NrUeNWy4cSbJUQyuW+8hXuzoLdN4pu1FIc1/x/iDhoA9lo:bEUGEKer/W0KJIudO6Mn4pu1dpKtoX
                                                                                                                                                                      MD5:FC21C3084ECE86A867515F4112126D22
                                                                                                                                                                      SHA1:7AD412386EEDA21136AB332EDCED98AF075CCCD2
                                                                                                                                                                      SHA-256:378723490592C0627AC18A287F9A9CB74970C3C6E10A177C322282BFC1D01E01
                                                                                                                                                                      SHA-512:37777D2F86D5586B5DB02FE8DF853814FF0B1FCF0141ADB8CF0A42CE3C15C5DA8F65DE89E2DEB8C13040302F95C6B0FF523A4288C5D38FF7977212AA011B1309
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Cr24....d"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........S.S.H.{..a./-X.....Q.B'E..^...+....3..../`L).&w.e...`...v.V.v.....$.RB..IH.7wJ..a..r....t..b.'.V.5.{.O....5.x........q..........R.I.P.o\.FCx......l.%..5.1......O)d/O H?..S..1.o.gK3.*.6Ug.5<..k.....\........Z............yK.W.?....C..gh...R/.W.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!.....T...B.l........~_&.K..HH...!.....6]..~.g....n{.f...Q2..Ip..?s".>...........|[s...._.Z......o! 01".]@]]...`...$.t.....vWw.t...d.....CB....M6...0.....6.5M[.......y?.....t....g}..f......m*/.XJ}|s.....m#7.6[U_v[n.......^.j+...y.6:.."P.....}|.w..].>....C..?v......vK.}|.=^....GB.X..x=_.....p.q...#.g:...P....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4982
                                                                                                                                                                      Entropy (8bit):7.929761711048726
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):908
                                                                                                                                                                      Entropy (8bit):4.512512697156616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1285
                                                                                                                                                                      Entropy (8bit):4.702209356847184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1244
                                                                                                                                                                      Entropy (8bit):4.5533961615623735
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                      Entropy (8bit):4.867640976960053
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3107
                                                                                                                                                                      Entropy (8bit):3.535189746470889
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1389
                                                                                                                                                                      Entropy (8bit):4.561317517930672
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1763
                                                                                                                                                                      Entropy (8bit):4.25392954144533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):930
                                                                                                                                                                      Entropy (8bit):4.569672473374877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):913
                                                                                                                                                                      Entropy (8bit):4.947221919047
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):806
                                                                                                                                                                      Entropy (8bit):4.815663786215102
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):883
                                                                                                                                                                      Entropy (8bit):4.5096240460083905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                      Entropy (8bit):4.621865814402898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1613
                                                                                                                                                                      Entropy (8bit):4.618182455684241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):848
                                                                                                                                                                      Entropy (8bit):4.494568170878587
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1425
                                                                                                                                                                      Entropy (8bit):4.461560329690825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                      Entropy (8bit):4.537633413451255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):959
                                                                                                                                                                      Entropy (8bit):4.570019855018913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):968
                                                                                                                                                                      Entropy (8bit):4.633956349931516
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):838
                                                                                                                                                                      Entropy (8bit):4.4975520913636595
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1305
                                                                                                                                                                      Entropy (8bit):4.673517697192589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):911
                                                                                                                                                                      Entropy (8bit):4.6294343834070935
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):939
                                                                                                                                                                      Entropy (8bit):4.451724169062555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                      Entropy (8bit):4.622066056638277
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):972
                                                                                                                                                                      Entropy (8bit):4.621319511196614
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):990
                                                                                                                                                                      Entropy (8bit):4.497202347098541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                      Entropy (8bit):4.294833932445159
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1672
                                                                                                                                                                      Entropy (8bit):4.314484457325167
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):935
                                                                                                                                                                      Entropy (8bit):4.6369398601609735
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1065
                                                                                                                                                                      Entropy (8bit):4.816501737523951
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2771
                                                                                                                                                                      Entropy (8bit):3.7629875118570055
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):858
                                                                                                                                                                      Entropy (8bit):4.474411340525479
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):954
                                                                                                                                                                      Entropy (8bit):4.631887382471946
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                                                                                                      MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                                                                                                      SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                                                                                                      SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                                                                                                      SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):899
                                                                                                                                                                      Entropy (8bit):4.474743599345443
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2230
                                                                                                                                                                      Entropy (8bit):3.8239097369647634
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1160
                                                                                                                                                                      Entropy (8bit):5.292894989863142
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3264
                                                                                                                                                                      Entropy (8bit):3.586016059431306
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3235
                                                                                                                                                                      Entropy (8bit):3.6081439490236464
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3122
                                                                                                                                                                      Entropy (8bit):3.891443295908904
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1880
                                                                                                                                                                      Entropy (8bit):4.295185867329351
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                                                                                                      MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                                                                                                      SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                                                                                                      SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                                                                                                      SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1042
                                                                                                                                                                      Entropy (8bit):5.3945675025513955
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2535
                                                                                                                                                                      Entropy (8bit):3.8479764584971368
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1028
                                                                                                                                                                      Entropy (8bit):4.797571191712988
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):994
                                                                                                                                                                      Entropy (8bit):4.700308832360794
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2091
                                                                                                                                                                      Entropy (8bit):4.358252286391144
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2778
                                                                                                                                                                      Entropy (8bit):3.595196082412897
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1719
                                                                                                                                                                      Entropy (8bit):4.287702203591075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):936
                                                                                                                                                                      Entropy (8bit):4.457879437756106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3830
                                                                                                                                                                      Entropy (8bit):3.5483353063347587
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1898
                                                                                                                                                                      Entropy (8bit):4.187050294267571
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                      Entropy (8bit):4.513485418448461
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):878
                                                                                                                                                                      Entropy (8bit):4.4541485835627475
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2766
                                                                                                                                                                      Entropy (8bit):3.839730779948262
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):978
                                                                                                                                                                      Entropy (8bit):4.879137540019932
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):907
                                                                                                                                                                      Entropy (8bit):4.599411354657937
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                      Entropy (8bit):4.604761241355716
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                      Entropy (8bit):4.686555713975264
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1337
                                                                                                                                                                      Entropy (8bit):4.69531415794894
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2846
                                                                                                                                                                      Entropy (8bit):3.7416822879702547
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                      Entropy (8bit):4.882122893545996
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):963
                                                                                                                                                                      Entropy (8bit):4.6041913416245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1320
                                                                                                                                                                      Entropy (8bit):4.569671329405572
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):884
                                                                                                                                                                      Entropy (8bit):4.627108704340797
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):980
                                                                                                                                                                      Entropy (8bit):4.50673686618174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                      Entropy (8bit):4.132139619026436
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1969
                                                                                                                                                                      Entropy (8bit):4.327258153043599
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1674
                                                                                                                                                                      Entropy (8bit):4.343724179386811
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1063
                                                                                                                                                                      Entropy (8bit):4.853399816115876
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                      Entropy (8bit):4.686760246306605
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1263
                                                                                                                                                                      Entropy (8bit):4.861856182762435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1074
                                                                                                                                                                      Entropy (8bit):5.062722522759407
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):879
                                                                                                                                                                      Entropy (8bit):5.7905809868505544
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1205
                                                                                                                                                                      Entropy (8bit):4.50367724745418
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):843
                                                                                                                                                                      Entropy (8bit):5.76581227215314
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                      Entropy (8bit):4.65963951143349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18518
                                                                                                                                                                      Entropy (8bit):5.708460608391745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:cLjrY6QDAwrlbs3jiD1DisLSFqwAqmq90QH:2jrSHbMjidLSFxA+0QH
                                                                                                                                                                      MD5:F1346F53663087A18F734B324E159F65
                                                                                                                                                                      SHA1:A1A79C373D154E6630DE9D46FD8902C0F6ACB860
                                                                                                                                                                      SHA-256:8A65785DEEBA93A107A2FE5060305873A40379CD8B2B848607DDE45ED9130E03
                                                                                                                                                                      SHA-512:FB6B92BEA01BF399D981260966A419AE328CAE7331970FED90DC9D158403B75F07ED1A7740771B56411E3730C946F831E2B1788B5A22E3139F17670FC9C7E48F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiOE1xa2JXMkFQWkVpbzlQTHlYNVItT3o1bGs5a29sbnlWTWtvYlVabk15YyIsInBhdGgiOiJfbG9jYWxlcy9hZi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoicWhJZ1d4Q0hVTS1mb0plRVlhYllpQjVPZ05vZ3FFYllKTnBBYWRuSkdFYyJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiV0E0cW96b3R5ZzJrcUpKU0FEYWNVMGNDbEdJYjlmMmp1ejhYalh0YUhybyIsInBhdGgiOiJfbG9jYWxlcy9hbS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWk9BYndwSzZMcUZwbFhiOHhFVTJjRWRTRHVpVjRwRE03aURDVEpNMjJPOCJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiQlk4QVRlUUktWHNqLWFSbVZfTi03dHVzUlJyQUNkU25yU3NhT2d3R3pTWSIsInBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiX0pLU3pRcGk4TVczZE5WZldwN281STVjX09
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):854
                                                                                                                                                                      Entropy (8bit):4.284628987131403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (3422)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):82340
                                                                                                                                                                      Entropy (8bit):5.380000995741104
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:1HejtmLJVlfF5z4d+3CNOzcheJm39n3p1jWctudKRwbbwuL:tVIfczcMmhDBt+L
                                                                                                                                                                      MD5:4902A531B4D907B2B81AF35251CADF2C
                                                                                                                                                                      SHA1:7875EE813923CB16B0F0C4DE3C49C08C85CE52A1
                                                                                                                                                                      SHA-256:C3CE23C47225A594425A1290E49CED80FF9F3360D787767B6C45C80314FCF666
                                                                                                                                                                      SHA-512:A7B8E713F33B1155D8D45B8B635B318262EA21F3D0856FA0409ED6636F84CB9E38B78FB0E0296C3A253953FBFBF11FD68AF6C5EDB00A17A90A9129161CCDC7EE
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:'use strict';function m(){return function(){}}var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ca(this);function t(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.g=f;ba(this,"description",{configurable:!
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2397
                                                                                                                                                                      Entropy (8bit):5.423775942969832
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1HEZ4qW4VlELb/KxktGu7VwELb/s2QDkUpvdlmF1exy/Otj19SVvs:W7WsaLTKQGuxTLT2Rv3mves/OP9SVk
                                                                                                                                                                      MD5:C2CFE399D41AD342B3ECDE0211F98725
                                                                                                                                                                      SHA1:345AB6BA0CB69246F480AE4273F68869AC8011DA
                                                                                                                                                                      SHA-256:DB3991C5788FC6968DF25180898EF42AD974192DFE0AED4E12969219A1EB8565
                                                                                                                                                                      SHA-512:CEE1AB92EED7169C33BBDA701FA56EF850705B3F2AE802E772ABF870837022671F06EBA69DED628AF868DB827871CCBF3F551FCEF201041EEABF89ADAA546FB7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "persistent": false,.. "scripts": [ "eventpage_bin_prod.js" ].. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": "script-src 'self'; object-src 'self'",.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "matches": [ "htt
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                      Entropy (8bit):4.644891151983713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK6M23:2Q8KVqb2u/Rt3OnjI
                                                                                                                                                                      MD5:EE9839F99DED6F38DC561DB846B51E80
                                                                                                                                                                      SHA1:DD2128A473C2FF47471400C81EFF416285DE606E
                                                                                                                                                                      SHA-256:06E08E421EB7F0FE7959D68E27D40A9146A54503090D95CFAC6F2FFD72A78769
                                                                                                                                                                      SHA-512:C8D77607F00CB8012CD056CE61CB77918EC43621270511303E09577F89CC57D4954E22E2C8C3FB1029AAE29F8142DAAE2E938CD5590AD0E5DE6DB1208AFEF874
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=2;}).call(this);.
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):124775448
                                                                                                                                                                      Entropy (8bit):7.999996586829686
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                      MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                      SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                      SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                      SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2364979660455589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                      MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                      SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                      SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                      SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2364979660455589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                      MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                      SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                      SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                      SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2364979660455589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                      MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                      SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                      SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                      SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2364979660455589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                      MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                      SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                      SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                      SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2364979660455589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN2cgJ8H1C:9vqyVKvqy6yEyvy5DlsN5Ac
                                                                                                                                                                      MD5:7DA63F3349ADCE46708E4C0690063EC5
                                                                                                                                                                      SHA1:3A4B1BC2A9F48A8E4227E461B85B46F14CA69D3D
                                                                                                                                                                      SHA-256:C40819535B4185A8DB93B768A6B27657C5234D9789992D278CC01A4B3E353775
                                                                                                                                                                      SHA-512:20C16F35AFA9B663C268224BE0AC6CFCAD7F5EDD2F3903E50BA5803ECC421BF54ED974001D3F056CA8E830832C874BA53AD30B111000ECBA361B9DF18BE2265F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.8382086170868119
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9SgKS9LYu09A9+C+P34v1UXNzfz7U4YAgEutf:ls9A9+C+fKUXB8ozuh
                                                                                                                                                                      MD5:F62AE22D0A1FFCF92AE361CD99E339E5
                                                                                                                                                                      SHA1:326679D32680A86EF19E39F9EF2B96811EBF8EA8
                                                                                                                                                                      SHA-256:BDD8FF4DBD39DB36C1ABE38C2BDCE13AD5030E31E3F20093357A3D075A2C31C7
                                                                                                                                                                      SHA-512:C5B16F1757D1AE5120A1B3E7F4BDEA4FEF947F34C56FB7DC600451BF6DD54481AB4BAE7157A9E1EDDAEA6707F88951A47FB7620FCF5D7D80669EC27A4AD9B77F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2227227548358135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:aJ1luzTfi1lcUhygwM6J1liC3X1lgHi7/e1lwjuLbZ1l2UZ2pL1lsvd:OlIOlcblLllgH1lwaH/leLlm
                                                                                                                                                                      MD5:6BB567470D6BB0DA71EFAD125D306EC1
                                                                                                                                                                      SHA1:C0EC21B2548E60A0BCAF3D3D28E8971EF3080C91
                                                                                                                                                                      SHA-256:3FD1842A1F65A65E91C87C237A93F56C0C280FD75ABE43B75FB7D918C924103F
                                                                                                                                                                      SHA-512:5DE6596D15C41ACFD60838E988F1B3958E8D7A4B81E951274E846BF95F3D76E786D4C4E91FA115593C031C2D0350824EEBDAEE65A8E8561A1A429D84ED325EBD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.2364979660455589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                      MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                      SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                      SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                      SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                      Process:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (4404), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4407
                                                                                                                                                                      Entropy (8bit):6.01624901027111
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:7wcN5LCsQ3+qLjHt1bMCmC8YMcwAqi+FY2pZqiUkWIk0AwWAJGOE1:J6+qXHt1QCmUMcwTiWY2hUkyrwWAc
                                                                                                                                                                      MD5:DA89A2F9314528D7D6A27CC4DF5965E4
                                                                                                                                                                      SHA1:3242EE1187E7ECF79ABC052ED6725FC070E6423C
                                                                                                                                                                      SHA-256:CFF0E6414634580AF01999F04356F14285CD48BC004D741DE6615B93E20EC4F0
                                                                                                                                                                      SHA-512:B6584795A15D3EF45BC1EDC0DE4E59633A7FF6C26CB481D580FC1C023CF9474BE8B1CFACD553CE26106AC868A5E058204C8AB979999AE52EF6E5317479F5DEA1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.{"variations_compressed_seed":"H4sICCrd72UAA3NlZWQAzVrbb9vWGbeUpnWPc3Ho+BLHSeSkSV0lEkjqvqIoZMnXWrZKyUkwDFAp8lhiTJEqSclRwXVbh2F92EvRPQ/Duu0/6Nv+gGF/wl6Gve3P2Hd4kQ4pyZ6Bri2SSBT53fhdfuc73wmK5SUp1SxkODktZsUT+JZw7oSVM1wacyeFdJb5YwQtlfGJ2FMtrrup6tKporVqVk8e5CP7z9BbW5rYVLE8P9N8gO5tGmIfF+UmIRtj2k+g2bJiuuRy8wFzAfkcesu7OT8jrDCowCe5ZIpNZnKxmVh0Y2YjshHdeOOTCPMc3fEIHYElvdMRNdn0jVwbGSk3b6LrAaKgFjSSDHIV9IiWe9TRlKb+uqIbeFcxLd0Y+BrepTWsohXvMaGsYdGQ2gI2QUpI2WxsZqjqGN12dGxjLB93ZdHCvuyHtOxFtOCQHeIzc0QaFntlKPavERRzGHZ0vaXimtLS9rQqNjqKaSq65uuI0zruobvnsOw/pYI407zHnEscDiHHcRDDDPwNhfDPlzaUv4yh/KUMXQoYeoUy8w8/jmJYChQDbeB/omjueU89FYcu+0uUCi7/bQTNOzIPIEU3B5u6aMhQ4kIlm4vb8JmP26fko2Nl47be7erkvvMNNz+u8FzGNk5TrCmf2iaWDGzZHVG1dBPbBnx0RGNg7x7Ut1I8vxW3VcVs6pqtipqEVd2y97QTRVNeJ15mCxm7xbNZvte1Gn2u0ZIbZptvtD5tYCw2DFsSNU3XWnZ9q3R4lCjt5HkOLcmutxrNQaOlNgysydjABrMcr4iqktjJ8XHbu/zww1glzj9Ci1jzOWTcVyTc0MQOZlBRBm49nk2xzVn0puuu/aVAXs8y/v1wycai4HDi6l9H0OJWt4072BDVGtS72BoW7QO6oBg0H6bbjwW0Mcw4RTjg+QIEnOeSuVQg4L/5Hq1YCVgRLOBvoujWsY
                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Entropy (8bit):7.913845028849878
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      File size:1'446'992 bytes
                                                                                                                                                                      MD5:e3e7498c2436a1570109fbe755af1d40
                                                                                                                                                                      SHA1:d7fb79f465d2c87ef22088327b5bfb73899fdf7e
                                                                                                                                                                      SHA256:498e27ed4e5bb584672992f459c0e51cd1e7345889dff1521ccf577b13ed6313
                                                                                                                                                                      SHA512:4dd6025d4ebd1d4edeec077ee39e8704d2ed04ffd5f7ad83934a2ada8d0e3aefb15841b36ad0454e0c2cd6be12e13b2015de322d27059cb2fea8bb7f4a247096
                                                                                                                                                                      SSDEEP:24576:w2hOU0p4qlWfBTfmRfanIT6lUScOWFohEp6Vvn6qtndPVmatCkbpmp:zhOJpP4JTm5T6lkFohDB6sndPVa6g
                                                                                                                                                                      TLSH:C0652211B2D88031E6B31E3194F496755ABEFC741F30AA8F27849E3A5EB0582F674376
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........................Z.....................................................................~.............Rich...........
                                                                                                                                                                      Icon Hash:2f232d67b7934633
                                                                                                                                                                      Entrypoint:0x40699b
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x65E80F21 [Wed Mar 6 06:37:21 2024 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                      File Version Major:5
                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                      Import Hash:c7edaf3f3d9b0b390b0f0473c7a8cf06
                                                                                                                                                                      Signature Valid:true
                                                                                                                                                                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                                                                      Error Number:0
                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                      • 06/06/2023 02:00:00 08/08/2024 01:59:59
                                                                                                                                                                      Subject Chain
                                                                                                                                                                      • CN="Brave Software, Inc.", O="Brave Software, Inc.", L=San Francisco, S=California, C=US
                                                                                                                                                                      Version:3
                                                                                                                                                                      Thumbprint MD5:16D12EA31FCCA2DB434A4CE2764212FB
                                                                                                                                                                      Thumbprint SHA-1:8903F2BD47465A4F0F080AA7CEEC31A31B74DE42
                                                                                                                                                                      Thumbprint SHA-256:9422AAD6EED2524B47A4E58D835AC34009EA3B76DD25155EFCCBD0CDB6C1EE88
                                                                                                                                                                      Serial:031543E76CA971575EEDF22AA3719DCC
                                                                                                                                                                      Instruction
                                                                                                                                                                      call 00007EFE6CF41388h
                                                                                                                                                                      jmp 00007EFE6CF40F5Fh
                                                                                                                                                                      push ebp
                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                                                                                      push esi
                                                                                                                                                                      mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                                      add ecx, eax
                                                                                                                                                                      movzx eax, word ptr [ecx+14h]
                                                                                                                                                                      lea edx, dword ptr [ecx+18h]
                                                                                                                                                                      add edx, eax
                                                                                                                                                                      movzx eax, word ptr [ecx+06h]
                                                                                                                                                                      imul esi, eax, 28h
                                                                                                                                                                      add esi, edx
                                                                                                                                                                      cmp edx, esi
                                                                                                                                                                      je 00007EFE6CF410FBh
                                                                                                                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                                      cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                                      jc 00007EFE6CF410ECh
                                                                                                                                                                      mov eax, dword ptr [edx+08h]
                                                                                                                                                                      add eax, dword ptr [edx+0Ch]
                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                      jc 00007EFE6CF410EEh
                                                                                                                                                                      add edx, 28h
                                                                                                                                                                      cmp edx, esi
                                                                                                                                                                      jne 00007EFE6CF410CCh
                                                                                                                                                                      xor eax, eax
                                                                                                                                                                      pop esi
                                                                                                                                                                      pop ebp
                                                                                                                                                                      ret
                                                                                                                                                                      mov eax, edx
                                                                                                                                                                      jmp 00007EFE6CF410DBh
                                                                                                                                                                      push esi
                                                                                                                                                                      call 00007EFE6CF4186Ch
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      je 00007EFE6CF41102h
                                                                                                                                                                      mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                      mov esi, 0042396Ch
                                                                                                                                                                      mov edx, dword ptr [eax+04h]
                                                                                                                                                                      jmp 00007EFE6CF410E6h
                                                                                                                                                                      cmp edx, eax
                                                                                                                                                                      je 00007EFE6CF410F2h
                                                                                                                                                                      xor eax, eax
                                                                                                                                                                      mov ecx, edx
                                                                                                                                                                      lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      jne 00007EFE6CF410D2h
                                                                                                                                                                      xor al, al
                                                                                                                                                                      pop esi
                                                                                                                                                                      ret
                                                                                                                                                                      mov al, 01h
                                                                                                                                                                      pop esi
                                                                                                                                                                      ret
                                                                                                                                                                      push ebp
                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                      cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                                      jne 00007EFE6CF410E9h
                                                                                                                                                                      mov byte ptr [00423970h], 00000001h
                                                                                                                                                                      call 00007EFE6CF4165Ah
                                                                                                                                                                      call 00007EFE6CF41BDEh
                                                                                                                                                                      test al, al
                                                                                                                                                                      jne 00007EFE6CF410E6h
                                                                                                                                                                      xor al, al
                                                                                                                                                                      pop ebp
                                                                                                                                                                      ret
                                                                                                                                                                      call 00007EFE6CF44DC6h
                                                                                                                                                                      test al, al
                                                                                                                                                                      jne 00007EFE6CF410ECh
                                                                                                                                                                      push 00000000h
                                                                                                                                                                      call 00007EFE6CF41BE5h
                                                                                                                                                                      pop ecx
                                                                                                                                                                      jmp 00007EFE6CF410CBh
                                                                                                                                                                      mov al, 01h
                                                                                                                                                                      pop ebp
                                                                                                                                                                      ret
                                                                                                                                                                      push ebp
                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                      cmp byte ptr [00423971h], 00000000h
                                                                                                                                                                      je 00007EFE6CF410E6h
                                                                                                                                                                      mov al, 01h
                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x21ae00x8c.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x250000x13673c.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x15a0000x7450
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x1508.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x20ce00x54.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x20e000x18.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20d380x40.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x1d4.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x18d200x18e00f6f6a8ebc9148ced19baf0cf8ce514c3False0.5874489635678392data6.645990561543334IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0x1a0000x85420x86003ed425119d83d29a9ea792647f00b190False0.4646688432835821data5.055308375977805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x230000x14540xa00905c57baa258d4dc27795aa058f06acaFalse0.175390625DOS executable (block device driver \277DN)2.379800202702836IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rsrc0x250000x13673c0x136800ea570ee0e9f44be61c8e291d4d28b38dFalse0.9824376006441223data7.987680716387453IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x15c0000x15080x1600c68100246f68f2ae3852dabe12991f75False0.7739701704545454data6.484253115308844IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      B0x258240x12e1f8LZMA compressed data, non-streamed, size 81696031.0003108978271484
                                                                                                                                                                      BRAVEUPDATE0x153a1c0x4data3.0
                                                                                                                                                                      RT_ICON0x153a200x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
                                                                                                                                                                      RT_ICON0x153b480x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
                                                                                                                                                                      RT_ICON0x1540b00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
                                                                                                                                                                      RT_ICON0x1543980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
                                                                                                                                                                      RT_ICON0x154c400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
                                                                                                                                                                      RT_ICON0x1552a80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
                                                                                                                                                                      RT_STRING0x1561500x13eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ArabicSaudi Arabia0.6446540880503144
                                                                                                                                                                      RT_STRING0x1562900x1aaMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0BulgarianBulgaria0.5
                                                                                                                                                                      RT_STRING0x15643c0x196Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0CatalanSpain0.49507389162561577
                                                                                                                                                                      RT_STRING0x1565d40xccMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ChineseTaiwan0.7205882352941176
                                                                                                                                                                      RT_STRING0x1566a00x18aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0CzechCzech Republic0.5152284263959391
                                                                                                                                                                      RT_STRING0x15682c0x15aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0DanishDenmark0.5144508670520231
                                                                                                                                                                      RT_STRING0x1569880x16aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0GermanGermany0.5276243093922652
                                                                                                                                                                      RT_STRING0x156af40x1b0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0GreekGreece0.5462962962962963
                                                                                                                                                                      RT_STRING0x156ca40x134Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0EnglishUnited States0.5324675324675324
                                                                                                                                                                      RT_STRING0x156dd80x188Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FinnishFinland0.5102040816326531
                                                                                                                                                                      RT_STRING0x156f600x1c0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FrenchFrance0.45535714285714285
                                                                                                                                                                      RT_STRING0x1571200x142Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0HebrewIsrael0.5590062111801242
                                                                                                                                                                      RT_STRING0x1572640x164Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0HungarianHungary0.550561797752809
                                                                                                                                                                      RT_STRING0x1573c80x150Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0IcelandicIceland0.5208333333333334
                                                                                                                                                                      RT_STRING0x1575180x1b0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ItalianItaly0.45601851851851855
                                                                                                                                                                      RT_STRING0x1576c80xfeMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0JapaneseJapan0.7125984251968503
                                                                                                                                                                      RT_STRING0x1577c80xf2Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0KoreanNorth Korea0.7231404958677686
                                                                                                                                                                      RT_STRING0x1577c80xf2Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0KoreanSouth Korea0.7231404958677686
                                                                                                                                                                      RT_STRING0x1578bc0x1b0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0DutchNetherlands0.44907407407407407
                                                                                                                                                                      RT_STRING0x157a6c0x180Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0NorwegianNorway0.4713541666666667
                                                                                                                                                                      RT_STRING0x157bec0x190Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0PolishPoland0.52
                                                                                                                                                                      RT_STRING0x157d7c0x15eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0PortugueseBrazil0.52
                                                                                                                                                                      RT_STRING0x157edc0x1c6Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0RomanianRomania0.4713656387665198
                                                                                                                                                                      RT_STRING0x1580a40x196Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0RussianRussia0.5492610837438424
                                                                                                                                                                      RT_STRING0x15823c0x19cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0CroatianCroatia0.470873786407767
                                                                                                                                                                      RT_STRING0x1583d80x180Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SlovakSlovakia0.5260416666666666
                                                                                                                                                                      RT_STRING0x1585580x1a0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SwedishSweden0.4639423076923077
                                                                                                                                                                      RT_STRING0x1586f80x15aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ThaiThailand0.6011560693641619
                                                                                                                                                                      RT_STRING0x1588540x15aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TurkishTurkey0.5260115606936416
                                                                                                                                                                      RT_STRING0x1589b00x12cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0UrduPakistan0.6366666666666667
                                                                                                                                                                      RT_STRING0x1589b00x12cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0UrduIndia0.6366666666666667
                                                                                                                                                                      RT_STRING0x158adc0x178Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0IndonesianIndonesia0.5079787234042553
                                                                                                                                                                      RT_STRING0x158c540x16eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0UkrainianUkrain0.5601092896174863
                                                                                                                                                                      RT_STRING0x158dc40x1bcMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SlovenianSlovenia0.4617117117117117
                                                                                                                                                                      RT_STRING0x158f800x14cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0EstonianEstonia0.5271084337349398
                                                                                                                                                                      RT_STRING0x1590cc0x1d8Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0LatvianLativa0.4661016949152542
                                                                                                                                                                      RT_STRING0x1592a40x188Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0LithuanianLithuania0.48214285714285715
                                                                                                                                                                      RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiIran0.5833333333333334
                                                                                                                                                                      RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiAfganistan0.5833333333333334
                                                                                                                                                                      RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiTajikistan0.5833333333333334
                                                                                                                                                                      RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiUzbekistan0.5833333333333334
                                                                                                                                                                      RT_STRING0x1595640x158Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0VietnameseVietnam0.5406976744186046
                                                                                                                                                                      RT_STRING0x1596bc0x13cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0HindiIndia0.6139240506329114
                                                                                                                                                                      RT_STRING0x1597f80x15cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0MalayMalaysia0.5086206896551724
                                                                                                                                                                      RT_STRING0x1599540x172Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SwahiliKenya0.4972972972972973
                                                                                                                                                                      RT_STRING0x1599540x172Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SwahiliMozambiq0.4972972972972973
                                                                                                                                                                      RT_STRING0x159ac80x136Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0BengaliIndia0.6387096774193548
                                                                                                                                                                      RT_STRING0x159c000x152Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0GujaratiIndia0.621301775147929
                                                                                                                                                                      RT_STRING0x159d540x14eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TamilIndia0.6017964071856288
                                                                                                                                                                      RT_STRING0x159d540x14eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TamilSri Lanka0.6017964071856288
                                                                                                                                                                      RT_STRING0x159ea40x154Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TeluguIndia0.6176470588235294
                                                                                                                                                                      RT_STRING0x159ff80x156Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0KannadaKanada0.6403508771929824
                                                                                                                                                                      RT_STRING0x15a1500x19aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0MalayalamIndia0.5292682926829269
                                                                                                                                                                      RT_STRING0x15a2ec0x178Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0MarathiIndia0.601063829787234
                                                                                                                                                                      RT_STRING0x15a4640xf0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0AmharicEthiopia0.7541666666666667
                                                                                                                                                                      RT_STRING0x15a5540x17cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FilipinoPhilippines0.49473684210526314
                                                                                                                                                                      RT_STRING0x15a6d00xceMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ChineseChina0.7233009708737864
                                                                                                                                                                      RT_STRING0x15a7a00x134Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0EnglishGreat Britain0.5324675324675324
                                                                                                                                                                      RT_STRING0x15a8d40x152Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SpanishMexico0.5118343195266272
                                                                                                                                                                      RT_STRING0x15aa280x188Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0PortuguesePortugal0.4872448979591837
                                                                                                                                                                      RT_STRING0x15abb00x1aaMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 00.48826291079812206
                                                                                                                                                                      RT_STRING0x15ad5c0x1beMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SerbianCyrillic0.5
                                                                                                                                                                      RT_GROUP_ICON0x15af1c0x5adataEnglishUnited States0.7333333333333333
                                                                                                                                                                      RT_VERSION0x15af780x334dataEnglishUnited States0.4292682926829268
                                                                                                                                                                      RT_MANIFEST0x15b2ac0x48eXML 1.0 document, ASCII text0.43310463121783876
                                                                                                                                                                      DLLImport
                                                                                                                                                                      KERNEL32.dllInitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, OutputDebugStringW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, GetSystemTimeAsFileTime, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, LCMapStringW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, ReadFile, CreateFileW, CloseHandle, WriteConsoleW, DecodePointer, lstrcpynW, CreateEventW, WaitForSingleObjectEx, ResetEvent, GetCurrentThreadId, GetCurrentProcessId, IsValidCodePage, QueryPerformanceCounter, CreateDirectoryW, SizeofResource, lstrlenW, RemoveDirectoryW, GetTempPathW, FormatMessageW, LockResource, DeleteFileW, FindResourceExW, LoadResource, FindResourceW, HeapDestroy, LocalFree, VerSetConditionMask, CopyFileW, VerifyVersionInfoW, GetTempFileNameW, lstrcmpiW, UnmapViewOfFile, CreateFileMappingW, MapViewOfFile, VirtualQuery, SetFilePointer, WaitForSingleObject, CreateProcessW, GetExitCodeProcess, SetEvent
                                                                                                                                                                      SHLWAPI.dllPathQuoteSpacesW, PathAppendW, PathRemoveExtensionW, PathStripPathW
                                                                                                                                                                      ADVAPI32.dllRegCreateKeyExW, RegSetValueExW, RegCloseKey
                                                                                                                                                                      ole32.dllCoUninitialize, CoInitializeEx
                                                                                                                                                                      SHELL32.dllSHGetFolderPathW
                                                                                                                                                                      USER32.dllMessageBoxW, CharUpperBuffW, CharLowerBuffW
                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                      EnglishUnited States
                                                                                                                                                                      ArabicSaudi Arabia
                                                                                                                                                                      BulgarianBulgaria
                                                                                                                                                                      CatalanSpain
                                                                                                                                                                      ChineseTaiwan
                                                                                                                                                                      CzechCzech Republic
                                                                                                                                                                      DanishDenmark
                                                                                                                                                                      GermanGermany
                                                                                                                                                                      GreekGreece
                                                                                                                                                                      FinnishFinland
                                                                                                                                                                      FrenchFrance
                                                                                                                                                                      HebrewIsrael
                                                                                                                                                                      HungarianHungary
                                                                                                                                                                      IcelandicIceland
                                                                                                                                                                      ItalianItaly
                                                                                                                                                                      JapaneseJapan
                                                                                                                                                                      KoreanNorth Korea
                                                                                                                                                                      KoreanSouth Korea
                                                                                                                                                                      DutchNetherlands
                                                                                                                                                                      NorwegianNorway
                                                                                                                                                                      PolishPoland
                                                                                                                                                                      PortugueseBrazil
                                                                                                                                                                      RomanianRomania
                                                                                                                                                                      RussianRussia
                                                                                                                                                                      CroatianCroatia
                                                                                                                                                                      SlovakSlovakia
                                                                                                                                                                      SwedishSweden
                                                                                                                                                                      ThaiThailand
                                                                                                                                                                      TurkishTurkey
                                                                                                                                                                      UrduPakistan
                                                                                                                                                                      UrduIndia
                                                                                                                                                                      IndonesianIndonesia
                                                                                                                                                                      UkrainianUkrain
                                                                                                                                                                      SlovenianSlovenia
                                                                                                                                                                      EstonianEstonia
                                                                                                                                                                      LatvianLativa
                                                                                                                                                                      LithuanianLithuania
                                                                                                                                                                      FarsiIran
                                                                                                                                                                      FarsiAfganistan
                                                                                                                                                                      FarsiTajikistan
                                                                                                                                                                      FarsiUzbekistan
                                                                                                                                                                      VietnameseVietnam
                                                                                                                                                                      MalayMalaysia
                                                                                                                                                                      SwahiliKenya
                                                                                                                                                                      SwahiliMozambiq
                                                                                                                                                                      TamilSri Lanka
                                                                                                                                                                      KannadaKanada
                                                                                                                                                                      AmharicEthiopia
                                                                                                                                                                      FilipinoPhilippines
                                                                                                                                                                      ChineseChina
                                                                                                                                                                      EnglishGreat Britain
                                                                                                                                                                      SpanishMexico
                                                                                                                                                                      PortuguesePortugal
                                                                                                                                                                      SerbianCyrillic
                                                                                                                                                                      Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:10:27:17
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                      Imagebase:0x4d0000
                                                                                                                                                                      File size:1'446'992 bytes
                                                                                                                                                                      MD5 hash:E3E7498C2436A1570109FBE755AF1D40
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:10:27:18
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Program Files (x86)\BraveSoftware\Temp\GUME1CD.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none
                                                                                                                                                                      Imagebase:0xe80000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                      • Detection: 1%, Virustotal, Browse
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:3
                                                                                                                                                                      Start time:10:27:21
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:4
                                                                                                                                                                      Start time:10:27:22
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:10:27:22
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
                                                                                                                                                                      Imagebase:0x7ff77fe10000
                                                                                                                                                                      File size:195'392 bytes
                                                                                                                                                                      MD5 hash:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:6
                                                                                                                                                                      Start time:10:27:22
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
                                                                                                                                                                      Imagebase:0x7ff77fe10000
                                                                                                                                                                      File size:195'392 bytes
                                                                                                                                                                      MD5 hash:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:7
                                                                                                                                                                      Start time:10:27:22
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
                                                                                                                                                                      Imagebase:0x7ff77fe10000
                                                                                                                                                                      File size:195'392 bytes
                                                                                                                                                                      MD5 hash:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:9
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntEMjYwODU5My01MUZGLTQxOTItQUQwMC00REI0OEQwMTQ2NTB9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MzZCODVENjMtODczMS00NjUxLUEzNUQtMjBCQTE2OTU2QkY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzOTg0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:11
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{D2608593-51FF-4192-AD00-4DB48D014650}
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:12
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:13
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:14
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:15
                                                                                                                                                                      Start time:10:27:23
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe
                                                                                                                                                                      Imagebase:0xb60000
                                                                                                                                                                      File size:302'912 bytes
                                                                                                                                                                      MD5 hash:565DAF0070618C3BBB1D486B0D5A70FA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:16
                                                                                                                                                                      Start time:10:27:24
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe
                                                                                                                                                                      Imagebase:0x7ff6af3c0000
                                                                                                                                                                      File size:397'632 bytes
                                                                                                                                                                      MD5 hash:22DB9D0D4FEC050C0420274D3073994B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:17
                                                                                                                                                                      Start time:10:27:24
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                      Imagebase:0x7ff7403e0000
                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:18
                                                                                                                                                                      Start time:10:27:29
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                      Imagebase:0x580000
                                                                                                                                                                      File size:116'032 bytes
                                                                                                                                                                      MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:19
                                                                                                                                                                      Start time:10:27:29
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:20
                                                                                                                                                                      Start time:10:27:29
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                      Imagebase:0x7ff61b8b0000
                                                                                                                                                                      File size:834'512 bytes
                                                                                                                                                                      MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:22
                                                                                                                                                                      Start time:10:27:30
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:9474 /prefetch:2
                                                                                                                                                                      Imagebase:0xce0000
                                                                                                                                                                      File size:828'368 bytes
                                                                                                                                                                      MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:23
                                                                                                                                                                      Start time:10:27:31
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
                                                                                                                                                                      Imagebase:0x7ff7d5030000
                                                                                                                                                                      File size:540'712 bytes
                                                                                                                                                                      MD5 hash:473F645F28F5CF7E02FA17D3EB361298
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:24
                                                                                                                                                                      Start time:10:27:31
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
                                                                                                                                                                      Imagebase:0x7ff7d5030000
                                                                                                                                                                      File size:540'712 bytes
                                                                                                                                                                      MD5 hash:473F645F28F5CF7E02FA17D3EB361298
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:25
                                                                                                                                                                      Start time:10:27:31
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                      Imagebase:0x7f0000
                                                                                                                                                                      File size:85'632 bytes
                                                                                                                                                                      MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:26
                                                                                                                                                                      Start time:10:27:31
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                      Imagebase:0x7f0000
                                                                                                                                                                      File size:85'632 bytes
                                                                                                                                                                      MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:27
                                                                                                                                                                      Start time:10:27:31
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=203e4
                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:28
                                                                                                                                                                      Start time:10:27:35
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                      Imagebase:0x580000
                                                                                                                                                                      File size:116'032 bytes
                                                                                                                                                                      MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:29
                                                                                                                                                                      Start time:10:27:35
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:3
                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:31
                                                                                                                                                                      Start time:10:27:36
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:32
                                                                                                                                                                      Start time:10:27:37
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                      Imagebase:0x7ff61b8b0000
                                                                                                                                                                      File size:834'512 bytes
                                                                                                                                                                      MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:34
                                                                                                                                                                      Start time:10:27:38
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75012 /prefetch:2
                                                                                                                                                                      Imagebase:0xce0000
                                                                                                                                                                      File size:828'368 bytes
                                                                                                                                                                      MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:36
                                                                                                                                                                      Start time:10:27:39
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5136 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:37
                                                                                                                                                                      Start time:10:27:41
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                      Imagebase:0x7f0000
                                                                                                                                                                      File size:85'632 bytes
                                                                                                                                                                      MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:38
                                                                                                                                                                      Start time:10:27:41
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                      Imagebase:0x7f0000
                                                                                                                                                                      File size:85'632 bytes
                                                                                                                                                                      MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:39
                                                                                                                                                                      Start time:10:27:43
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                      Imagebase:0x580000
                                                                                                                                                                      File size:116'032 bytes
                                                                                                                                                                      MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:40
                                                                                                                                                                      Start time:10:27:43
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                      Imagebase:0x8c0000
                                                                                                                                                                      File size:175'424 bytes
                                                                                                                                                                      MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:41
                                                                                                                                                                      Start time:10:27:44
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                      Imagebase:0x7ff61b8b0000
                                                                                                                                                                      File size:834'512 bytes
                                                                                                                                                                      MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:42
                                                                                                                                                                      Start time:10:27:44
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:75018 /prefetch:2
                                                                                                                                                                      Imagebase:0xce0000
                                                                                                                                                                      File size:828'368 bytes
                                                                                                                                                                      MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:43
                                                                                                                                                                      Start time:10:27:48
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff6f2da0000
                                                                                                                                                                      File size:1'255'976 bytes
                                                                                                                                                                      MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:44
                                                                                                                                                                      Start time:10:27:48
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=2068,i,4867636374290663822,14107869206704181350,262144 /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff6f2da0000
                                                                                                                                                                      File size:1'255'976 bytes
                                                                                                                                                                      MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:45
                                                                                                                                                                      Start time:10:27:49
                                                                                                                                                                      Start date:18/03/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:1840396 /prefetch:2
                                                                                                                                                                      Imagebase:0xce0000
                                                                                                                                                                      File size:828'368 bytes
                                                                                                                                                                      MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:9.7%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:6.9%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:32
                                                                                                                                                                        execution_graph 11670 4d2fcd 11671 4d2fde 11670->11671 11672 4d2fe7 11671->11672 11673 4d2ff1 11671->11673 11677 4d30d0 11672->11677 11675 4d2fef 11673->11675 11684 4d3098 11673->11684 11678 4d30ef 11677->11678 11688 4d12ad 11678->11688 11680 4d3144 11682 4d311b 11682->11675 11685 4d30ac 11684->11685 11686 4d30bb 11684->11686 11685->11686 11920 4d131f 11685->11920 11686->11675 11689 4d12bb 11688->11689 11690 4d12f2 11688->11690 11689->11690 11698 4d1138 RtlAllocateHeap 11689->11698 11690->11680 11692 4d3024 11690->11692 11693 4d3036 11692->11693 11695 4d3059 __InternalCxxFrameHandler 11692->11695 11696 4d303f __FrameHandler3::FrameUnwindToState 11693->11696 11699 4ddcfe 11693->11699 11695->11682 11696->11695 11697 4ddcfe 14 API calls __dosmaperr 11696->11697 11697->11696 11698->11690 11702 4dd841 GetLastError 11699->11702 11701 4ddd03 11701->11696 11703 4dd857 11702->11703 11707 4dd85d 11702->11707 11737 4e054a 11703->11737 11722 4dd861 SetLastError 11707->11722 11725 4e0589 11707->11725 11711 4dd8a7 11714 4e0589 _unexpected 6 API calls 11711->11714 11712 4dd896 11713 4e0589 _unexpected 6 API calls 11712->11713 11715 4dd8a4 11713->11715 11716 4dd8b3 11714->11716 11742 4ddd6e 11715->11742 11717 4dd8ce 11716->11717 11718 4dd8b7 11716->11718 11748 4dd51e 11717->11748 11721 4e0589 _unexpected 6 API calls 11718->11721 11721->11715 11722->11701 11724 4ddd6e __freea 12 API calls 11724->11722 11753 4e03ea 11725->11753 11728 4e05c3 TlsSetValue 11729 4dd879 11729->11722 11730 4ddd11 11729->11730 11735 4ddd1e _unexpected 11730->11735 11731 4ddd5e 11734 4ddcfe __dosmaperr 13 API calls 11731->11734 11732 4ddd49 RtlAllocateHeap 11733 4dd88e 11732->11733 11732->11735 11733->11711 11733->11712 11734->11733 11735->11731 11735->11732 11768 4e0829 11735->11768 11738 4e03ea _unexpected 5 API calls 11737->11738 11739 4e0566 11738->11739 11740 4e056f 11739->11740 11741 4e0581 TlsGetValue 11739->11741 11740->11707 11743 4ddd79 RtlFreeHeap 11742->11743 11744 4ddda3 11742->11744 11743->11744 11745 4ddd8e GetLastError 11743->11745 11744->11722 11746 4ddd9b __dosmaperr 11745->11746 11747 4ddcfe __dosmaperr 12 API calls 11746->11747 11747->11744 11782 4dd3b2 11748->11782 11754 4e0414 11753->11754 11755 4e0418 11753->11755 11754->11728 11754->11729 11755->11754 11760 4e031f 11755->11760 11758 4e0432 GetProcAddress 11758->11754 11759 4e0442 _unexpected 11758->11759 11759->11754 11761 4e0330 ___vcrt_InitializeCriticalSectionEx 11760->11761 11762 4e03c6 11761->11762 11763 4e034e LoadLibraryExW 11761->11763 11767 4e039c LoadLibraryExW 11761->11767 11762->11754 11762->11758 11764 4e03cd 11763->11764 11765 4e0369 GetLastError 11763->11765 11764->11762 11766 4e03df FreeLibrary 11764->11766 11765->11761 11766->11762 11767->11761 11767->11764 11771 4e0856 11768->11771 11772 4e0862 __FrameHandler3::FrameUnwindToState 11771->11772 11777 4df32d EnterCriticalSection 11772->11777 11774 4e086d 11778 4e08a9 11774->11778 11777->11774 11781 4df375 LeaveCriticalSection 11778->11781 11780 4e0834 11780->11735 11781->11780 11783 4dd3be __FrameHandler3::FrameUnwindToState 11782->11783 11796 4df32d EnterCriticalSection 11783->11796 11785 4dd3c8 11797 4dd3f8 11785->11797 11788 4dd4c4 11789 4dd4d0 __FrameHandler3::FrameUnwindToState 11788->11789 11801 4df32d EnterCriticalSection 11789->11801 11791 4dd4da 11802 4dd6a5 11791->11802 11793 4dd4f2 11806 4dd512 11793->11806 11796->11785 11800 4df375 LeaveCriticalSection 11797->11800 11799 4dd3e6 11799->11788 11800->11799 11801->11791 11803 4dd6b4 _unexpected 11802->11803 11805 4dd6db _unexpected 11802->11805 11803->11805 11809 4dffb4 11803->11809 11805->11793 11919 4df375 LeaveCriticalSection 11806->11919 11808 4dd500 11808->11724 11810 4e0034 11809->11810 11813 4dffca 11809->11813 11812 4ddd6e __freea 14 API calls 11810->11812 11835 4e0082 11810->11835 11814 4e0056 11812->11814 11813->11810 11817 4dfffd 11813->11817 11820 4ddd6e __freea 14 API calls 11813->11820 11815 4ddd6e __freea 14 API calls 11814->11815 11816 4e0069 11815->11816 11822 4ddd6e __freea 14 API calls 11816->11822 11823 4ddd6e __freea 14 API calls 11817->11823 11836 4e001f 11817->11836 11818 4ddd6e __freea 14 API calls 11824 4e0029 11818->11824 11819 4e0090 11825 4e00f0 11819->11825 11834 4ddd6e 14 API calls __freea 11819->11834 11821 4dfff2 11820->11821 11837 4df854 11821->11837 11827 4e0077 11822->11827 11828 4e0014 11823->11828 11829 4ddd6e __freea 14 API calls 11824->11829 11830 4ddd6e __freea 14 API calls 11825->11830 11832 4ddd6e __freea 14 API calls 11827->11832 11865 4df952 11828->11865 11829->11810 11831 4e00f6 11830->11831 11831->11805 11832->11835 11834->11819 11877 4e0125 11835->11877 11836->11818 11838 4df865 11837->11838 11864 4df94e 11837->11864 11839 4df876 11838->11839 11840 4ddd6e __freea 14 API calls 11838->11840 11841 4df888 11839->11841 11842 4ddd6e __freea 14 API calls 11839->11842 11840->11839 11843 4df89a 11841->11843 11844 4ddd6e __freea 14 API calls 11841->11844 11842->11841 11845 4df8ac 11843->11845 11846 4ddd6e __freea 14 API calls 11843->11846 11844->11843 11847 4df8be 11845->11847 11848 4ddd6e __freea 14 API calls 11845->11848 11846->11845 11849 4df8d0 11847->11849 11850 4ddd6e __freea 14 API calls 11847->11850 11848->11847 11851 4df8e2 11849->11851 11852 4ddd6e __freea 14 API calls 11849->11852 11850->11849 11853 4df8f4 11851->11853 11854 4ddd6e __freea 14 API calls 11851->11854 11852->11851 11855 4ddd6e __freea 14 API calls 11853->11855 11859 4df906 11853->11859 11854->11853 11855->11859 11856 4ddd6e __freea 14 API calls 11858 4df918 11856->11858 11857 4df92a 11861 4df93c 11857->11861 11862 4ddd6e __freea 14 API calls 11857->11862 11858->11857 11860 4ddd6e __freea 14 API calls 11858->11860 11859->11856 11859->11858 11860->11857 11863 4ddd6e __freea 14 API calls 11861->11863 11861->11864 11862->11861 11863->11864 11864->11817 11866 4df95f 11865->11866 11876 4df9b7 11865->11876 11867 4df96f 11866->11867 11868 4ddd6e __freea 14 API calls 11866->11868 11869 4ddd6e __freea 14 API calls 11867->11869 11872 4df981 11867->11872 11868->11867 11869->11872 11870 4df993 11871 4df9a5 11870->11871 11874 4ddd6e __freea 14 API calls 11870->11874 11875 4ddd6e __freea 14 API calls 11871->11875 11871->11876 11872->11870 11873 4ddd6e __freea 14 API calls 11872->11873 11873->11870 11874->11871 11875->11876 11876->11836 11878 4e0132 11877->11878 11882 4e0151 11877->11882 11878->11882 11883 4df9e0 11878->11883 11881 4ddd6e __freea 14 API calls 11881->11882 11882->11819 11884 4dfabe 11883->11884 11885 4df9f1 11883->11885 11884->11881 11886 4df9bb _unexpected 14 API calls 11885->11886 11887 4df9f9 11886->11887 11888 4df9bb _unexpected 14 API calls 11887->11888 11889 4dfa04 11888->11889 11890 4df9bb _unexpected 14 API calls 11889->11890 11891 4dfa0f 11890->11891 11892 4df9bb _unexpected 14 API calls 11891->11892 11893 4dfa1a 11892->11893 11894 4df9bb _unexpected 14 API calls 11893->11894 11895 4dfa28 11894->11895 11896 4ddd6e __freea 14 API calls 11895->11896 11897 4dfa33 11896->11897 11898 4ddd6e __freea 14 API calls 11897->11898 11899 4dfa3e 11898->11899 11900 4ddd6e __freea 14 API calls 11899->11900 11901 4dfa49 11900->11901 11902 4df9bb _unexpected 14 API calls 11901->11902 11903 4dfa57 11902->11903 11904 4df9bb _unexpected 14 API calls 11903->11904 11905 4dfa65 11904->11905 11906 4df9bb _unexpected 14 API calls 11905->11906 11907 4dfa76 11906->11907 11908 4df9bb _unexpected 14 API calls 11907->11908 11909 4dfa84 11908->11909 11910 4df9bb _unexpected 14 API calls 11909->11910 11911 4dfa92 11910->11911 11912 4ddd6e __freea 14 API calls 11911->11912 11913 4dfa9d 11912->11913 11914 4ddd6e __freea 14 API calls 11913->11914 11915 4dfaa8 11914->11915 11916 4ddd6e __freea 14 API calls 11915->11916 11917 4dfab3 11916->11917 11918 4ddd6e __freea 14 API calls 11917->11918 11918->11884 11919->11808 11921 4d132a 11920->11921 11922 4d1365 11920->11922 11921->11922 11924 4d1168 11921->11924 11922->11686 11925 4d117b 11924->11925 11927 4d1172 11924->11927 11926 4d118b RtlReAllocateHeap 11925->11926 11925->11927 11926->11927 11927->11922 14971 4df7c8 14972 4df7d4 __FrameHandler3::FrameUnwindToState 14971->14972 14983 4df32d EnterCriticalSection 14972->14983 14974 4df7db 14984 4df46d 14974->14984 14982 4df7f9 15008 4df81f 14982->15008 14983->14974 14985 4df479 __FrameHandler3::FrameUnwindToState 14984->14985 14986 4df4a3 14985->14986 14987 4df482 14985->14987 15011 4df32d EnterCriticalSection 14986->15011 14988 4ddcfe __dosmaperr 14 API calls 14987->14988 14990 4df487 14988->14990 14991 4ddc00 ___std_exception_copy 43 API calls 14990->14991 14992 4df491 14991->14992 14992->14982 14997 4df662 GetStartupInfoW 14992->14997 14995 4df4af 14996 4df4db 14995->14996 15012 4df3bd 14995->15012 15019 4df502 14996->15019 14998 4df67f 14997->14998 15000 4df713 14997->15000 14999 4df46d 44 API calls 14998->14999 14998->15000 15001 4df6a7 14999->15001 15003 4df718 15000->15003 15001->15000 15002 4df6d7 GetFileType 15001->15002 15002->15001 15004 4df71f 15003->15004 15005 4df762 GetStdHandle 15004->15005 15006 4df7c4 15004->15006 15007 4df775 GetFileType 15004->15007 15005->15004 15006->14982 15007->15004 15023 4df375 LeaveCriticalSection 15008->15023 15010 4df80a 15011->14995 15013 4ddd11 _unexpected 14 API calls 15012->15013 15014 4df3cf 15013->15014 15016 4e05cb 6 API calls 15014->15016 15018 4df3dc 15014->15018 15015 4ddd6e __freea 14 API calls 15017 4df431 15015->15017 15016->15014 15017->14995 15018->15015 15022 4df375 LeaveCriticalSection 15019->15022 15021 4df509 15021->14992 15022->15021 15023->15010 13990 4dd841 GetLastError 13991 4dd857 13990->13991 13995 4dd85d 13990->13995 13993 4e054a _unexpected 6 API calls 13991->13993 13992 4e0589 _unexpected 6 API calls 13994 4dd879 13992->13994 13993->13995 13997 4ddd11 _unexpected 12 API calls 13994->13997 14010 4dd861 SetLastError 13994->14010 13995->13992 13995->14010 13998 4dd88e 13997->13998 13999 4dd8a7 13998->13999 14000 4dd896 13998->14000 14002 4e0589 _unexpected 6 API calls 13999->14002 14001 4e0589 _unexpected 6 API calls 14000->14001 14003 4dd8a4 14001->14003 14004 4dd8b3 14002->14004 14007 4ddd6e __freea 12 API calls 14003->14007 14005 4dd8ce 14004->14005 14006 4dd8b7 14004->14006 14008 4dd51e _unexpected 12 API calls 14005->14008 14009 4e0589 _unexpected 6 API calls 14006->14009 14007->14010 14011 4dd8d9 14008->14011 14009->14003 14012 4ddd6e __freea 12 API calls 14011->14012 14012->14010 13983 4dfae8 13984 4dfb26 13983->13984 13988 4dfaf6 _unexpected 13983->13988 13986 4ddcfe __dosmaperr 14 API calls 13984->13986 13985 4dfb11 RtlAllocateHeap 13987 4dfb24 13985->13987 13985->13988 13986->13987 13988->13984 13988->13985 13989 4e0829 _unexpected 2 API calls 13988->13989 13989->13988 11928 4d681f 11929 4d682b __FrameHandler3::FrameUnwindToState 11928->11929 11956 4d6a1b 11929->11956 11931 4d6832 11932 4d6985 11931->11932 11943 4d685c ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 11931->11943 12025 4d6d06 IsProcessorFeaturePresent 11932->12025 11934 4d698c 12004 4da133 11934->12004 11939 4d687b 11940 4d68fc 11964 4d6e21 11940->11964 11943->11939 11943->11940 12007 4da10d 11943->12007 11951 4d6922 11952 4d692b 11951->11952 12016 4da0e8 11951->12016 12019 4d6b8c 11952->12019 11957 4d6a24 11956->11957 12032 4d6fa5 IsProcessorFeaturePresent 11957->12032 11961 4d6a35 11963 4d6a39 11961->11963 12042 4d754d 11961->12042 11963->11931 12104 4d7760 11964->12104 11967 4d6902 11968 4d9d7a 11967->11968 12106 4ded7d 11968->12106 11970 4d690a 11973 4d277b GetModuleHandleW GetProcAddress 11970->11973 11971 4d9d83 11971->11970 12112 4df0b1 11971->12112 11974 4d27a7 CoInitializeEx 11973->11974 11975 4d27a0 11973->11975 11976 4d27ba 11974->11976 11982 4d27c5 11974->11982 11975->11974 12533 4d1444 11976->12533 11981 4d27d5 12538 4d2604 11981->12538 12689 4d254e 11982->12689 11994 4d280f 11995 4d2bff 59 API calls 11994->11995 11996 4d2828 11995->11996 11997 4d2bff 59 API calls 11996->11997 11998 4d2831 11997->11998 12593 4d1935 11998->12593 13760 4d9f5e 12004->13760 12008 4da7c4 __FrameHandler3::FrameUnwindToState 12007->12008 12009 4da123 _unexpected 12007->12009 12010 4dd6f0 _unexpected 43 API calls 12008->12010 12009->11940 12013 4da7d5 12010->12013 12011 4da880 __FrameHandler3::FrameUnwindToState 43 API calls 12012 4da7ff 12011->12012 12013->12011 12014 4d6e57 GetModuleHandleW 12015 4d691e 12014->12015 12015->11934 12015->11951 12017 4d9f5e __FrameHandler3::FrameUnwindToState 23 API calls 12016->12017 12018 4da0f3 12017->12018 12018->11952 12020 4d6b98 12019->12020 12022 4d6933 12020->12022 13835 4da735 12020->13835 12022->11939 12023 4d6ba6 12024 4d754d ___scrt_uninitialize_crt 7 API calls 12023->12024 12024->12022 12026 4d6d1c __FrameHandler3::FrameUnwindToState 12025->12026 12027 4d6dc7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12026->12027 12028 4d6e12 __FrameHandler3::FrameUnwindToState 12027->12028 12028->11934 12029 4da0f7 12030 4d9f5e __FrameHandler3::FrameUnwindToState 23 API calls 12029->12030 12031 4d699a 12030->12031 12033 4d6a30 12032->12033 12034 4d752e 12033->12034 12048 4d7b61 12034->12048 12037 4d7537 12037->11961 12039 4d753f 12040 4d754a 12039->12040 12062 4d7b9d 12039->12062 12040->11961 12043 4d7556 12042->12043 12044 4d7560 12042->12044 12045 4d7b46 ___vcrt_uninitialize_ptd 6 API calls 12043->12045 12044->11963 12046 4d755b 12045->12046 12047 4d7b9d ___vcrt_uninitialize_locks DeleteCriticalSection 12046->12047 12047->12044 12049 4d7b6a 12048->12049 12051 4d7b93 12049->12051 12052 4d7533 12049->12052 12066 4d7dd5 12049->12066 12053 4d7b9d ___vcrt_uninitialize_locks DeleteCriticalSection 12051->12053 12052->12037 12054 4d7b13 12052->12054 12053->12052 12085 4d7ce6 12054->12085 12059 4d7b43 12059->12039 12061 4d7b28 12061->12039 12063 4d7bc7 12062->12063 12064 4d7ba8 12062->12064 12063->12037 12065 4d7bb2 DeleteCriticalSection 12064->12065 12065->12063 12065->12065 12071 4d7c9d 12066->12071 12069 4d7e0d InitializeCriticalSectionAndSpinCount 12070 4d7df8 12069->12070 12070->12049 12072 4d7cb5 12071->12072 12073 4d7cd8 12071->12073 12072->12073 12077 4d7c03 12072->12077 12073->12069 12073->12070 12076 4d7cca GetProcAddress 12076->12073 12083 4d7c0f ___vcrt_InitializeCriticalSectionEx 12077->12083 12078 4d7c83 12078->12073 12078->12076 12079 4d7c25 LoadLibraryExW 12080 4d7c8a 12079->12080 12081 4d7c43 GetLastError 12079->12081 12080->12078 12082 4d7c92 FreeLibrary 12080->12082 12081->12083 12082->12078 12083->12078 12083->12079 12084 4d7c65 LoadLibraryExW 12083->12084 12084->12080 12084->12083 12086 4d7c9d ___vcrt_InitializeCriticalSectionEx 5 API calls 12085->12086 12087 4d7d00 12086->12087 12088 4d7d19 TlsAlloc 12087->12088 12089 4d7b1d 12087->12089 12089->12061 12090 4d7d97 12089->12090 12091 4d7c9d ___vcrt_InitializeCriticalSectionEx 5 API calls 12090->12091 12092 4d7db1 12091->12092 12093 4d7dcc TlsSetValue 12092->12093 12094 4d7b36 12092->12094 12093->12094 12094->12059 12095 4d7b46 12094->12095 12096 4d7b56 12095->12096 12097 4d7b50 12095->12097 12096->12061 12099 4d7d21 12097->12099 12100 4d7c9d ___vcrt_InitializeCriticalSectionEx 5 API calls 12099->12100 12101 4d7d3b 12100->12101 12102 4d7d53 TlsFree 12101->12102 12103 4d7d47 12101->12103 12102->12103 12103->12096 12105 4d6e34 GetStartupInfoW 12104->12105 12105->11967 12107 4ded86 12106->12107 12108 4dedb8 12106->12108 12115 4dd7ab 12107->12115 12108->11971 12530 4df061 12112->12530 12116 4dd7bc 12115->12116 12117 4dd7b6 12115->12117 12119 4e0589 _unexpected 6 API calls 12116->12119 12137 4dd7c2 12116->12137 12118 4e054a _unexpected 6 API calls 12117->12118 12118->12116 12120 4dd7d6 12119->12120 12121 4ddd11 _unexpected 14 API calls 12120->12121 12120->12137 12123 4dd7e6 12121->12123 12125 4dd7ee 12123->12125 12126 4dd803 12123->12126 12127 4e0589 _unexpected 6 API calls 12125->12127 12128 4e0589 _unexpected 6 API calls 12126->12128 12129 4dd7fa 12127->12129 12130 4dd80f 12128->12130 12134 4ddd6e __freea 14 API calls 12129->12134 12131 4dd813 12130->12131 12132 4dd822 12130->12132 12135 4e0589 _unexpected 6 API calls 12131->12135 12133 4dd51e _unexpected 14 API calls 12132->12133 12136 4dd82d 12133->12136 12134->12137 12135->12129 12138 4ddd6e __freea 14 API calls 12136->12138 12139 4dd7c7 12137->12139 12163 4da880 12137->12163 12138->12139 12140 4deb88 12139->12140 12328 4decdd 12140->12328 12147 4debe4 12149 4ddd6e __freea 14 API calls 12147->12149 12148 4debf2 12353 4dedd8 12148->12353 12151 4debcb 12149->12151 12151->12108 12153 4dec2a 12154 4ddcfe __dosmaperr 14 API calls 12153->12154 12155 4dec2f 12154->12155 12157 4ddd6e __freea 14 API calls 12155->12157 12156 4dec71 12159 4decba 12156->12159 12364 4de7fa 12156->12364 12157->12151 12158 4dec45 12158->12156 12161 4ddd6e __freea 14 API calls 12158->12161 12160 4ddd6e __freea 14 API calls 12159->12160 12160->12151 12161->12156 12174 4e0980 12163->12174 12166 4da890 12168 4da8b9 12166->12168 12169 4da89a IsProcessorFeaturePresent 12166->12169 12171 4da0f7 __FrameHandler3::FrameUnwindToState 23 API calls 12168->12171 12170 4da8a6 12169->12170 12204 4dda04 12170->12204 12173 4da8c3 12171->12173 12210 4e08b2 12174->12210 12177 4e09c5 12179 4e09d1 __FrameHandler3::FrameUnwindToState 12177->12179 12178 4e09f8 __FrameHandler3::FrameUnwindToState 12181 4e0a45 12178->12181 12184 4e09fe __FrameHandler3::FrameUnwindToState 12178->12184 12203 4e0a2f 12178->12203 12179->12178 12180 4dd841 __dosmaperr 14 API calls 12179->12180 12179->12184 12180->12178 12182 4ddcfe __dosmaperr 14 API calls 12181->12182 12183 4e0a4a 12182->12183 12221 4ddc00 12183->12221 12186 4e0a71 12184->12186 12223 4df32d EnterCriticalSection 12184->12223 12189 4e0ba4 12186->12189 12190 4e0ab3 12186->12190 12200 4e0ae2 12186->12200 12191 4e0baf 12189->12191 12255 4df375 LeaveCriticalSection 12189->12255 12190->12200 12224 4dd6f0 GetLastError 12190->12224 12194 4da0f7 __FrameHandler3::FrameUnwindToState 23 API calls 12191->12194 12196 4e0bb7 12194->12196 12198 4dd6f0 _unexpected 43 API calls 12201 4e0b37 12198->12201 12199 4dd6f0 _unexpected 43 API calls 12199->12200 12251 4e0b51 12200->12251 12202 4dd6f0 _unexpected 43 API calls 12201->12202 12201->12203 12202->12203 12203->12166 12205 4dda20 __FrameHandler3::FrameUnwindToState 12204->12205 12206 4dda4c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12205->12206 12209 4ddb1d __FrameHandler3::FrameUnwindToState 12206->12209 12208 4ddb3b 12208->12168 12320 4d7182 12209->12320 12211 4e08be __FrameHandler3::FrameUnwindToState 12210->12211 12216 4df32d EnterCriticalSection 12211->12216 12213 4e08cc 12217 4e090a 12213->12217 12216->12213 12220 4df375 LeaveCriticalSection 12217->12220 12219 4da885 12219->12166 12219->12177 12220->12219 12256 4ddb4c 12221->12256 12223->12186 12225 4dd706 12224->12225 12226 4dd70c 12224->12226 12227 4e054a _unexpected 6 API calls 12225->12227 12228 4e0589 _unexpected 6 API calls 12226->12228 12230 4dd710 SetLastError 12226->12230 12227->12226 12229 4dd728 12228->12229 12229->12230 12232 4ddd11 _unexpected 14 API calls 12229->12232 12233 4dd7a5 12230->12233 12234 4dd7a0 12230->12234 12235 4dd73d 12232->12235 12236 4da880 __FrameHandler3::FrameUnwindToState 41 API calls 12233->12236 12234->12199 12237 4dd745 12235->12237 12238 4dd756 12235->12238 12240 4dd7aa 12236->12240 12241 4e0589 _unexpected 6 API calls 12237->12241 12239 4e0589 _unexpected 6 API calls 12238->12239 12242 4dd762 12239->12242 12243 4dd753 12241->12243 12244 4dd77d 12242->12244 12245 4dd766 12242->12245 12247 4ddd6e __freea 14 API calls 12243->12247 12248 4dd51e _unexpected 14 API calls 12244->12248 12246 4e0589 _unexpected 6 API calls 12245->12246 12246->12243 12247->12230 12249 4dd788 12248->12249 12250 4ddd6e __freea 14 API calls 12249->12250 12250->12230 12252 4e0b28 12251->12252 12253 4e0b57 12251->12253 12252->12198 12252->12201 12252->12203 12319 4df375 LeaveCriticalSection 12253->12319 12255->12191 12257 4ddb5e ___std_exception_copy 12256->12257 12262 4ddb83 12257->12262 12263 4ddb9a 12262->12263 12264 4ddb93 12262->12264 12266 4ddb76 12263->12266 12281 4dd9db 12263->12281 12277 4dbe90 GetLastError 12264->12277 12271 4dbce0 12266->12271 12268 4ddbcf 12268->12266 12284 4ddc2d IsProcessorFeaturePresent 12268->12284 12270 4ddbff 12272 4dbcec 12271->12272 12273 4dbd03 12272->12273 12310 4dbee0 12272->12310 12275 4dbd16 12273->12275 12276 4dbee0 ___std_exception_copy 43 API calls 12273->12276 12276->12275 12278 4dbea9 12277->12278 12288 4dd8f2 12278->12288 12282 4dd9ff 12281->12282 12283 4dd9e6 GetLastError SetLastError 12281->12283 12282->12268 12283->12268 12285 4ddc39 12284->12285 12286 4dda04 __FrameHandler3::FrameUnwindToState 8 API calls 12285->12286 12287 4ddc4e GetCurrentProcess TerminateProcess 12286->12287 12287->12270 12289 4dd90b 12288->12289 12290 4dd905 12288->12290 12291 4e0589 _unexpected 6 API calls 12289->12291 12309 4dbec5 SetLastError 12289->12309 12292 4e054a _unexpected 6 API calls 12290->12292 12293 4dd925 12291->12293 12292->12289 12294 4ddd11 _unexpected 14 API calls 12293->12294 12293->12309 12295 4dd935 12294->12295 12296 4dd93d 12295->12296 12297 4dd952 12295->12297 12298 4e0589 _unexpected 6 API calls 12296->12298 12299 4e0589 _unexpected 6 API calls 12297->12299 12303 4dd949 12298->12303 12300 4dd95e 12299->12300 12301 4dd971 12300->12301 12302 4dd962 12300->12302 12305 4dd51e _unexpected 14 API calls 12301->12305 12304 4e0589 _unexpected 6 API calls 12302->12304 12306 4ddd6e __freea 14 API calls 12303->12306 12304->12303 12307 4dd97c 12305->12307 12306->12309 12308 4ddd6e __freea 14 API calls 12307->12308 12308->12309 12309->12263 12311 4dbf2f 12310->12311 12312 4dbeee GetLastError 12310->12312 12311->12273 12313 4dbefd 12312->12313 12314 4dd8f2 ___std_exception_copy 14 API calls 12313->12314 12315 4dbf1a SetLastError 12314->12315 12315->12311 12316 4dbf36 12315->12316 12317 4da880 __FrameHandler3::FrameUnwindToState 41 API calls 12316->12317 12318 4dbf3b 12317->12318 12319->12252 12321 4d718b IsProcessorFeaturePresent 12320->12321 12322 4d718a 12320->12322 12324 4d71cd 12321->12324 12322->12208 12327 4d7190 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12324->12327 12326 4d72b0 12326->12208 12327->12326 12329 4dece9 __FrameHandler3::FrameUnwindToState 12328->12329 12330 4ded03 12329->12330 12372 4df32d EnterCriticalSection 12329->12372 12332 4debb2 12330->12332 12335 4da880 __FrameHandler3::FrameUnwindToState 43 API calls 12330->12335 12339 4de908 12332->12339 12333 4ded3f 12373 4ded5c 12333->12373 12336 4ded7c 12335->12336 12337 4ded13 12337->12333 12338 4ddd6e __freea 14 API calls 12337->12338 12338->12333 12377 4de408 12339->12377 12342 4de929 GetOEMCP 12344 4de952 12342->12344 12343 4de93b 12343->12344 12345 4de940 GetACP 12343->12345 12344->12151 12346 4dfae8 12344->12346 12345->12344 12347 4dfb26 12346->12347 12351 4dfaf6 _unexpected 12346->12351 12349 4ddcfe __dosmaperr 14 API calls 12347->12349 12348 4dfb11 RtlAllocateHeap 12350 4debdc 12348->12350 12348->12351 12349->12350 12350->12147 12350->12148 12351->12347 12351->12348 12352 4e0829 _unexpected 2 API calls 12351->12352 12352->12351 12354 4de908 45 API calls 12353->12354 12355 4dedf8 12354->12355 12357 4dee35 IsValidCodePage 12355->12357 12360 4dee71 __FrameHandler3::FrameUnwindToState 12355->12360 12356 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12358 4dec1f 12356->12358 12359 4dee47 12357->12359 12357->12360 12358->12153 12358->12158 12361 4dee76 GetCPInfo 12359->12361 12363 4dee50 __FrameHandler3::FrameUnwindToState 12359->12363 12360->12356 12361->12360 12361->12363 12420 4de9dc 12363->12420 12365 4de806 __FrameHandler3::FrameUnwindToState 12364->12365 12504 4df32d EnterCriticalSection 12365->12504 12367 4de810 12505 4de847 12367->12505 12372->12337 12376 4df375 LeaveCriticalSection 12373->12376 12375 4ded63 12375->12330 12376->12375 12378 4de426 12377->12378 12384 4de41f 12377->12384 12379 4dd6f0 _unexpected 43 API calls 12378->12379 12378->12384 12380 4de447 12379->12380 12385 4e14cc 12380->12385 12384->12342 12384->12343 12386 4e14df 12385->12386 12387 4de45d 12385->12387 12386->12387 12393 4e0200 12386->12393 12389 4e152a 12387->12389 12390 4e153d 12389->12390 12391 4e1552 12389->12391 12390->12391 12415 4dedc5 12390->12415 12391->12384 12394 4e020c __FrameHandler3::FrameUnwindToState 12393->12394 12395 4dd6f0 _unexpected 43 API calls 12394->12395 12396 4e0215 12395->12396 12397 4e025b 12396->12397 12406 4df32d EnterCriticalSection 12396->12406 12397->12387 12399 4e0233 12407 4e0281 12399->12407 12404 4da880 __FrameHandler3::FrameUnwindToState 43 API calls 12405 4e0280 12404->12405 12406->12399 12408 4e028f _unexpected 12407->12408 12410 4e0244 12407->12410 12409 4dffb4 _unexpected 14 API calls 12408->12409 12408->12410 12409->12410 12411 4e0260 12410->12411 12414 4df375 LeaveCriticalSection 12411->12414 12413 4e0257 12413->12397 12413->12404 12414->12413 12416 4dd6f0 _unexpected 43 API calls 12415->12416 12417 4dedca 12416->12417 12418 4decdd ___scrt_uninitialize_crt 43 API calls 12417->12418 12419 4dedd5 12418->12419 12419->12391 12421 4dea04 GetCPInfo 12420->12421 12422 4deacd 12420->12422 12421->12422 12427 4dea1c 12421->12427 12424 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12422->12424 12426 4deb86 12424->12426 12426->12360 12431 4dfe0e 12427->12431 12430 4e2b92 47 API calls 12430->12422 12432 4de408 43 API calls 12431->12432 12433 4dfe2e 12432->12433 12451 4df0e2 12433->12451 12435 4dfef2 12437 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12435->12437 12436 4dfeea 12454 4dff17 12436->12454 12439 4dea84 12437->12439 12438 4dfe5b 12438->12435 12438->12436 12441 4dfae8 15 API calls 12438->12441 12442 4dfe80 __FrameHandler3::FrameUnwindToState __alloca_probe_16 12438->12442 12446 4e2b92 12439->12446 12441->12442 12442->12436 12443 4df0e2 ___scrt_uninitialize_crt MultiByteToWideChar 12442->12443 12444 4dfecb 12443->12444 12444->12436 12445 4dfed6 GetStringTypeW 12444->12445 12445->12436 12447 4de408 43 API calls 12446->12447 12448 4e2ba5 12447->12448 12458 4e29a4 12448->12458 12452 4df0f3 MultiByteToWideChar 12451->12452 12452->12438 12455 4dff34 12454->12455 12456 4dff23 12454->12456 12455->12435 12456->12455 12457 4ddd6e __freea 14 API calls 12456->12457 12457->12455 12459 4e29bf 12458->12459 12460 4df0e2 ___scrt_uninitialize_crt MultiByteToWideChar 12459->12460 12464 4e2a05 12460->12464 12461 4e2b7d 12462 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12461->12462 12463 4deaa5 12462->12463 12463->12430 12464->12461 12465 4dfae8 15 API calls 12464->12465 12467 4e2a2b __alloca_probe_16 12464->12467 12475 4e2ab1 12464->12475 12465->12467 12466 4dff17 __freea 14 API calls 12466->12461 12468 4df0e2 ___scrt_uninitialize_crt MultiByteToWideChar 12467->12468 12467->12475 12469 4e2a70 12468->12469 12469->12475 12486 4e0616 12469->12486 12472 4e2ada 12474 4e2b65 12472->12474 12477 4dfae8 15 API calls 12472->12477 12479 4e2aec __alloca_probe_16 12472->12479 12473 4e2aa2 12473->12475 12476 4e0616 6 API calls 12473->12476 12478 4dff17 __freea 14 API calls 12474->12478 12475->12466 12476->12475 12477->12479 12478->12475 12479->12474 12480 4e0616 6 API calls 12479->12480 12481 4e2b2f 12480->12481 12481->12474 12492 4df15e 12481->12492 12483 4e2b49 12483->12474 12484 4e2b52 12483->12484 12485 4dff17 __freea 14 API calls 12484->12485 12485->12475 12495 4e02eb 12486->12495 12490 4e0667 LCMapStringW 12491 4e0627 12490->12491 12491->12472 12491->12473 12491->12475 12494 4df175 WideCharToMultiByte 12492->12494 12494->12483 12496 4e03ea _unexpected 5 API calls 12495->12496 12497 4e0301 12496->12497 12497->12491 12498 4e0673 12497->12498 12501 4e0305 12498->12501 12500 4e067e 12500->12490 12502 4e03ea _unexpected 5 API calls 12501->12502 12503 4e031b 12502->12503 12503->12500 12504->12367 12515 4defe0 12505->12515 12507 4de869 12508 4defe0 43 API calls 12507->12508 12509 4de888 12508->12509 12510 4de81d 12509->12510 12511 4ddd6e __freea 14 API calls 12509->12511 12512 4de83b 12510->12512 12511->12510 12529 4df375 LeaveCriticalSection 12512->12529 12514 4de829 12514->12159 12516 4deff1 12515->12516 12525 4defed __InternalCxxFrameHandler 12515->12525 12517 4deff8 12516->12517 12520 4df00b __FrameHandler3::FrameUnwindToState 12516->12520 12518 4ddcfe __dosmaperr 14 API calls 12517->12518 12519 4deffd 12518->12519 12521 4ddc00 ___std_exception_copy 43 API calls 12519->12521 12522 4df039 12520->12522 12523 4df042 12520->12523 12520->12525 12521->12525 12524 4ddcfe __dosmaperr 14 API calls 12522->12524 12523->12525 12527 4ddcfe __dosmaperr 14 API calls 12523->12527 12526 4df03e 12524->12526 12525->12507 12528 4ddc00 ___std_exception_copy 43 API calls 12526->12528 12527->12526 12528->12525 12529->12514 12531 4de408 43 API calls 12530->12531 12532 4df074 12531->12532 12532->11971 12534 4d7760 __FrameHandler3::FrameUnwindToState 12533->12534 12535 4d1483 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 12534->12535 12536 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12535->12536 12537 4d14e6 12536->12537 12537->11981 12537->11982 12539 4d2b50 69 API calls 12538->12539 12540 4d2625 12539->12540 12717 4d2f5f 12540->12717 12542 4d2635 __FrameHandler3::FrameUnwindToState 12543 4d26d9 12542->12543 12545 4d264f GetModuleFileNameW 12542->12545 12544 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12543->12544 12546 4d26e7 12544->12546 12545->12543 12547 4d266a 12545->12547 12551 4d26e9 12546->12551 12547->12543 12548 4d266e RegCreateKeyExW 12547->12548 12548->12543 12549 4d2699 lstrlenW RegSetValueExW 12548->12549 12549->12543 12550 4d26cd RegCloseKey 12549->12550 12550->12543 12552 4d7760 __FrameHandler3::FrameUnwindToState 12551->12552 12553 4d2713 GetModuleFileNameW 12552->12553 12554 4d275f 12553->12554 12555 4d272f 12553->12555 12556 4d2ba0 67 API calls 12554->12556 12555->12554 12557 4d2733 12555->12557 12565 4d275d 12556->12565 12558 4d2ba0 67 API calls 12557->12558 12560 4d2745 12558->12560 12559 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12561 4d2779 12559->12561 12724 4d4b06 12560->12724 12566 4d2b50 12561->12566 12564 4d2f5f RtlFreeHeap 12564->12565 12565->12559 12791 4d11d5 12566->12791 12569 4d2b95 12570 4d103b RaiseException 12569->12570 12571 4d2b9f 12570->12571 12572 4d2b61 12573 4d2b86 12572->12573 12575 4d2b79 12572->12575 12806 4d2dc4 12573->12806 12815 4d29de 12575->12815 12576 4d27f9 12578 4d2bff 12576->12578 12579 4d11d5 58 API calls 12578->12579 12580 4d2c07 12579->12580 12581 4d2802 12580->12581 12582 4d103b RaiseException 12580->12582 12584 4d2ba0 12581->12584 12583 4d2c25 12582->12583 12585 4d11d5 58 API calls 12584->12585 12586 4d2bac 12585->12586 12587 4d2bf4 12586->12587 12590 4d2bb2 12586->12590 12588 4d103b RaiseException 12587->12588 12589 4d2bfe 12588->12589 12591 4d29de 52 API calls 12590->12591 12592 4d2bd6 12590->12592 12591->12592 12592->11994 12976 4d1edd IsUserAnAdmin 12593->12976 12596 4d195d 12600 4d1961 12596->12600 13000 4d2024 12596->13000 12602 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12600->12602 12603 4d1cdd 12602->12603 12666 4d18b8 12603->12666 12605 4d198e 12606 4d1ad5 12605->12606 12607 4d19f1 12605->12607 13025 4d3555 12605->13025 13127 4d3520 12606->13127 13054 4d2132 12607->13054 12612 4d2f7a 14 API calls 12613 4d1a20 12612->12613 12614 4d2c26 RaiseException 12613->12614 12615 4d1a48 PathQuoteSpacesW 12614->12615 13072 4d28b9 12615->13072 12617 4d1a60 __FrameHandler3::FrameUnwindToState 12618 4d1a73 GetModuleFileNameW 12617->12618 12619 4d1a8a 12618->12619 12620 4d1a99 12618->12620 12619->12620 13076 4d1570 12619->13076 12622 4d1c0e 12620->12622 12623 4d1aba 12620->12623 12626 4d14eb 63 API calls 12622->12626 12624 4d1abe 12623->12624 12625 4d1ada 12623->12625 12627 4d254e 74 API calls 12624->12627 12628 4d2b50 69 API calls 12625->12628 12629 4d1c20 12626->12629 12630 4d1aca 12627->12630 12631 4d1ae6 12628->12631 13178 4d1cdf 12629->13178 12634 4d2f5f RtlFreeHeap 12630->12634 12635 4d2bff 59 API calls 12631->12635 12633 4d1c06 13096 4d1db4 12633->13096 12634->12606 12636 4d1af1 12635->12636 13087 4d2aa0 12636->13087 12639 4d1c8d 13111 4d37e2 12639->13111 12643 4d2b50 69 API calls 12646 4d1c51 12643->12646 12644 4d1ca2 12647 4d2f5f RtlFreeHeap 12644->12647 12645 4d2f5f RtlFreeHeap 12648 4d1b42 12645->12648 12653 4d14eb 63 API calls 12646->12653 12647->12606 12649 4d1bcd 12648->12649 12650 4d1b4a 12648->12650 12651 4d14eb 63 API calls 12649->12651 13147 4d2a5b 12650->13147 12654 4d1bcb 12651->12654 12656 4d1c7f 12653->12656 12659 4d2f5f RtlFreeHeap 12654->12659 12658 4d2f5f RtlFreeHeap 12656->12658 12658->12639 12660 4d1bfb 12659->12660 12661 4d2f5f RtlFreeHeap 12660->12661 12661->12633 12662 4d1b7e _strncpy 13165 4d14eb 12662->13165 12665 4d2f5f RtlFreeHeap 12665->12654 12667 4d18c9 12666->12667 12668 4d18ff 12666->12668 12669 4d18e6 12667->12669 12670 4d28df RaiseException 12667->12670 12672 4d2f5f RtlFreeHeap 12668->12672 12671 4d2904 15 API calls 12669->12671 12673 4d18d8 DeleteFileW 12670->12673 12674 4d18ed RemoveDirectoryW 12671->12674 12675 4d190c 12672->12675 12673->12667 12673->12669 12676 4d2c62 45 API calls 12674->12676 12677 4d2f5f RtlFreeHeap 12675->12677 12676->12668 12678 4d1913 12677->12678 12679 4d2904 15 API calls 12678->12679 12680 4d191a 12679->12680 12681 4d2f5f RtlFreeHeap 12680->12681 12682 4d1922 12681->12682 12683 4d2f5f RtlFreeHeap 12682->12683 12684 4d192a 12683->12684 12685 4d29ca 12686 4d2857 12685->12686 12687 4d29d2 12685->12687 12686->12014 12687->12686 12688 4d29d7 CoUninitialize 12687->12688 12688->12686 12690 4d2bff 59 API calls 12689->12690 12691 4d2560 12690->12691 12692 4d256d 12691->12692 12693 4d257c 12691->12693 12694 4d29de 52 API calls 12692->12694 12695 4d2bff 59 API calls 12693->12695 12696 4d257a 12694->12696 12697 4d2584 12695->12697 12699 4d2bff 59 API calls 12696->12699 12698 4d29de 52 API calls 12697->12698 12700 4d258d 12698->12700 12701 4d25b1 12699->12701 13726 4d324d 12700->13726 12703 4d2bff 59 API calls 12701->12703 12705 4d25b9 12703->12705 12704 4d259e 12706 4d2f5f RtlFreeHeap 12704->12706 12707 4d29de 52 API calls 12705->12707 12706->12696 12708 4d25c2 12707->12708 12709 4d324d 73 API calls 12708->12709 12710 4d25d3 12709->12710 12711 4d2f5f RtlFreeHeap 12710->12711 12712 4d25de MessageBoxW 12711->12712 12713 4d2f5f RtlFreeHeap 12712->12713 12714 4d25f6 12713->12714 12715 4d2f5f RtlFreeHeap 12714->12715 12716 4d25fe 12715->12716 12716->12685 12718 4d2f79 12717->12718 12719 4d2f71 12717->12719 12718->12542 12721 4d114d 12719->12721 12722 4d1164 12721->12722 12723 4d1156 RtlFreeHeap 12721->12723 12722->12718 12723->12722 12725 4d2bff 59 API calls 12724->12725 12726 4d4b19 12725->12726 12746 4d3a75 lstrcpynW PathStripPathW PathRemoveExtensionW lstrlenW 12726->12746 12729 4d4b70 12731 4d2ba0 67 API calls 12729->12731 12732 4d4b69 12731->12732 12734 4d2f5f RtlFreeHeap 12732->12734 12737 4d2752 12734->12737 12737->12564 12747 4d3ad5 lstrlenW 12746->12747 12748 4d3ae7 12746->12748 12749 4d3b26 12747->12749 12748->12747 12751 4d3b1a 12748->12751 12752 4d3b76 12748->12752 12750 4d3b39 12749->12750 12753 4d3b3b lstrlenW 12749->12753 12766 4d3939 lstrlenW 12750->12766 12751->12747 12776 4d72b2 12752->12776 12753->12750 12756 4d3b51 12758 4d3b62 12756->12758 12770 4d39c5 lstrlenW 12756->12770 12760 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 12758->12760 12761 4d3b74 12760->12761 12761->12729 12762 4d2c26 12761->12762 12763 4d2c57 12762->12763 12784 4d103b 12763->12784 12767 4d3952 12766->12767 12768 4d3963 lstrlenW 12767->12768 12769 4d396e 12767->12769 12768->12769 12769->12756 12771 4d39e3 12770->12771 12772 4d3a12 lstrlenW 12771->12772 12775 4d39fa 12771->12775 12773 4d3a26 12772->12773 12772->12775 12774 4d3a47 lstrlenW 12773->12774 12773->12775 12774->12773 12774->12775 12775->12758 12779 4d72be IsProcessorFeaturePresent 12776->12779 12780 4d72d3 12779->12780 12783 4d7190 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12780->12783 12782 4d3b7b 12783->12782 12790 4d1026 RaiseException 12784->12790 12786 4d107a 12787 4d103b RaiseException 12789 4d1096 12787->12789 12788 4d105b 12788->12786 12788->12787 12790->12788 12792 4d1203 12791->12792 12793 4d11ec 12791->12793 12824 4e86c5 EnterCriticalSection 12792->12824 12795 4e86c5 6 API calls 12793->12795 12805 4d11fe 12793->12805 12798 4d1253 12795->12798 12796 4d120e 12796->12793 12797 4d1218 GetProcessHeap 12796->12797 12829 4d6be1 12797->12829 12801 4d6be1 46 API calls 12798->12801 12798->12805 12803 4d12a0 12801->12803 12804 4e867b __Init_thread_footer 5 API calls 12803->12804 12804->12805 12805->12569 12805->12572 12807 4d2e0d 12806->12807 12808 4d2dd1 MultiByteToWideChar 12806->12808 12931 4d2c62 12807->12931 12808->12807 12810 4d2dea 12808->12810 12811 4d2c26 RaiseException 12810->12811 12812 4d2df2 MultiByteToWideChar 12811->12812 12905 4d2e7d 12812->12905 12814 4d2e0b 12814->12576 12937 4e805d EnterCriticalSection 12815->12937 12817 4d2a09 FindResourceExW 12818 4d29f3 12817->12818 12818->12817 12820 4e805d 3 API calls 12818->12820 12821 4d2a41 12818->12821 12823 4d2a50 12818->12823 12942 4d10bf LoadResource 12818->12942 12820->12818 12821->12823 12946 4d2d36 FindResourceW 12821->12946 12823->12576 12825 4e86d9 12824->12825 12826 4e86de LeaveCriticalSection 12825->12826 12837 4e874d 12825->12837 12826->12796 12842 4d6bb4 12829->12842 12832 4e867b EnterCriticalSection LeaveCriticalSection 12833 4e8717 12832->12833 12834 4e8722 RtlWakeAllConditionVariable 12833->12834 12835 4e8733 SetEvent ResetEvent 12833->12835 12834->12793 12835->12793 12838 4e875b SleepConditionVariableCS 12837->12838 12839 4e8774 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 12837->12839 12840 4e8798 12838->12840 12839->12840 12840->12825 12843 4d6bca 12842->12843 12844 4d6bc3 12842->12844 12851 4da5f5 12843->12851 12848 4da578 12844->12848 12847 4d123e 12847->12832 12849 4da5f5 46 API calls 12848->12849 12850 4da58a 12849->12850 12850->12847 12854 4da341 12851->12854 12855 4da34d __FrameHandler3::FrameUnwindToState 12854->12855 12862 4df32d EnterCriticalSection 12855->12862 12857 4da35b 12863 4da39c 12857->12863 12859 4da368 12873 4da390 12859->12873 12862->12857 12864 4da42a _unexpected 12863->12864 12865 4da3b7 12863->12865 12864->12859 12865->12864 12872 4da40a 12865->12872 12876 4e06f9 12865->12876 12867 4e06f9 46 API calls 12869 4da420 12867->12869 12868 4da400 12870 4ddd6e __freea 14 API calls 12868->12870 12871 4ddd6e __freea 14 API calls 12869->12871 12870->12872 12871->12864 12872->12864 12872->12867 12904 4df375 LeaveCriticalSection 12873->12904 12875 4da379 12875->12847 12877 4e0706 12876->12877 12878 4e0721 12876->12878 12877->12878 12879 4e0712 12877->12879 12880 4e0730 12878->12880 12885 4e2cb5 12878->12885 12881 4ddcfe __dosmaperr 14 API calls 12879->12881 12892 4e2ce8 12880->12892 12884 4e0717 __FrameHandler3::FrameUnwindToState 12881->12884 12884->12868 12886 4e2cd5 HeapSize 12885->12886 12887 4e2cc0 12885->12887 12886->12880 12888 4ddcfe __dosmaperr 14 API calls 12887->12888 12889 4e2cc5 12888->12889 12890 4ddc00 ___std_exception_copy 43 API calls 12889->12890 12891 4e2cd0 12890->12891 12891->12880 12893 4e2cf5 12892->12893 12894 4e2d00 12892->12894 12895 4dfae8 15 API calls 12893->12895 12896 4e2d08 12894->12896 12903 4e2d11 _unexpected 12894->12903 12900 4e2cfd 12895->12900 12897 4ddd6e __freea 14 API calls 12896->12897 12897->12900 12898 4e2d3b HeapReAlloc 12898->12900 12898->12903 12899 4e2d16 12901 4ddcfe __dosmaperr 14 API calls 12899->12901 12900->12884 12901->12900 12902 4e0829 _unexpected EnterCriticalSection LeaveCriticalSection 12902->12903 12903->12898 12903->12899 12903->12902 12904->12875 12906 4d2e87 12905->12906 12907 4d2e8e 12906->12907 12908 4d103b RaiseException 12906->12908 12907->12814 12909 4d2ea7 12908->12909 12910 4d2eb6 12909->12910 12911 4d2ec0 12909->12911 12912 4d2c62 45 API calls 12910->12912 12913 4d2eca 12911->12913 12914 4d2f54 12911->12914 12916 4d2ebb 12912->12916 12917 4d2c26 RaiseException 12913->12917 12915 4d103b RaiseException 12914->12915 12918 4d2f5e 12915->12918 12916->12814 12919 4d2ee2 12917->12919 12920 4d2f3a 12919->12920 12921 4d2ef0 12919->12921 12922 4d3024 14 API calls 12920->12922 12923 4d2f01 12921->12923 12926 4d2f17 12921->12926 12928 4d2f11 __InternalCxxFrameHandler 12921->12928 12922->12928 12925 4ddcfe __dosmaperr 14 API calls 12923->12925 12924 4d2e7d 45 API calls 12924->12916 12927 4d2f06 12925->12927 12926->12928 12929 4ddcfe __dosmaperr 14 API calls 12926->12929 12930 4ddc00 ___std_exception_copy 43 API calls 12927->12930 12928->12924 12929->12927 12930->12928 12932 4d2c74 12931->12932 12935 4d2c99 12931->12935 12933 4d2c85 12932->12933 12934 4d2e7d 45 API calls 12932->12934 12933->12935 12936 4d114d RtlFreeHeap 12933->12936 12934->12933 12935->12814 12936->12935 12938 4e8076 12937->12938 12941 4e807f LeaveCriticalSection 12937->12941 12938->12941 12956 4d28df 12938->12956 12941->12818 12943 4d10d5 LockResource 12942->12943 12945 4d10f5 12942->12945 12944 4d10e2 SizeofResource 12943->12944 12943->12945 12944->12945 12945->12818 12947 4d2d57 12946->12947 12949 4d2d97 12946->12949 12948 4d10bf 3 API calls 12947->12948 12950 4d2d64 12948->12950 12949->12823 12950->12949 12951 4d2c26 RaiseException 12950->12951 12952 4d2d77 12951->12952 12962 4e98b7 12952->12962 12954 4d2d86 12955 4d2e7d 45 API calls 12954->12955 12955->12949 12957 4d28e9 12956->12957 12958 4d28ee 12957->12958 12961 4d1026 RaiseException 12957->12961 12958->12941 12960 4d2903 12961->12960 12963 4e98c8 12962->12963 12972 4e98c4 __InternalCxxFrameHandler 12962->12972 12964 4e98cf 12963->12964 12965 4e98e2 _wmemset 12963->12965 12966 4ddcfe __dosmaperr 14 API calls 12964->12966 12969 4e991c 12965->12969 12970 4e9913 12965->12970 12965->12972 12967 4e98d4 12966->12967 12968 4ddc00 ___std_exception_copy 43 API calls 12967->12968 12968->12972 12969->12972 12974 4ddcfe __dosmaperr 14 API calls 12969->12974 12971 4ddcfe __dosmaperr 14 API calls 12970->12971 12973 4e9918 12971->12973 12972->12954 12975 4ddc00 ___std_exception_copy 43 API calls 12973->12975 12974->12973 12975->12972 12977 4d1ef7 12976->12977 12987 4d1952 12976->12987 12978 4d2bff 59 API calls 12977->12978 12979 4d1f01 12978->12979 12980 4d2c26 RaiseException 12979->12980 12981 4d1f17 SHGetFolderPathW 12980->12981 12982 4d28b9 45 API calls 12981->12982 12984 4d1f35 12982->12984 12983 4d1f9e 12985 4d2f5f RtlFreeHeap 12983->12985 12984->12983 12986 4d2ba0 67 API calls 12984->12986 12985->12987 12988 4d1f44 12986->12988 12987->12596 13134 4d1fad 12987->13134 13195 4d2860 12988->13195 12991 4d1f6c 12994 4d2860 2 API calls 12991->12994 12992 4d1f5f GetLastError 12992->12991 12993 4d1f94 12992->12993 12996 4d2f5f RtlFreeHeap 12993->12996 12995 4d1f79 12994->12995 13202 4d1e34 CreateDirectoryW 12995->13202 12996->12983 13001 4d7760 __FrameHandler3::FrameUnwindToState 13000->13001 13002 4d2053 GetTempFileNameW 13001->13002 13003 4d2074 13002->13003 13004 4d2121 13002->13004 13006 4d2ba0 67 API calls 13003->13006 13005 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13004->13005 13007 4d1970 13005->13007 13008 4d2086 13006->13008 13007->12600 13021 4d2f7a 13007->13021 13221 4d293d 13008->13221 13011 4d2f5f RtlFreeHeap 13012 4d20a0 FindResourceW 13011->13012 13012->13004 13013 4d20b4 LoadResource 13012->13013 13013->13004 13014 4d20c1 LockResource 13013->13014 13014->13004 13015 4d20ce CreateFileW 13014->13015 13015->13004 13016 4d20ef SizeofResource 13015->13016 13229 4d2369 13016->13229 13019 4d2108 SetFilePointerEx 13019->13004 13020 4d2117 CloseHandle 13019->13020 13020->13004 13022 4d2f85 13021->13022 13023 4d2f93 13022->13023 13024 4d3024 14 API calls 13022->13024 13023->12605 13024->13023 13260 4e84f0 13025->13260 13028 4d35a5 13031 4d2f7a 14 API calls 13028->13031 13041 4d35cf 13028->13041 13029 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13030 4d3777 13029->13030 13030->12605 13032 4d35ff 13031->13032 13262 4d377b 13032->13262 13035 4d377b 69 API calls 13036 4d362a CreateFileW 13035->13036 13037 4d3753 13036->13037 13038 4d3654 13036->13038 13039 4d2f5f RtlFreeHeap 13037->13039 13278 4e9ad4 13038->13278 13039->13041 13041->13029 13043 4d3706 FindCloseChangeNotification 13045 4d371a 13043->13045 13046 4d3740 13043->13046 13044 4d3691 13047 4d36a8 ReadFile 13044->13047 13049 4d36fe 13044->13049 13050 4d372e 13045->13050 13052 4d293d 15 API calls 13045->13052 13046->13037 13051 4d3747 SetFilePointer 13046->13051 13048 4d36c5 WriteFile 13047->13048 13047->13049 13048->13044 13048->13049 13049->13043 13050->13046 13284 4d21ce 13050->13284 13051->13037 13052->13050 13055 4d2bff 59 API calls 13054->13055 13056 4d2145 13055->13056 13057 4d2c26 RaiseException 13056->13057 13058 4d215c GetModuleFileNameW 13057->13058 13059 4d28b9 45 API calls 13058->13059 13060 4d2174 13059->13060 13061 4d21bf 13060->13061 13064 4d2ba0 67 API calls 13060->13064 13062 4d2f5f RtlFreeHeap 13061->13062 13063 4d19f8 13062->13063 13063->12606 13063->12612 13065 4d218b 13064->13065 13066 4d2860 2 API calls 13065->13066 13067 4d2198 CopyFileW 13066->13067 13068 4d21a9 13067->13068 13069 4d21b5 13067->13069 13071 4d293d 15 API calls 13068->13071 13070 4d2f5f RtlFreeHeap 13069->13070 13070->13061 13071->13069 13073 4d28c4 13072->13073 13074 4d2e7d 45 API calls 13073->13074 13075 4d28dd 13074->13075 13075->12617 13077 4d157e 13076->13077 13078 4d157a 13076->13078 13406 4d344a 13077->13406 13078->12620 13080 4d18a2 13081 4d34e2 3 API calls 13080->13081 13083 4d18b3 13081->13083 13083->12620 13084 4d15a4 13084->13080 13085 4e879b 3 API calls 13084->13085 13086 4d1721 __InternalCxxFrameHandler 13084->13086 13085->13086 13416 4d34e2 13086->13416 13088 4d2aaf 13087->13088 13089 4d2acc 13088->13089 13090 4d2aba 13088->13090 13092 4d2da5 58 API calls 13089->13092 13091 4d2f7a 14 API calls 13090->13091 13093 4d1b2c lstrcmpiW 13091->13093 13094 4d2ad3 13092->13094 13093->12645 13095 4d2e1c 45 API calls 13094->13095 13095->13093 13097 4d2bff 59 API calls 13096->13097 13098 4d1dc4 13097->13098 13099 4d14eb 63 API calls 13098->13099 13100 4d1dd7 13099->13100 13101 4d2aa0 60 API calls 13100->13101 13102 4d1dee lstrcmpiW 13101->13102 13103 4d2f5f RtlFreeHeap 13102->13103 13104 4d1e01 13103->13104 13105 4d1e1d 13104->13105 13106 4d2c26 RaiseException 13104->13106 13107 4d2f5f RtlFreeHeap 13105->13107 13108 4d1e15 13106->13108 13110 4d1c3d 13107->13110 13109 4d2e7d 45 API calls 13108->13109 13109->13105 13110->12639 13110->12643 13112 4d2f7a 14 API calls 13111->13112 13113 4d37f8 __FrameHandler3::FrameUnwindToState 13112->13113 13114 4d380c GetStartupInfoW 13113->13114 13115 4d3835 13114->13115 13116 4d3843 CreateProcessW 13114->13116 13117 4d30d0 15 API calls 13115->13117 13118 4d386e WaitForSingleObject 13116->13118 13119 4d3861 GetLastError 13116->13119 13120 4d3840 13117->13120 13122 4d3891 13118->13122 13123 4d3880 GetExitCodeProcess 13118->13123 13121 4d38a4 13119->13121 13120->13116 13125 4d2f5f RtlFreeHeap 13121->13125 13124 4d3894 CloseHandle CloseHandle 13122->13124 13123->13124 13124->13121 13126 4d38ac 13125->13126 13126->12644 13128 4d352c 13127->13128 13129 4d3543 13127->13129 13130 4d28df RaiseException 13128->13130 13423 4d2904 13129->13423 13133 4d3535 DeleteFileW 13130->13133 13133->13128 13133->13129 13135 4d2bff 59 API calls 13134->13135 13136 4d1fc0 13135->13136 13137 4d2c26 RaiseException 13136->13137 13138 4d1fd7 GetTempPathW 13137->13138 13139 4d28b9 45 API calls 13138->13139 13140 4d1fec 13139->13140 13141 4d1e34 65 API calls 13140->13141 13146 4d200f 13140->13146 13143 4d1fff 13141->13143 13142 4d2f5f RtlFreeHeap 13144 4d201d 13142->13144 13145 4d2aef 14 API calls 13143->13145 13143->13146 13144->12596 13145->13146 13146->13142 13148 4d2a69 13147->13148 13149 4d2a84 13148->13149 13150 4d2a72 13148->13150 13152 4d2da5 58 API calls 13149->13152 13151 4d2f7a 14 API calls 13150->13151 13153 4d1b6c 13151->13153 13154 4d2a8b 13152->13154 13156 4e879b 13153->13156 13155 4d2e1c 45 API calls 13154->13155 13155->13153 13157 4e87a4 ___std_exception_copy 13156->13157 13158 4e87c3 13157->13158 13159 4e0829 _unexpected 2 API calls 13157->13159 13161 4e87c5 13157->13161 13158->12662 13159->13157 13160 4e8856 13162 4d9616 std::_Xinvalid_argument RaiseException 13160->13162 13161->13160 13432 4d9616 13161->13432 13163 4e8873 13162->13163 13166 4d2bff 59 API calls 13165->13166 13167 4d14fb 13166->13167 13168 4d2c26 RaiseException 13167->13168 13169 4d1514 13168->13169 13435 4dcfd8 13169->13435 13172 4d28b9 45 API calls 13173 4d1558 13172->13173 13174 4d2ca8 45 API calls 13173->13174 13175 4d1564 13174->13175 13176 4d2f5f RtlFreeHeap 13175->13176 13177 4d156c 13176->13177 13177->12665 13179 4d2bff 59 API calls 13178->13179 13180 4d1d05 13179->13180 13181 4d14eb 63 API calls 13180->13181 13182 4d1d1b 13181->13182 13183 4d2a5b 60 API calls 13182->13183 13184 4d1d36 13183->13184 13185 4d2f5f RtlFreeHeap 13184->13185 13186 4d1d4d __FrameHandler3::FrameUnwindToState 13185->13186 13187 4d1d95 13186->13187 13189 4d1d63 GetModuleFileNameW 13186->13189 13188 4d2f5f RtlFreeHeap 13187->13188 13190 4d1da3 13188->13190 13189->13187 13191 4d1d7f 13189->13191 13192 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13190->13192 13191->13187 13194 4d14eb 63 API calls 13191->13194 13193 4d1db0 13192->13193 13193->12633 13194->13187 13196 4d2c26 RaiseException 13195->13196 13197 4d2871 PathAppendW 13196->13197 13198 4d2883 13197->13198 13199 4d1f51 CreateDirectoryW 13198->13199 13200 4d103b RaiseException 13198->13200 13199->12991 13199->12992 13201 4d28b8 13200->13201 13203 4d1e51 GetLastError 13202->13203 13204 4d1e62 13202->13204 13203->13204 13214 4d1e5e 13203->13214 13205 4d2bff 59 API calls 13204->13205 13206 4d1e6a 13205->13206 13207 4d2c26 RaiseException 13206->13207 13208 4d1e80 GetTempFileNameW 13207->13208 13209 4d28b9 45 API calls 13208->13209 13210 4d1e9c 13209->13210 13211 4d1ea5 DeleteFileW CreateDirectoryW 13210->13211 13216 4d1ecb 13210->13216 13213 4d1ebc 13211->13213 13211->13216 13212 4d2f5f RtlFreeHeap 13212->13214 13215 4d2aef 14 API calls 13213->13215 13214->12993 13217 4d2aef 13214->13217 13215->13216 13216->13212 13218 4d2b1b 13217->13218 13219 4d2b07 13217->13219 13218->12993 13219->13218 13220 4d2f7a 14 API calls 13219->13220 13220->13218 13222 4d294f 13221->13222 13228 4d295f 13221->13228 13225 4d29bf 13222->13225 13222->13228 13223 4d2f7a 14 API calls 13224 4d2095 13223->13224 13224->13011 13226 4d103b RaiseException 13225->13226 13227 4d29c9 13226->13227 13228->13223 13228->13224 13230 4d2399 13229->13230 13241 4d2391 13229->13241 13243 4d6440 13230->13243 13233 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13235 4d2103 13233->13235 13234 4e879b 3 API calls 13236 4d2400 13234->13236 13235->13019 13235->13020 13237 4e879b 3 API calls 13236->13237 13236->13241 13238 4d24b8 13237->13238 13249 4d64b6 13238->13249 13241->13233 13242 4d24ff WriteFile 13242->13241 13244 4d6454 13243->13244 13245 4d23c7 13244->13245 13253 4d63ed 13244->13253 13245->13234 13252 4d651a 13249->13252 13250 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13251 4d24ed 13250->13251 13251->13241 13251->13242 13252->13250 13254 4d640c 13253->13254 13255 4d6427 13254->13255 13256 4d234d 3 API calls 13254->13256 13255->13245 13257 4d234d 13255->13257 13256->13255 13258 4e879b 3 API calls 13257->13258 13259 4d2358 13258->13259 13259->13245 13261 4d3562 ReadFile 13260->13261 13261->13028 13261->13041 13319 4d2da5 13262->13319 13265 4d378d 13269 4d37b4 13265->13269 13271 4d37a6 13265->13271 13266 4d37d7 13267 4d103b RaiseException 13266->13267 13268 4d37e1 13267->13268 13270 4d2dc4 47 API calls 13269->13270 13272 4d37b2 13270->13272 13273 4d29de 52 API calls 13271->13273 13323 4d2ca8 13272->13323 13273->13272 13276 4d2f5f RtlFreeHeap 13277 4d3618 13276->13277 13277->13035 13279 4e9ae7 ___std_exception_copy 13278->13279 13335 4dd05a 13279->13335 13281 4e9b08 13282 4dbce0 ___std_exception_copy 43 API calls 13281->13282 13283 4d3663 SetFilePointer 13282->13283 13283->13043 13283->13044 13285 4d2ba0 67 API calls 13284->13285 13286 4d21e7 13285->13286 13287 4d293d 15 API calls 13286->13287 13288 4d21f3 13287->13288 13289 4d2271 13288->13289 13295 4d2228 13288->13295 13290 4d2f7a 14 API calls 13289->13290 13291 4d226c 13290->13291 13292 4d2c26 RaiseException 13291->13292 13294 4d228b 13292->13294 13293 4d22c6 13296 4d103b RaiseException 13293->13296 13294->13293 13297 4d229a CharLowerBuffW 13294->13297 13295->13293 13300 4d2da5 58 API calls 13295->13300 13298 4d233c 13296->13298 13299 4d2e7d 45 API calls 13297->13299 13301 4d21ce 67 API calls 13298->13301 13302 4d22ab 13299->13302 13303 4d225e 13300->13303 13304 4d234b 13301->13304 13302->13293 13305 4d231b 13302->13305 13307 4d22cd 13302->13307 13396 4d2e1c 13303->13396 13304->13046 13308 4d2f5f RtlFreeHeap 13305->13308 13311 4d2da5 58 API calls 13307->13311 13309 4d2323 13308->13309 13310 4d2f5f RtlFreeHeap 13309->13310 13312 4d232b 13310->13312 13313 4d22db 13311->13313 13312->13046 13314 4d2e1c 45 API calls 13313->13314 13315 4d22e9 13314->13315 13316 4d2313 13315->13316 13318 4d2aef 14 API calls 13315->13318 13317 4d2f5f RtlFreeHeap 13316->13317 13317->13305 13318->13316 13320 4d2dae 13319->13320 13321 4d11d5 58 API calls 13320->13321 13322 4d2dbc 13320->13322 13321->13322 13322->13265 13322->13266 13324 4d2d2b 13323->13324 13328 4d2cce 13323->13328 13325 4d103b RaiseException 13324->13325 13326 4d2d35 13325->13326 13327 4d2cf4 13329 4d2c26 RaiseException 13327->13329 13328->13324 13328->13327 13330 4d2d01 13329->13330 13331 4d3024 14 API calls 13330->13331 13332 4d2d17 13331->13332 13333 4d2e7d 45 API calls 13332->13333 13334 4d2d24 13333->13334 13334->13276 13349 4dcf1b 13335->13349 13337 4dd0b4 13343 4dd0d8 13337->13343 13356 4dcec0 13337->13356 13338 4dd06c 13338->13337 13339 4dd081 13338->13339 13348 4dd09c 13338->13348 13341 4ddb83 ___std_exception_copy 29 API calls 13339->13341 13341->13348 13345 4dd0fc 13343->13345 13363 4dd2a1 13343->13363 13344 4dd184 13346 4dce69 43 API calls 13344->13346 13345->13344 13370 4dce69 13345->13370 13346->13348 13348->13281 13350 4dcf20 13349->13350 13351 4dcf33 13349->13351 13352 4ddcfe __dosmaperr 14 API calls 13350->13352 13351->13338 13353 4dcf25 13352->13353 13354 4ddc00 ___std_exception_copy 43 API calls 13353->13354 13355 4dcf30 13354->13355 13355->13338 13357 4dbee0 ___std_exception_copy 43 API calls 13356->13357 13358 4dced0 13357->13358 13376 4e14f9 13358->13376 13364 4dd2ad 13363->13364 13365 4dd2c3 13363->13365 13384 4dfac4 13364->13384 13366 4dd2d3 13365->13366 13389 4e2241 13365->13389 13366->13343 13369 4dd2b8 13369->13343 13371 4dce8e 13370->13371 13372 4dce7a 13370->13372 13371->13344 13372->13371 13373 4ddcfe __dosmaperr 14 API calls 13372->13373 13374 4dce83 13373->13374 13375 4ddc00 ___std_exception_copy 43 API calls 13374->13375 13375->13371 13377 4dceed 13376->13377 13378 4e1510 13376->13378 13380 4e1557 13377->13380 13378->13377 13379 4e0200 ___scrt_uninitialize_crt 43 API calls 13378->13379 13379->13377 13381 4e156e 13380->13381 13382 4dcefa 13380->13382 13381->13382 13383 4dedc5 ___scrt_uninitialize_crt 43 API calls 13381->13383 13382->13343 13383->13382 13385 4dd6f0 _unexpected 43 API calls 13384->13385 13386 4dfacf 13385->13386 13387 4e14cc 43 API calls 13386->13387 13388 4dfadf 13387->13388 13388->13369 13390 4de408 43 API calls 13389->13390 13391 4e225e 13390->13391 13392 4dfe0e 46 API calls 13391->13392 13394 4e226e 13391->13394 13392->13394 13393 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13395 4e230a 13393->13395 13394->13393 13395->13366 13397 4d2e37 13396->13397 13398 4d2e2a 13396->13398 13400 4d103b RaiseException 13397->13400 13398->13397 13399 4d2e3e 13398->13399 13401 4d2e77 13399->13401 13402 4d2e7d 45 API calls 13399->13402 13400->13401 13403 4d2e56 13402->13403 13404 4d3024 14 API calls 13403->13404 13405 4d2e63 13404->13405 13405->13291 13407 4d34e2 3 API calls 13406->13407 13408 4d3459 CreateFileW 13407->13408 13409 4d347c CreateFileMappingW 13408->13409 13410 4d34c0 13408->13410 13411 4d3490 MapViewOfFile 13409->13411 13412 4d34d3 13409->13412 13410->13084 13414 4d34ca CloseHandle 13411->13414 13415 4d34a5 VirtualQuery 13411->13415 13413 4d34e2 3 API calls 13412->13413 13413->13410 13414->13412 13415->13410 13415->13414 13417 4d34f8 13416->13417 13418 4d34eb UnmapViewOfFile 13416->13418 13419 4d34fe CloseHandle 13417->13419 13420 4d350b 13417->13420 13418->13417 13419->13420 13421 4d351e 13420->13421 13422 4d3511 CloseHandle 13420->13422 13421->13080 13422->13421 13427 4d2910 13423->13427 13428 4d2930 13423->13428 13424 4d2928 13429 4da800 13424->13429 13425 4d2f5f RtlFreeHeap 13425->13427 13427->13424 13427->13425 13430 4ddd6e __freea 14 API calls 13429->13430 13431 4da818 13430->13431 13431->13428 13433 4d965d RaiseException 13432->13433 13434 4d9630 13432->13434 13433->13160 13434->13433 13436 4dcfec ___std_exception_copy 13435->13436 13441 4daa52 13436->13441 13439 4dbce0 ___std_exception_copy 43 API calls 13440 4d153a 13439->13440 13440->13172 13442 4daa7e 13441->13442 13443 4daaa1 13441->13443 13444 4ddb83 ___std_exception_copy 29 API calls 13442->13444 13443->13442 13446 4daaa9 13443->13446 13450 4daa96 13444->13450 13445 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13447 4dabd3 13445->13447 13452 4dc206 13446->13452 13447->13439 13450->13445 13465 4dcf36 13452->13465 13455 4dc229 13456 4ddb83 ___std_exception_copy 29 API calls 13455->13456 13457 4dab2a 13456->13457 13462 4dbd1c 13457->13462 13460 4dc253 13460->13457 13469 4dbf3c 13460->13469 13472 4dc446 13460->13472 13513 4dc5d4 13460->13513 13463 4ddd6e __freea 14 API calls 13462->13463 13464 4dbd2c 13463->13464 13464->13450 13466 4dc21b 13465->13466 13467 4dcf41 13465->13467 13466->13455 13466->13457 13466->13460 13468 4ddb83 ___std_exception_copy 29 API calls 13467->13468 13468->13466 13549 4dae3d 13469->13549 13471 4dbf79 13471->13460 13473 4dc46c 13472->13473 13474 4dc454 13472->13474 13475 4ddb83 ___std_exception_copy 29 API calls 13473->13475 13483 4dc4ad 13473->13483 13476 4dc66e 13474->13476 13477 4dc5fe 13474->13477 13474->13483 13478 4dc4a1 13475->13478 13479 4dc6c1 13476->13479 13480 4dc673 13476->13480 13481 4dc69b 13477->13481 13482 4dc604 13477->13482 13478->13460 13486 4dc625 13479->13486 13487 4dc6ca 13479->13487 13484 4dc6b5 13480->13484 13485 4dc675 13480->13485 13590 4db5ac 13481->13590 13488 4dc64b 13482->13488 13494 4dc60a 13482->13494 13495 4dc640 13482->13495 13483->13460 13607 4dcd8b 13484->13607 13492 4dc6a9 13485->13492 13493 4dc67a 13485->13493 13512 4dc639 13486->13512 13565 4dcda1 13486->13565 13487->13481 13487->13495 13488->13492 13497 4dc655 13488->13497 13510 4dc631 13488->13510 13597 4dcaa3 13492->13597 13493->13481 13498 4dc67f 13493->13498 13494->13492 13494->13497 13502 4dc617 13494->13502 13495->13512 13569 4db72e 13495->13569 13497->13512 13576 4dcc43 13497->13576 13500 4dc684 13498->13500 13501 4dc692 13498->13501 13500->13512 13582 4dcd6e 13500->13582 13586 4dccea 13501->13586 13502->13486 13502->13492 13502->13512 13503 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13506 4dc9f3 13503->13506 13506->13460 13508 4dcec0 ___scrt_uninitialize_crt 43 API calls 13511 4dc8d7 13508->13511 13510->13508 13510->13511 13510->13512 13511->13512 13610 4e20d2 13511->13610 13512->13503 13514 4dc66e 13513->13514 13515 4dc5fe 13513->13515 13516 4dc6c1 13514->13516 13517 4dc673 13514->13517 13518 4dc69b 13515->13518 13519 4dc604 13515->13519 13522 4dc625 13516->13522 13523 4dc6ca 13516->13523 13520 4dc6b5 13517->13520 13521 4dc675 13517->13521 13525 4db5ac 30 API calls 13518->13525 13524 4dc64b 13519->13524 13530 4dc60a 13519->13530 13531 4dc640 13519->13531 13529 4dcd8b 30 API calls 13520->13529 13527 4dc6a9 13521->13527 13528 4dc67a 13521->13528 13526 4dcda1 43 API calls 13522->13526 13548 4dc639 13522->13548 13523->13518 13523->13531 13524->13527 13534 4dc655 13524->13534 13544 4dc631 13524->13544 13525->13544 13526->13544 13532 4dcaa3 46 API calls 13527->13532 13528->13518 13533 4dc67f 13528->13533 13529->13544 13530->13527 13530->13534 13538 4dc617 13530->13538 13537 4db72e 30 API calls 13531->13537 13531->13548 13532->13544 13535 4dc684 13533->13535 13536 4dc692 13533->13536 13541 4dcc43 44 API calls 13534->13541 13534->13548 13543 4dcd6e 30 API calls 13535->13543 13535->13548 13540 4dccea 29 API calls 13536->13540 13537->13544 13538->13522 13538->13527 13538->13548 13539 4d7182 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 13542 4dc9f3 13539->13542 13540->13544 13541->13544 13542->13460 13543->13544 13545 4dcec0 ___scrt_uninitialize_crt 43 API calls 13544->13545 13547 4dc8d7 13544->13547 13544->13548 13545->13547 13546 4e20d2 ___scrt_uninitialize_crt 44 API calls 13546->13547 13547->13546 13547->13548 13548->13539 13550 4dcf1b 43 API calls 13549->13550 13552 4dae53 13550->13552 13551 4dae68 13553 4ddb83 ___std_exception_copy 29 API calls 13551->13553 13552->13551 13555 4dae9b 13552->13555 13558 4dae83 13552->13558 13553->13558 13554 4db19a 13556 4dce92 43 API calls 13554->13556 13555->13554 13559 4dce92 13555->13559 13556->13558 13558->13471 13560 4dcebc 13559->13560 13561 4dcea7 13559->13561 13560->13554 13561->13560 13562 4ddcfe __dosmaperr 14 API calls 13561->13562 13563 4dceb1 13562->13563 13564 4ddc00 ___std_exception_copy 43 API calls 13563->13564 13564->13560 13566 4dcdbd 13565->13566 13568 4dcddb 13566->13568 13622 4dce14 13566->13622 13568->13510 13570 4db742 13569->13570 13571 4db764 13570->13571 13573 4db78b 13570->13573 13572 4ddb83 ___std_exception_copy 29 API calls 13571->13572 13575 4db781 13572->13575 13573->13575 13626 4dad21 13573->13626 13575->13510 13578 4dcc6f 13576->13578 13577 4dcc8b 13581 4e20d2 ___scrt_uninitialize_crt 44 API calls 13577->13581 13578->13577 13579 4dcec0 ___scrt_uninitialize_crt 43 API calls 13578->13579 13580 4dccac 13578->13580 13579->13577 13580->13510 13581->13580 13583 4dcd7a 13582->13583 13588 4dccff 13586->13588 13587 4ddb83 ___std_exception_copy 29 API calls 13589 4dcd20 13587->13589 13588->13587 13588->13589 13589->13510 13591 4db5c0 13590->13591 13592 4db5e2 13591->13592 13594 4db609 13591->13594 13593 4ddb83 ___std_exception_copy 29 API calls 13592->13593 13596 4db5ff 13593->13596 13595 4dad21 15 API calls 13594->13595 13594->13596 13595->13596 13596->13510 13598 4dcac4 13597->13598 13647 4daca0 13598->13647 13600 4dcb08 13608 4db72e 30 API calls 13607->13608 13609 4dcda0 13608->13609 13609->13510 13611 4e20e6 13610->13611 13620 4e20f6 13610->13620 13612 4e211b 13611->13612 13613 4dcec0 ___scrt_uninitialize_crt 43 API calls 13611->13613 13611->13620 13614 4e214f 13612->13614 13615 4e212c 13612->13615 13613->13612 13614->13620 13620->13511 13623 4dce2e 13622->13623 13624 4dce27 13622->13624 13623->13568 13625 4dcec0 ___scrt_uninitialize_crt 43 API calls 13624->13625 13625->13623 13627 4dad48 13626->13627 13628 4dad36 13626->13628 13627->13628 13629 4dfae8 15 API calls 13627->13629 13628->13575 13648 4dacc7 13647->13648 13657 4dacb5 13647->13657 13649 4dfae8 15 API calls 13648->13649 13648->13657 13657->13600 13727 4d2da5 58 API calls 13726->13727 13728 4d325a 13727->13728 13730 4d29de 52 API calls 13728->13730 13738 4d32a4 13728->13738 13729 4d103b RaiseException 13731 4d32b5 GetLastError SetLastError FormatMessageW 13729->13731 13733 4d3276 13730->13733 13734 4d32fb GetLastError 13731->13734 13735 4d3305 SetLastError 13731->13735 13733->13738 13739 4d3283 13733->13739 13734->13735 13740 4d33c1 13734->13740 13736 4d33aa 13735->13736 13737 4d3315 13735->13737 13741 4d2c62 45 API calls 13736->13741 13737->13736 13743 4d3326 13737->13743 13738->13729 13744 4d2f5f RtlFreeHeap 13739->13744 13742 4d33b1 LocalFree 13741->13742 13742->12704 13745 4d2c26 RaiseException 13743->13745 13746 4d32a2 13744->13746 13747 4d333d 13745->13747 13746->12704 13748 4d334b 13747->13748 13749 4d3393 13747->13749 13751 4d335c 13748->13751 13755 4d3372 13748->13755 13756 4d336c __InternalCxxFrameHandler 13748->13756 13750 4d3024 14 API calls 13749->13750 13750->13756 13753 4ddcfe __dosmaperr 14 API calls 13751->13753 13752 4d2e7d 45 API calls 13754 4d33a8 13752->13754 13757 4d3361 13753->13757 13754->13742 13755->13756 13758 4ddcfe __dosmaperr 14 API calls 13755->13758 13756->13752 13759 4ddc00 ___std_exception_copy 43 API calls 13757->13759 13758->13757 13759->13756 13761 4d9f9d 13760->13761 13762 4d9f8b 13760->13762 13772 4d9e26 13761->13772 13764 4d6e57 __FrameHandler3::FrameUnwindToState GetModuleHandleW 13762->13764 13766 4d9f90 13764->13766 13766->13761 13787 4da048 GetModuleHandleExW 13766->13787 13767 4d6992 13767->12029 13773 4d9e32 __FrameHandler3::FrameUnwindToState 13772->13773 13793 4df32d EnterCriticalSection 13773->13793 13775 4d9e3c 13794 4d9e73 13775->13794 13777 4d9e49 13798 4d9e67 13777->13798 13780 4d9ff5 13823 4da026 13780->13823 13783 4da013 13785 4da048 __FrameHandler3::FrameUnwindToState 3 API calls 13783->13785 13784 4da003 GetCurrentProcess TerminateProcess 13784->13783 13786 4da01b ExitProcess 13785->13786 13788 4da0a8 13787->13788 13789 4da087 GetProcAddress 13787->13789 13790 4da0ae FreeLibrary 13788->13790 13791 4d9f9c 13788->13791 13789->13788 13792 4da09b 13789->13792 13790->13791 13791->13761 13792->13788 13793->13775 13795 4d9e7f __FrameHandler3::FrameUnwindToState 13794->13795 13796 4d9ee6 __FrameHandler3::FrameUnwindToState 13795->13796 13801 4da58e 13795->13801 13796->13777 13822 4df375 LeaveCriticalSection 13798->13822 13800 4d9e55 13800->13767 13800->13780 13802 4da59a __EH_prolog3 13801->13802 13805 4da2e6 13802->13805 13804 4da5c1 __FrameHandler3::FrameUnwindToState 13804->13796 13806 4da2f2 __FrameHandler3::FrameUnwindToState 13805->13806 13813 4df32d EnterCriticalSection 13806->13813 13808 4da300 13814 4da49e 13808->13814 13813->13808 13815 4da4bd 13814->13815 13816 4da30d 13814->13816 13815->13816 13817 4ddd6e __freea 14 API calls 13815->13817 13818 4da335 13816->13818 13817->13816 13821 4df375 LeaveCriticalSection 13818->13821 13820 4da31e 13820->13804 13821->13820 13822->13800 13828 4df38c GetPEB 13823->13828 13826 4d9fff 13826->13783 13826->13784 13827 4da030 GetPEB 13827->13826 13829 4df3a6 13828->13829 13831 4da02b 13828->13831 13832 4e046d 13829->13832 13831->13826 13831->13827 13833 4e03ea _unexpected 5 API calls 13832->13833 13834 4e0489 13833->13834 13834->13831 13836 4da752 ___scrt_uninitialize_crt 13835->13836 13838 4da740 13835->13838 13836->12023 13837 4da74e 13837->12023 13838->13837 13840 4e0e63 13838->13840 13843 4e0cf0 13840->13843 13846 4e0c44 13843->13846 13847 4e0c50 __FrameHandler3::FrameUnwindToState 13846->13847 13854 4df32d EnterCriticalSection 13847->13854 13849 4e0c5a ___scrt_uninitialize_crt 13850 4e0cc6 13849->13850 13855 4e0bb8 13849->13855 13863 4e0ce4 13850->13863 13854->13849 13856 4e0bc4 __FrameHandler3::FrameUnwindToState 13855->13856 13866 4e0f80 EnterCriticalSection 13856->13866 13858 4e0c1a 13880 4e0c38 13858->13880 13859 4e0bce ___scrt_uninitialize_crt 13859->13858 13867 4e0dfe 13859->13867 13982 4df375 LeaveCriticalSection 13863->13982 13865 4e0cd2 13865->13837 13866->13859 13868 4e0e13 ___std_exception_copy 13867->13868 13869 4e0e1a 13868->13869 13870 4e0e25 13868->13870 13871 4e0cf0 ___scrt_uninitialize_crt 72 API calls 13869->13871 13883 4e0d95 13870->13883 13873 4e0e20 13871->13873 13875 4dbce0 ___std_exception_copy 43 API calls 13873->13875 13876 4e0e5d 13875->13876 13876->13858 13878 4e0e46 13896 4e2df3 13878->13896 13981 4e0f94 LeaveCriticalSection 13880->13981 13882 4e0c26 13882->13849 13884 4e0dae 13883->13884 13888 4e0dd5 13883->13888 13885 4e2205 ___scrt_uninitialize_crt 43 API calls 13884->13885 13884->13888 13886 4e0dca 13885->13886 13907 4e361e 13886->13907 13888->13873 13889 4e2205 13888->13889 13890 4e2226 13889->13890 13891 4e2211 13889->13891 13890->13878 13892 4ddcfe __dosmaperr 14 API calls 13891->13892 13893 4e2216 13892->13893 13894 4ddc00 ___std_exception_copy 43 API calls 13893->13894 13895 4e2221 13894->13895 13895->13878 13897 4e2e04 13896->13897 13898 4e2e11 13896->13898 13900 4ddcfe __dosmaperr 14 API calls 13897->13900 13899 4e2e5a 13898->13899 13902 4e2e38 13898->13902 13901 4ddcfe __dosmaperr 14 API calls 13899->13901 13906 4e2e09 13900->13906 13903 4e2e5f 13901->13903 13948 4e2d51 13902->13948 13905 4ddc00 ___std_exception_copy 43 API calls 13903->13905 13905->13906 13906->13873 13909 4e362a __FrameHandler3::FrameUnwindToState 13907->13909 13908 4e36ee 13910 4ddb83 ___std_exception_copy 29 API calls 13908->13910 13909->13908 13911 4e367f 13909->13911 13917 4e3632 13909->13917 13910->13917 13918 4df50b EnterCriticalSection 13911->13918 13913 4e3685 13914 4e36a2 13913->13914 13919 4e3726 13913->13919 13945 4e36e6 13914->13945 13917->13888 13918->13913 13920 4e374b 13919->13920 13943 4e376e ___scrt_uninitialize_crt 13919->13943 13921 4e374f 13920->13921 13923 4e37ad 13920->13923 13922 4ddb83 ___std_exception_copy 29 API calls 13921->13922 13922->13943 13924 4e37c4 13923->13924 13925 4e58f4 ___scrt_uninitialize_crt 45 API calls 13923->13925 13926 4e32aa ___scrt_uninitialize_crt 44 API calls 13924->13926 13925->13924 13927 4e37ce 13926->13927 13928 4e3814 13927->13928 13929 4e37d4 13927->13929 13930 4e3828 13928->13930 13931 4e3877 WriteFile 13928->13931 13932 4e37fe 13929->13932 13933 4e37db 13929->13933 13936 4e3865 13930->13936 13937 4e3830 13930->13937 13934 4e3899 GetLastError 13931->13934 13931->13943 13935 4e2e70 ___scrt_uninitialize_crt 49 API calls 13932->13935 13940 4e3242 ___scrt_uninitialize_crt 6 API calls 13933->13940 13933->13943 13934->13943 13935->13943 13941 4e3328 ___scrt_uninitialize_crt 7 API calls 13936->13941 13938 4e3835 13937->13938 13939 4e3853 13937->13939 13938->13943 13944 4e3403 ___scrt_uninitialize_crt 7 API calls 13938->13944 13942 4e34ec ___scrt_uninitialize_crt 8 API calls 13939->13942 13940->13943 13941->13943 13942->13943 13943->13914 13944->13943 13946 4df52e ___scrt_uninitialize_crt LeaveCriticalSection 13945->13946 13947 4e36ec 13946->13947 13947->13917 13949 4e2d5d __FrameHandler3::FrameUnwindToState 13948->13949 13961 4df50b EnterCriticalSection 13949->13961 13951 4e2d6c 13952 4e2db1 13951->13952 13962 4df5e2 13951->13962 13954 4ddcfe __dosmaperr 14 API calls 13952->13954 13956 4e2db8 13954->13956 13955 4e2d98 FlushFileBuffers 13955->13956 13957 4e2da4 GetLastError 13955->13957 13978 4e2de7 13956->13978 13975 4ddceb 13957->13975 13961->13951 13963 4df5ef 13962->13963 13966 4df604 13962->13966 13964 4ddceb __dosmaperr 14 API calls 13963->13964 13965 4df5f4 13964->13965 13968 4ddcfe __dosmaperr 14 API calls 13965->13968 13967 4ddceb __dosmaperr 14 API calls 13966->13967 13969 4df629 13966->13969 13970 4df634 13967->13970 13971 4df5fc 13968->13971 13969->13955 13972 4ddcfe __dosmaperr 14 API calls 13970->13972 13971->13955 13973 4df63c 13972->13973 13974 4ddc00 ___std_exception_copy 43 API calls 13973->13974 13974->13971 13976 4dd841 __dosmaperr 14 API calls 13975->13976 13977 4ddcf0 13976->13977 13977->13952 13979 4df52e ___scrt_uninitialize_crt LeaveCriticalSection 13978->13979 13980 4e2dd0 13979->13980 13980->13906 13981->13882 13982->13865 14516 4da221 14519 4da186 14516->14519 14520 4da192 __FrameHandler3::FrameUnwindToState 14519->14520 14527 4df32d EnterCriticalSection 14520->14527 14522 4da1ca 14528 4da1e8 14522->14528 14524 4da19c 14524->14522 14525 4e0281 ___scrt_uninitialize_crt 14 API calls 14524->14525 14525->14524 14527->14524 14531 4df375 LeaveCriticalSection 14528->14531 14530 4da1d6 14531->14530 14857 4e0f34 14858 4e0e63 ___scrt_uninitialize_crt 72 API calls 14857->14858 14859 4e0f3c 14858->14859 14867 4e3926 14859->14867 14861 4e0f41 14877 4e39d1 14861->14877 14864 4e0f6b 14865 4ddd6e __freea 14 API calls 14864->14865 14866 4e0f76 14865->14866 14868 4e3932 __FrameHandler3::FrameUnwindToState 14867->14868 14881 4df32d EnterCriticalSection 14868->14881 14870 4e39a9 14888 4e39c8 14870->14888 14873 4e397d DeleteCriticalSection 14875 4ddd6e __freea 14 API calls 14873->14875 14876 4e393d 14875->14876 14876->14870 14876->14873 14882 4e5a69 14876->14882 14878 4e0f50 DeleteCriticalSection 14877->14878 14879 4e39e8 14877->14879 14878->14861 14878->14864 14879->14878 14880 4ddd6e __freea 14 API calls 14879->14880 14880->14878 14881->14876 14883 4e5a7c ___std_exception_copy 14882->14883 14891 4e5944 14883->14891 14885 4e5a88 14886 4dbce0 ___std_exception_copy 43 API calls 14885->14886 14887 4e5a94 14886->14887 14887->14876 14963 4df375 LeaveCriticalSection 14888->14963 14890 4e39b5 14890->14861 14892 4e5950 __FrameHandler3::FrameUnwindToState 14891->14892 14893 4e597d 14892->14893 14894 4e595a 14892->14894 14901 4e5975 14893->14901 14902 4e0f80 EnterCriticalSection 14893->14902 14895 4ddb83 ___std_exception_copy 29 API calls 14894->14895 14895->14901 14897 4e599b 14903 4e59db 14897->14903 14899 4e59a8 14917 4e59d3 14899->14917 14901->14885 14902->14897 14904 4e5a0b 14903->14904 14905 4e59e8 14903->14905 14907 4e5a03 14904->14907 14908 4e0d95 ___scrt_uninitialize_crt 68 API calls 14904->14908 14906 4ddb83 ___std_exception_copy 29 API calls 14905->14906 14906->14907 14907->14899 14909 4e5a23 14908->14909 14910 4e39d1 14 API calls 14909->14910 14911 4e5a2b 14910->14911 14912 4e2205 ___scrt_uninitialize_crt 43 API calls 14911->14912 14913 4e5a37 14912->14913 14920 4e669c 14913->14920 14916 4ddd6e __freea 14 API calls 14916->14907 14962 4e0f94 LeaveCriticalSection 14917->14962 14919 4e59d9 14919->14901 14921 4e66c5 14920->14921 14926 4e5a3e 14920->14926 14922 4e6714 14921->14922 14924 4e66ec 14921->14924 14923 4ddb83 ___std_exception_copy 29 API calls 14922->14923 14923->14926 14927 4e660b 14924->14927 14926->14907 14926->14916 14928 4e6617 __FrameHandler3::FrameUnwindToState 14927->14928 14935 4df50b EnterCriticalSection 14928->14935 14930 4e6625 14932 4e6656 14930->14932 14936 4e673f 14930->14936 14949 4e6690 14932->14949 14935->14930 14937 4df5e2 ___scrt_uninitialize_crt 43 API calls 14936->14937 14939 4e674f 14937->14939 14938 4e6755 14952 4df551 14938->14952 14939->14938 14941 4df5e2 ___scrt_uninitialize_crt 43 API calls 14939->14941 14948 4e6787 14939->14948 14943 4e677e 14941->14943 14942 4df5e2 ___scrt_uninitialize_crt 43 API calls 14944 4e6793 CloseHandle 14942->14944 14946 4df5e2 ___scrt_uninitialize_crt 43 API calls 14943->14946 14944->14938 14947 4e679f GetLastError 14944->14947 14945 4e67ad ___scrt_uninitialize_crt 14945->14932 14946->14948 14947->14938 14948->14938 14948->14942 14961 4df52e LeaveCriticalSection 14949->14961 14951 4e6679 14951->14926 14953 4df5c7 14952->14953 14954 4df560 14952->14954 14955 4ddcfe __dosmaperr 14 API calls 14953->14955 14954->14953 14960 4df58a 14954->14960 14956 4df5cc 14955->14956 14957 4ddceb __dosmaperr 14 API calls 14956->14957 14958 4df5b7 14957->14958 14958->14945 14959 4df5b1 SetStdHandle 14959->14958 14960->14958 14960->14959 14961->14951 14962->14919 14963->14890 15264 4dd5b7 15265 4dd5d2 15264->15265 15266 4dd5c2 15264->15266 15270 4dd5d8 15266->15270 15269 4ddd6e __freea 14 API calls 15269->15265 15271 4dd5ed 15270->15271 15272 4dd5f3 15270->15272 15273 4ddd6e __freea 14 API calls 15271->15273 15274 4ddd6e __freea 14 API calls 15272->15274 15273->15272 15275 4dd5ff 15274->15275 15276 4ddd6e __freea 14 API calls 15275->15276 15277 4dd60a 15276->15277 15278 4ddd6e __freea 14 API calls 15277->15278 15279 4dd615 15278->15279 15280 4ddd6e __freea 14 API calls 15279->15280 15281 4dd620 15280->15281 15282 4ddd6e __freea 14 API calls 15281->15282 15283 4dd62b 15282->15283 15284 4ddd6e __freea 14 API calls 15283->15284 15285 4dd636 15284->15285 15286 4ddd6e __freea 14 API calls 15285->15286 15287 4dd641 15286->15287 15288 4ddd6e __freea 14 API calls 15287->15288 15289 4dd64c 15288->15289 15290 4ddd6e __freea 14 API calls 15289->15290 15291 4dd65a 15290->15291 15296 4dd404 15291->15296 15297 4dd410 __FrameHandler3::FrameUnwindToState 15296->15297 15312 4df32d EnterCriticalSection 15297->15312 15299 4dd444 15313 4dd463 15299->15313 15301 4dd41a 15301->15299 15303 4ddd6e __freea 14 API calls 15301->15303 15303->15299 15304 4dd46f 15305 4dd47b __FrameHandler3::FrameUnwindToState 15304->15305 15317 4df32d EnterCriticalSection 15305->15317 15307 4dd485 15308 4dd6a5 _unexpected 14 API calls 15307->15308 15309 4dd498 15308->15309 15318 4dd4b8 15309->15318 15312->15301 15316 4df375 LeaveCriticalSection 15313->15316 15315 4dd451 15315->15304 15316->15315 15317->15307 15321 4df375 LeaveCriticalSection 15318->15321 15320 4dd4a6 15320->15269 15321->15320

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,GUT,00000000,?), ref: 004D2066
                                                                                                                                                                        • FindResourceW.KERNEL32(00000000,00000066,004EFB3C,?,?), ref: 004D20A8
                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 004D20B7
                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 004D20C2
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000004,00000000,00000000), ref: 004D20E2
                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,00000000), ref: 004D20F4
                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004D210D
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004D2118
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Resource$File$CloseCreateFindHandleLoadLockNamePointerSizeofTemp
                                                                                                                                                                        • String ID: GUT
                                                                                                                                                                        • API String ID: 3559219628-559840939
                                                                                                                                                                        • Opcode ID: 2fe1d1d7b9defea28260d8d8b46308057b1fa42f1387c5713ba6ab1c530ae226
                                                                                                                                                                        • Instruction ID: 9c8fe52a654133b6950ae5d87c94528643a16391d5e3908062bc5e4d601bc718
                                                                                                                                                                        • Opcode Fuzzy Hash: 2fe1d1d7b9defea28260d8d8b46308057b1fa42f1387c5713ba6ab1c530ae226
                                                                                                                                                                        • Instruction Fuzzy Hash: F62101716002087ED710EFB48DDAEBB72ACEB24354F00057BF915D23C2EAB89E048668
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 757 4d324d-4d325c call 4d2da5 760 4d325e-4d3278 call 4d29de 757->760 761 4d32a4-4d32a9 757->761 760->761 769 4d327a-4d3281 760->769 762 4d32b0-4d32f9 call 4d103b GetLastError SetLastError FormatMessageW 761->762 770 4d32fb-4d32ff GetLastError 762->770 771 4d3305-4d330f SetLastError 762->771 774 4d32ab 769->774 775 4d3283-4d32a3 call 4d32b6 call 4d2f5f 769->775 770->771 776 4d33c1-4d33c6 call 4d314a 770->776 772 4d33aa-4d33ac call 4d2c62 771->772 773 4d3315-4d3320 call 4dfb36 771->773 784 4d33b1-4d33be LocalFree 772->784 773->772 785 4d3326-4d3349 call 4d2c26 773->785 774->762 790 4d334b-4d3356 785->790 791 4d3393-4d339e call 4d3024 785->791 792 4d339f-4d33a8 call 4d2e7d 790->792 793 4d3358-4d335a 790->793 791->792 792->784 795 4d335c-4d3361 call 4ddcfe 793->795 796 4d336e-4d3370 793->796 807 4d3367-4d336c call 4ddc00 795->807 796->795 801 4d3372-4d3377 796->801 802 4d3379-4d3384 call 4ddcfe 801->802 803 4d3386-4d3391 call 4d81e0 801->803 802->807 803->792 807->792
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,004D14FB,?,004D14FB), ref: 004D32CE
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,004D14FB,?,004D14FB), ref: 004D32DB
                                                                                                                                                                        • FormatMessageW.KERNEL32(00000500,00000000,00000000,00000000,00000000,00000000,004D14FB,?,004D14FB,?,004D14FB), ref: 004D32F1
                                                                                                                                                                        • GetLastError.KERNEL32(?,004D14FB,?,004D14FB), ref: 004D32FB
                                                                                                                                                                        • SetLastError.KERNEL32(004D14FB,?,004D14FB,?,004D14FB), ref: 004D3308
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,004D14FB,?,004D14FB), ref: 004D33B4
                                                                                                                                                                          • Part of subcall function 004D29DE: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,7622DFA0,?,?,004D33F9,-00000010,?,?,?,004D14FB), ref: 004D2A0F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$FindFormatFreeLocalMessageResource
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1240203180-0
                                                                                                                                                                        • Opcode ID: 490ad7c42fb95e5d9003f532c3b5377c8a386fc781c8c4b254ea6d9ac312dc9f
                                                                                                                                                                        • Instruction ID: fa56aea2528f0944a82dfc0c054e3a6d6e0cd0e24f2f403fd222877e5f04afbf
                                                                                                                                                                        • Opcode Fuzzy Hash: 490ad7c42fb95e5d9003f532c3b5377c8a386fc781c8c4b254ea6d9ac312dc9f
                                                                                                                                                                        • Instruction Fuzzy Hash: EE41BF71A00204EBDB04EFA5C9A5AAEB779EF54305F10416FE90197341DB78AF04DB6A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 004D278F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 004D2796
                                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 004D27AC
                                                                                                                                                                          • Part of subcall function 004D2604: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 004D2660
                                                                                                                                                                          • Part of subcall function 004D2604: RegCreateKeyExW.KERNELBASE(80000001,Software\BraveSoftware\Promo,?,?,?,00020006,?,?,?), ref: 004D268F
                                                                                                                                                                          • Part of subcall function 004D2604: lstrlenW.KERNEL32(?), ref: 004D26A0
                                                                                                                                                                          • Part of subcall function 004D2604: RegSetValueExW.KERNELBASE(?,StubInstallerPath,?,00000001,?,00000000), ref: 004D26C3
                                                                                                                                                                          • Part of subcall function 004D2604: RegCloseKey.ADVAPI32(?), ref: 004D26D3
                                                                                                                                                                          • Part of subcall function 004D26E9: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004D2725
                                                                                                                                                                          • Part of subcall function 004D18B8: DeleteFileW.KERNELBASE(00000000,00000000,?,00000000,?,004D2845,?,?), ref: 004D18DA
                                                                                                                                                                          • Part of subcall function 004D18B8: RemoveDirectoryW.KERNELBASE(?,?,00000000,?,004D2845,?,?), ref: 004D18F2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileModule$Name$AddressCloseCreateDeleteDirectoryHandleInitializeProcRemoveValuelstrlen
                                                                                                                                                                        • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                        • API String ID: 3408119680-2102062458
                                                                                                                                                                        • Opcode ID: c0ccc83f87890e280944b544b6745c6a1e61480f65bc9392e19eb59745023646
                                                                                                                                                                        • Instruction ID: dadcc57af9769e60ae7671361f8017ed5dfccf4e8007a1114387533df825cc53
                                                                                                                                                                        • Opcode Fuzzy Hash: c0ccc83f87890e280944b544b6745c6a1e61480f65bc9392e19eb59745023646
                                                                                                                                                                        • Instruction Fuzzy Hash: 1021B3305083029BC710FF61C97585E7BA4BF64758F00496FF885523A1EFB8E905CB5A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 004D4AF5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                        • String ID: AAV730$ABO677$AMV588$ANM246$APG060$APN295$APV192$ARO656$ASY224$BEM856$BHD893$BNI512$BOA207$BSB375$BSC752$BTZ601$BUE553$BWC385$BXN418$BXV384$BYJ598$CBW249$CCJ078$CCQ716$CCU246$CEL792$CFT923$CHY006$CJO449$CSY475$CTD238$CVB741$CZQ141$DFG223$DFQ107$DHU083$DKD200$DLQ981$DPM796$DPX255$DRR783$DSE071$DSL157$DVZ178$DWC715$DZF201$EBC998$EDE311$EHH775$EKB849$EPH628$ERQ913$ERW274$ERX748$ESP177$EZM037$EZM787$FBI093$FBW502$FEB604$FEX878$FFL997$FQW627$FST304$FUX638$GFQ506$GMM900$GMV203$GTW616$HFS553$HLK526$HQK918$HQL833$HXM441$HYJ986$IBU843$IFN767$IJZ122$ILY758$IOB292$IOJ320$IQC112$ITO318$IUX155$IXQ557$IXX292$JDT909$JJE625$JQP631$JRN526$JWA535$JYK534$KBJ557$KJD945$KJP000$KSU863$KVC600$KWZ833$KXC376$KYW570$LDD929$LIR950$LJT611$LRT088$LSS305$LWP706$LYD303$MEB961$MGD911$MJM666$MMT745$MOU235$MPO928$MQP631$MSG315$MTB027$MTS962$MZJ289$MZX864$NFF966$NGU383$NGY511$NHX686$NKZ324$NOQ491$NRX711$NUB585$NWN118$OCA003$OIE359$OIL401$OIQ043$OJV851$OLS686$OOB354$OOJ613$OOX752$OPV062$ORX404$OSB729$OVK455$OXU789$OZC828$OZD582$PJJ948$PNE044$PPD370$PRI875$PSN487$PZH825$QAA606$QFE427$QJQ727$QLM391$QPE677$QXS120$RBW016$RDS304$RHI430$RMB905$RMB962$RNH069$RPW794$RQH046$RZD797$SBW951$SFM009$SIV168$SLY677$SOB084$SOB703$TBD002$TJF413$TJK021$TNW414$TOT965$TQD211$TRR894$TSM531$TVJ301$TZS401$UEO521$UGI415$UGO473$UIH408$UNK157$UNQ913$UPF883$UPQ934$UQN934$UQS362$UTD029$UUD854$VBC538$VBQ225$VGT997$VIW485$VNI569$VWK786$VZF120$WGN943$WIR635$WIV076$WIX525$WKG906$WLJ467$XER314$XMW172$XMZ986$XOB016$XOX898$XPM257$XPO114$XTA152$YAB346$YBX790$YDQ106$YHC941$YHS197$YIZ978$YPH104$YQI537$YXG330$YXT225$YZR853$YZV909$ZGL739$ZIQ953$ZJN514$ZMC689$ZQM087$ZTT758$ZVI549$ZWR105$ZWV410$ZYB215
                                                                                                                                                                        • API String ID: 1385522511-319640288
                                                                                                                                                                        • Opcode ID: fc037c4e8c3e5a64ec230f91da82dc667b708ea894a423fa6c3b972949d2a490
                                                                                                                                                                        • Instruction ID: f7f4e34b1e4501e2d5c07c50a4bb7cf43fdd4b8303a8ade677ea96d1e5fa4675
                                                                                                                                                                        • Opcode Fuzzy Hash: fc037c4e8c3e5a64ec230f91da82dc667b708ea894a423fa6c3b972949d2a490
                                                                                                                                                                        • Instruction Fuzzy Hash: 90723830551258AED754FF51DE73FEC73206B60704FA049ABE189722929EF87B4ACA4C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 504 4d1935-4d1954 call 4d1edd 507 4d1969-4d197d call 4d2024 504->507 508 4d1956-4d195f call 4d1fad 504->508 514 4d1cce 507->514 515 4d1983-4d19c8 call 4d2f7a 507->515 508->507 513 4d1961-4d1964 508->513 516 4d1cd0-4d1cde call 4d7182 513->516 514->516 521 4d19ce-4d19e2 call 4d3555 515->521 524 4d1cbc-4d1cc2 call 4d3520 521->524 525 4d19e8-4d19ef 521->525 529 4d1cc7-4d1cc8 CloseHandle 524->529 525->521 526 4d19f1-4d19fa call 4d2132 525->526 526->524 531 4d1a00-4d1a12 526->531 529->514 531->524 532 4d1a18-4d1a88 call 4d2f7a call 4d2c26 PathQuoteSpacesW call 4d28b9 call 4d7760 GetModuleFileNameW 531->532 541 4d1a8a-4d1a8c 532->541 542 4d1aa3-4d1aa5 532->542 541->542 543 4d1a8e-4d1a94 call 4d1570 541->543 544 4d1aab-4d1ab4 542->544 548 4d1a99-4d1aa1 543->548 546 4d1c0e-4d1c2c call 4d14eb call 4d1cdf 544->546 547 4d1aba-4d1abc 544->547 558 4d1c31-4d1c3f call 4d1db4 546->558 549 4d1abe-4d1ad5 call 4d254e call 4d2f5f 547->549 550 4d1ada-4d1b3d call 4d2b50 call 4d2bff call 4d3155 call 4d2aa0 lstrcmpiW call 4d2f5f 547->550 548->544 549->524 581 4d1b42-4d1b44 550->581 567 4d1c8d-4d1c9d call 4d37e2 558->567 568 4d1c41-4d1c43 558->568 574 4d1ca2-4d1ca6 567->574 568->567 570 4d1c45-4d1c60 call 4d2b50 call 4d31c7 568->570 587 4d1c65-4d1c88 call 4d14eb call 4d2f5f 570->587 577 4d1caf-4d1cba call 4d2f5f 574->577 578 4d1ca8-4d1cae call 4e85b1 574->578 577->524 578->577 585 4d1bcd-4d1bed call 4d14eb 581->585 586 4d1b4a-4d1bcb call 4d2a5b call 4e879b call 4e99b0 call 4e85b1 call 4d14eb call 4d2f5f 581->586 594 4d1bf0-4d1c0c call 4d2f5f * 2 585->594 586->594 587->567 594->558
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004D1EDD: IsUserAnAdmin.SHELL32 ref: 004D1EE6
                                                                                                                                                                        • PathQuoteSpacesW.SHLWAPI(00000000,00000104,?), ref: 004D1A4F
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 004D1A80
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?), ref: 004D1CC8
                                                                                                                                                                          • Part of subcall function 004D1FAD: GetTempPathW.KERNEL32(00000104,00000000,00000104,?,?,?,004D195D), ref: 004D1FDC
                                                                                                                                                                        • lstrcmpiW.KERNELBASE(00000000,?,?,00000000,?,?,00000104), ref: 004D1B2F
                                                                                                                                                                        • _strncpy.LIBCMT ref: 004D1B89
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AdminCloseFileHandleModuleNameQuoteSpacesTempUser_strncpylstrcmpi
                                                                                                                                                                        • String ID: "%s"$ %s$ /%s %s /%s$ /%s /%s$&%s$&referral=%s$install$installsource$silent$taggedmi
                                                                                                                                                                        • API String ID: 2688778804-3043945572
                                                                                                                                                                        • Opcode ID: a49b3d362f2e368014dc24533162cb7240551d6dd10539890ee874a5186fa325
                                                                                                                                                                        • Instruction ID: d8257ff7effbe9d7dc3a576683e1629dd7e0ae3549ca2f47ccf73bc1462a5468
                                                                                                                                                                        • Opcode Fuzzy Hash: a49b3d362f2e368014dc24533162cb7240551d6dd10539890ee874a5186fa325
                                                                                                                                                                        • Instruction Fuzzy Hash: E8918471940118AACF20EF65DDA9BDDB7B4AF14304F1005EFE809A7361EA789E85CF58
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 631 4d3555-4d359f call 4e84f0 ReadFile 634 4d3768 631->634 635 4d35a5-4d35af 631->635 636 4d376a-4d3778 call 4d7182 634->636 635->634 637 4d35b5-4d35cd call 4e8874 635->637 642 4d35cf-4d35d2 637->642 643 4d35d7-4d35ef call 4e8874 637->643 642->636 643->634 646 4d35f5-4d364e call 4d2f7a call 4d377b * 2 CreateFileW 643->646 653 4d3759-4d3766 call 4d2f5f 646->653 654 4d3654-4d368f call 4e9ad4 SetFilePointer 646->654 653->636 659 4d3706-4d3718 FindCloseChangeNotification 654->659 660 4d3691-4d369e 654->660 661 4d371a-4d371d 659->661 662 4d3742-4d3745 659->662 663 4d36a8-4d36c3 ReadFile 660->663 664 4d36a0-4d36a2 660->664 667 4d371f-4d3729 call 4d293d 661->667 668 4d372e-4d3733 661->668 669 4d3747-4d374d SetFilePointer 662->669 670 4d3753 662->670 665 4d36c5-4d36e8 WriteFile 663->665 666 4d3700 663->666 664->663 665->666 671 4d36ea-4d36fc 665->671 666->659 667->668 668->662 673 4d3735-4d373e call 4d21ce 668->673 669->670 670->653 671->660 674 4d36fe 671->674 675 4d3740-4d3741 673->675 674->659 675->662
                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadFile.KERNELBASE(?,?,00000200,?,00000000,?,00000000,?,?,004D19E0,?), ref: 004D3597
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000100,00000000,?,004EFDC8), ref: 004D363F
                                                                                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 004D3673
                                                                                                                                                                        • ReadFile.KERNELBASE(?,?,00040000,?,00000000), ref: 004D36BB
                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 004D36E0
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 004D370C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Read$ChangeCloseCreateFindNotificationPointerWrite
                                                                                                                                                                        • String ID: ustar
                                                                                                                                                                        • API String ID: 3368226178-529472938
                                                                                                                                                                        • Opcode ID: 4ad04c0ea011034145008ecfaf27f1836a1c755dab15596e2b551716c3bf7115
                                                                                                                                                                        • Instruction ID: 8859ae5c752daaad73fb45c79187d0161e8a9bb0eceaf5c8511286cf0389c5ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ad04c0ea011034145008ecfaf27f1836a1c755dab15596e2b551716c3bf7115
                                                                                                                                                                        • Instruction Fuzzy Hash: F851C4F194021DAEDB209F65CD99EAA7778EF04305F0044EFE609B6291E6B49B84CF1D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 677 4d2604-4d2637 call 4d2b50 call 4d2f5f 682 4d263d-4d2668 call 4d7760 GetModuleFileNameW 677->682 683 4d26d9-4d26e8 call 4d7182 677->683 682->683 688 4d266a-4d266c 682->688 688->683 689 4d266e-4d2697 RegCreateKeyExW 688->689 689->683 690 4d2699-4d26cb lstrlenW RegSetValueExW 689->690 690->683 691 4d26cd-4d26d3 RegCloseKey 690->691 691->683
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 004D2660
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(80000001,Software\BraveSoftware\Promo,?,?,?,00020006,?,?,?), ref: 004D268F
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004D26A0
                                                                                                                                                                        • RegSetValueExW.KERNELBASE(?,StubInstallerPath,?,00000001,?,00000000), ref: 004D26C3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004D26D3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCreateFileModuleNameValuelstrlen
                                                                                                                                                                        • String ID: Software\BraveSoftware\Promo$StubInstallerPath
                                                                                                                                                                        • API String ID: 2554618631-4237694635
                                                                                                                                                                        • Opcode ID: c19225f5681cc4ce7eb27e84d504a377152b4ee8e22ad005435966ce740bfa9e
                                                                                                                                                                        • Instruction ID: 0c0988b00e49fe0a0b08d309a9df63eac03ccf0703947dfc0719f3d6fdb80dd2
                                                                                                                                                                        • Opcode Fuzzy Hash: c19225f5681cc4ce7eb27e84d504a377152b4ee8e22ad005435966ce740bfa9e
                                                                                                                                                                        • Instruction Fuzzy Hash: 9321A47050122CABCB20DF11DD8DFDB7B7CEF25350F1005A7F40AE6251EA74AA84CAA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,?,?,00000000), ref: 004D381C
                                                                                                                                                                        • CreateProcessW.KERNELBASE(00000000,00000010,00000000,00000000,00000000,00000400,00000000,00000000,?,?), ref: 004D3857
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 004D3861
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004D3873
                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE(?,?), ref: 004D3884
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004D389D
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004D38A2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitInfoLastObjectSingleStartupWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2373000011-0
                                                                                                                                                                        • Opcode ID: d8871685313c7c79b29eda9ac51456d75b25bd586127e9114dcf6e1ab34d362f
                                                                                                                                                                        • Instruction ID: e7fb37494338c2b1dd7dd82883a06a13d079579e47d74ac9d205faafa5b3c25c
                                                                                                                                                                        • Opcode Fuzzy Hash: d8871685313c7c79b29eda9ac51456d75b25bd586127e9114dcf6e1ab34d362f
                                                                                                                                                                        • Instruction Fuzzy Hash: A9216D7190020DBFDB00AFB5CC869AFBBBCEF04349F10447AB501A7261EA746E05DB66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsUserAnAdmin.SHELL32 ref: 004D1EE6
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00008026,00000000,00000000,00000000,00000104,?,?,?,?,004D1952), ref: 004D1F25
                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,BraveSoftware,?,?,?,?,?,004D1952), ref: 004D1F55
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,004D1952), ref: 004D1F5F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdminCreateDirectoryErrorFolderLastPathUser
                                                                                                                                                                        • String ID: BraveSoftware$Temp
                                                                                                                                                                        • API String ID: 943171645-1868006839
                                                                                                                                                                        • Opcode ID: 1448a22d804289d22fa9ea05389145a70934b0d4b791cf130869539650e48181
                                                                                                                                                                        • Instruction ID: f8aebad277222d980378c1079c979e344dededd14743f1eda9377c5d64b59d67
                                                                                                                                                                        • Opcode Fuzzy Hash: 1448a22d804289d22fa9ea05389145a70934b0d4b791cf130869539650e48181
                                                                                                                                                                        • Instruction Fuzzy Hash: 71215A71900109BFCF10FF61CDA59EEB779AF11358B50056FE805A2351EBB85F05D658
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 738 4d1e34-4d1e4f CreateDirectoryW 739 4d1e51-4d1e5c GetLastError 738->739 740 4d1e62-4d1e9e call 4d2bff call 4d2c26 GetTempFileNameW call 4d28b9 738->740 739->740 741 4d1e5e-4d1e60 739->741 749 4d1ecd-4d1ed5 call 4d2f5f 740->749 750 4d1ea0-4d1ea3 740->750 743 4d1ed7-4d1eda 741->743 749->743 750->749 751 4d1ea5-4d1eba DeleteFileW CreateDirectoryW 750->751 751->749 753 4d1ebc-4d1ecb call 4d2aef 751->753 753->749
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,Temp,?,?,?,?,004D1952), ref: 004D1E47
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,Temp,?,?,?,?,004D1952), ref: 004D1E51
                                                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,GUM,00000000,00000000,00000104,?,00000000,Temp), ref: 004D1E8C
                                                                                                                                                                        • DeleteFileW.KERNELBASE(000000FF,?,00000000,Temp), ref: 004D1EA8
                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(000000FF,00000000,?,00000000,Temp), ref: 004D1EB2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectoryFile$DeleteErrorLastNameTemp
                                                                                                                                                                        • String ID: GUM
                                                                                                                                                                        • API String ID: 55127950-1161156203
                                                                                                                                                                        • Opcode ID: 4ecb9ef01f710669f6d2596548455c09a279aee263089e1f5fcae3e3b90a3488
                                                                                                                                                                        • Instruction ID: bab57927bb2311867fca2084ae3a109aea11a8ed72e6bc26184d790a0420b762
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ecb9ef01f710669f6d2596548455c09a279aee263089e1f5fcae3e3b90a3488
                                                                                                                                                                        • Instruction Fuzzy Hash: 0211B270500109BFDB00AFA5CC958AE7B79EF14344B10042BF805C63A1DB799E56DB58
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 845 4d344a-4d347a call 4d34e2 CreateFileW 848 4d347c-4d348e CreateFileMappingW 845->848 849 4d34da 845->849 851 4d3490-4d34a3 MapViewOfFile 848->851 852 4d34d3-4d34d5 call 4d34e2 848->852 850 4d34dc-4d34df 849->850 854 4d34ca-4d34cd CloseHandle 851->854 855 4d34a5-4d34be VirtualQuery 851->855 852->849 854->852 855->854 856 4d34c0-4d34c8 855->856 856->850
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004D34E2: UnmapViewOfFile.KERNEL32(00000000,?,004D3433,?,?,80004005,7622E010,?,?,?,004D14FB), ref: 004D34EE
                                                                                                                                                                          • Part of subcall function 004D34E2: CloseHandle.KERNEL32(00000000,?,004D3433,?,?,80004005,7622E010,?,?,?,004D14FB), ref: 004D3501
                                                                                                                                                                          • Part of subcall function 004D34E2: CloseHandle.KERNEL32(000000FF,?,004D3433,?,?,80004005,7622E010,?,?,?,004D14FB), ref: 004D3514
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,?,004D15A4), ref: 004D346E
                                                                                                                                                                        • CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000,?,?,?,?,?,?,004D15A4), ref: 004D3483
                                                                                                                                                                        • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,?,?,?,?,004D15A4), ref: 004D3496
                                                                                                                                                                        • VirtualQuery.KERNEL32(00000000,?,0000001C,?,?,?,?,?,?,004D15A4), ref: 004D34B6
                                                                                                                                                                        • CloseHandle.KERNEL32(6E6B6E75,?,?,?,?,?,?,004D15A4), ref: 004D34CD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseHandle$CreateView$MappingQueryUnmapVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1729669285-0
                                                                                                                                                                        • Opcode ID: 3cb3d5049e6e9a84f4e640fb8395130cb574978bb7ccbc4b88bcd1ca8bc3db1c
                                                                                                                                                                        • Instruction ID: 078a435646315f182eef968e37b7debd340c1d3ddc463958e523624868d1423d
                                                                                                                                                                        • Opcode Fuzzy Hash: 3cb3d5049e6e9a84f4e640fb8395130cb574978bb7ccbc4b88bcd1ca8bc3db1c
                                                                                                                                                                        • Instruction Fuzzy Hash: E611A070600341BADB316F369C19F5B7EB9EBC2B11F00C52EB516A6391DA78A501C629
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 857 4d2369-4d238f 858 4d2399-4d2443 call 4d6440 call 4e879b call 4d62e2 857->858 859 4d2391-4d2394 857->859 869 4d244c-4d2455 858->869 870 4d2445-4d244a call 4e85b1 858->870 860 4d253f-4d254d call 4d7182 859->860 874 4d2456-4d2468 869->874 870->874 875 4d246a call 4e85b1 874->875 876 4d2471-4d247a 874->876 878 4d246f 875->878 880 4d247b-4d2481 876->880 878->880 881 4d248b-4d24fa call 4e879b call 4d64b6 880->881 882 4d2483-4d2486 880->882 890 4d24fc-4d24fd 881->890 891 4d24ff-4d251d WriteFile 881->891 883 4d2531-4d2537 call 4e85b1 882->883 887 4d253c-4d253d 883->887 887->860 892 4d252a-4d252b call 4e85b1 890->892 893 4d251f-4d2525 891->893 894 4d2527 891->894 896 4d2530 892->896 893->892 893->894 894->892 896->883
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: M#M[#M$[#M
                                                                                                                                                                        • API String ID: 0-2027841637
                                                                                                                                                                        • Opcode ID: c76e6f45d3d2a958cc2008a93659a6cec4ab23bf8bda296d2673ab196cbf6842
                                                                                                                                                                        • Instruction ID: b542eb49f389648f144598176f41b3d63cbd3a67145ad4dfdd146cddd8a4f8a2
                                                                                                                                                                        • Opcode Fuzzy Hash: c76e6f45d3d2a958cc2008a93659a6cec4ab23bf8bda296d2673ab196cbf6842
                                                                                                                                                                        • Instruction Fuzzy Hash: 54513871D002289FCB24DF69DD90AAEBBB8BF48314F1441AFE81DE3341EA7499458F54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104,?,00000000,?,004D19F8,?), ref: 004D2164
                                                                                                                                                                          • Part of subcall function 004D2860: PathAppendW.SHLWAPI(00000000,?,00000104,?,00000000,?,004D1F51,BraveSoftware,?,?,?,?,?,004D1952), ref: 004D2875
                                                                                                                                                                        • CopyFileW.KERNELBASE(?,?,00000000,BraveUpdateSetup.exe,?,?,00000000,?,004D19F8,?), ref: 004D219F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$AppendCopyModuleNamePath
                                                                                                                                                                        • String ID: BraveUpdateSetup.exe
                                                                                                                                                                        • API String ID: 1240757089-2590033563
                                                                                                                                                                        • Opcode ID: 25f15b3ab009df9e4948bc0d6435efe02ec9f2eaedafc99cf39ae34f62a28990
                                                                                                                                                                        • Instruction ID: 35bf710fe1d842317169abd9c555cff99f8a46a56770072c64c202509e320fad
                                                                                                                                                                        • Opcode Fuzzy Hash: 25f15b3ab009df9e4948bc0d6435efe02ec9f2eaedafc99cf39ae34f62a28990
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A118A75900109AFCB00EFA5CEA18EEB778AF25314B50056FF502A3291EBB45F05DA68
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,?,?,00000000,004D1C3D,?,?,?,?,00000104), ref: 004D1DF1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                                        • String ID: /%s$nomitag
                                                                                                                                                                        • API String ID: 1586166983-2458505853
                                                                                                                                                                        • Opcode ID: c1fbbc96dd56a0d034d74ca1c12faf39eb33c5310fe1d19c78f8319ddc56adbe
                                                                                                                                                                        • Instruction ID: 4c0110c17f479a5e7156e56047f3241cd0167fdbfc9702cfcfc198fcbf9d22fc
                                                                                                                                                                        • Opcode Fuzzy Hash: c1fbbc96dd56a0d034d74ca1c12faf39eb33c5310fe1d19c78f8319ddc56adbe
                                                                                                                                                                        • Instruction Fuzzy Hash: FA018D35640108BFCB10EF65C9A5C9EB778EF55354710046FF40557351DAB46E09D758
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(004DA108,?,004D9FEF,00000000,?,?,004DA108,7FC17E2A,?,004DA108), ref: 004DA006
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,004D9FEF,00000000,?,?,004DA108,7FC17E2A,?,004DA108), ref: 004DA00D
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 004DA01F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 01af31c5438e407e5f6b57a3e71333c46e431d540676b89d9c9ef98e18d9fc37
                                                                                                                                                                        • Instruction ID: 07728915bea03385c2ef0469351c11dde67860ad38dc1f74ced78f891eef855c
                                                                                                                                                                        • Opcode Fuzzy Hash: 01af31c5438e407e5f6b57a3e71333c46e431d540676b89d9c9ef98e18d9fc37
                                                                                                                                                                        • Instruction Fuzzy Hash: 47D05E31000648ABCF123F61DC0D9593F2AFF04344B004026F80489233CB39AA769A5B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CharLowerBuffW.USER32(00000000,?,?,?,?), ref: 004D229C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffCharLower
                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                        • API String ID: 2358735015-4119554291
                                                                                                                                                                        • Opcode ID: f527f226c07752b690155cec130f35334792d09743b49cd9ea5daf7ff47ac52f
                                                                                                                                                                        • Instruction ID: c17e34807089bbb3ad0e7bcc1b4eff48558d68a8cac9dcdf8823814dc71c84ad
                                                                                                                                                                        • Opcode Fuzzy Hash: f527f226c07752b690155cec130f35334792d09743b49cd9ea5daf7ff47ac52f
                                                                                                                                                                        • Instruction Fuzzy Hash: 3041F531500008ABCF14EF65CAA5CAF77A8AF70354B20456FF816A7391EBB8AE45C658
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004D3A75: lstrcpynW.KERNEL32(?,?,00000104,?,?), ref: 004D3A99
                                                                                                                                                                          • Part of subcall function 004D3A75: PathStripPathW.SHLWAPI(?,?,00000104,?,?), ref: 004D3AA6
                                                                                                                                                                          • Part of subcall function 004D3A75: PathRemoveExtensionW.SHLWAPI(?,?,00000104,?,?), ref: 004D3AB3
                                                                                                                                                                          • Part of subcall function 004D3A75: lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 004D3AC6
                                                                                                                                                                          • Part of subcall function 004D3A75: lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 004D3ADC
                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,?,?,00000104,?,?,?,?,004D2752,?), ref: 004D4B43
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$lstrlen$BuffCharExtensionRemoveStripUpperlstrcpyn
                                                                                                                                                                        • String ID: none
                                                                                                                                                                        • API String ID: 1330847136-2140143823
                                                                                                                                                                        • Opcode ID: 5c25249d391f052b357e62cc9e48f41b88b7059cdd658e3428b7d55ba5656461
                                                                                                                                                                        • Instruction ID: 3bad619b2fa5ccf942fa931dcc214194d11f5bc0d1165be2eab3a1861d8a8faf
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c25249d391f052b357e62cc9e48f41b88b7059cdd658e3428b7d55ba5656461
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F01A131500105FB8B08EF55C9769EEB37AEEA0318720059FF00257392DBB8BF05DA58
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004D2725
                                                                                                                                                                          • Part of subcall function 004D4B06: CharUpperBuffW.USER32(00000000,?,?,00000104,?,?,?,?,004D2752,?), ref: 004D4B43
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BuffCharFileModuleNameUpper
                                                                                                                                                                        • String ID: none
                                                                                                                                                                        • API String ID: 2024523369-2140143823
                                                                                                                                                                        • Opcode ID: 910fc3d2be4265c417c01ef8b4b2b0cf0832f3e6c11d2c0faa4a67170cac839d
                                                                                                                                                                        • Instruction ID: 756ab3e326edd1ea3001bfac08c39a5c6285b91d4a28109a761eb57f772db39a
                                                                                                                                                                        • Opcode Fuzzy Hash: 910fc3d2be4265c417c01ef8b4b2b0cf0832f3e6c11d2c0faa4a67170cac839d
                                                                                                                                                                        • Instruction Fuzzy Hash: 2801887074011C6BCB20FF11DEAAFEE73689B61705F4009ABE40596381EEF86F45C5A9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileW.KERNELBASE(00000000,00000000,?,00000000,?,004D2845,?,?), ref: 004D18DA
                                                                                                                                                                        • RemoveDirectoryW.KERNELBASE(?,?,00000000,?,004D2845,?,?), ref: 004D18F2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteDirectoryFileRemove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3325800564-0
                                                                                                                                                                        • Opcode ID: b011762224b13754c5cd8217d8406ad32c7243cc419a6b41e826e130775cd8c6
                                                                                                                                                                        • Instruction ID: 1146e3082c2f00bb5dd708d91696141aa061155bc3e1e1179f105659f032b4cb
                                                                                                                                                                        • Opcode Fuzzy Hash: b011762224b13754c5cd8217d8406ad32c7243cc419a6b41e826e130775cd8c6
                                                                                                                                                                        • Instruction Fuzzy Hash: C40171312006059BC225BF21CAB547AB3B2AFA13457000A7FE45B06B66DFB8790AE749
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000000,?,004DF9D4,004DBD16,00000000,004DBD16,?,004DF9F9,004DBD16,00000007,004DBD16,?,004E014B,004DBD16,004DBD16), ref: 004DDD84
                                                                                                                                                                        • GetLastError.KERNEL32(004DBD16,?,004DF9D4,004DBD16,00000000,004DBD16,?,004DF9F9,004DBD16,00000007,004DBD16,?,004E014B,004DBD16,004DBD16), ref: 004DDD8F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                        • Opcode ID: 9751d5d49e64c6d8e79fa0c2bc3ffbcad6ee6d850484c2a52576e8d17acb8546
                                                                                                                                                                        • Instruction ID: f1a125d381ef093c9623e33371296b3a0415a293297a4240c63a11c98c0468e1
                                                                                                                                                                        • Opcode Fuzzy Hash: 9751d5d49e64c6d8e79fa0c2bc3ffbcad6ee6d850484c2a52576e8d17acb8546
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DE08631900614ABCB213FA5EC48B9A3B69AB80795F004027F6088B271CA789960C78C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,004DDD03,004DDD63,?,004DD935,00000001,00000364,00000006,000000FF,004DD048,FFFFFEAF,?,004DBF1A,004DDB81,F08BD84D), ref: 004DD845
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,004DDB81,?,?,?,?,?,00000000,004DD048,00000000,?,00000401), ref: 004DD8E7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                                                        • Opcode ID: 3c5779997aa67569cdde14fce971981d100acaaec956dba3c0283ea1d525373b
                                                                                                                                                                        • Instruction ID: f108a07bb351d80d70f17d7b48ea13147fa64f75fabe9ef5484efa062fc8ed76
                                                                                                                                                                        • Opcode Fuzzy Hash: 3c5779997aa67569cdde14fce971981d100acaaec956dba3c0283ea1d525373b
                                                                                                                                                                        • Instruction Fuzzy Hash: 4911E531A04210BED7627BB69CE6E3B37589F013BA714053BF521823A1DA5C4D15A66D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,?,?,004D37BD,004D3618,?,?), ref: 004D2DDD
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,-00000001,-00000001,?,004D37BD,004D3618,?,?), ref: 004D2DFD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626452242-0
                                                                                                                                                                        • Opcode ID: 0cec5483e858413de35e7e0500dbb69ae1d759cdf1db248cf23f5ddfd3ff1067
                                                                                                                                                                        • Instruction ID: aa35ec603df7d82d2a604c3012bf7cb8a5882d0ee359bc71ffc8bceef6633270
                                                                                                                                                                        • Opcode Fuzzy Hash: 0cec5483e858413de35e7e0500dbb69ae1d759cdf1db248cf23f5ddfd3ff1067
                                                                                                                                                                        • Instruction Fuzzy Hash: 18F0B4313001107ADA111A498E19F7FB75DCFA0F60F10021BF514DA3E0CAE45E1542AA
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,00000401,FFFFFEAF,?,004DD935,00000001,00000364,00000006,000000FF,004DD048,FFFFFEAF,?,004DBF1A,004DDB81,F08BD84D,FFFFFEAF), ref: 004DDD52
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 9aae62a0a81d29f05a8d436ec211504e90bd30a454afe7611b053490d54a52e4
                                                                                                                                                                        • Instruction ID: c9ef0c60503afa46da30c5e746bebab87cb2dc9a76f241c094ed8386292e5ce3
                                                                                                                                                                        • Opcode Fuzzy Hash: 9aae62a0a81d29f05a8d436ec211504e90bd30a454afe7611b053490d54a52e4
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0B431E011246ADF216E639C25B5B375AAF82770F154127AC05DB3A5CA28E811C2ED
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,004DEBDC,?,?,004DEBDC,00000220,?,?,?), ref: 004DFB1A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: beb2c43782573f257f7de9be4664f59bdca5afd39bc4ad6927b7b8d6d52811e3
                                                                                                                                                                        • Instruction ID: 3ded147063487ea7e92f9be14ae738df4027e00c5d3011eb0276a54c4354fb59
                                                                                                                                                                        • Opcode Fuzzy Hash: beb2c43782573f257f7de9be4664f59bdca5afd39bc4ad6927b7b8d6d52811e3
                                                                                                                                                                        • Instruction Fuzzy Hash: 19E0E531600111AAEA312AA6EC31B5B368DEF413A0F141033BC0796394CA5CEC05C1EE
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fa830d07b303e4febcb4da5f7e799f98a810cc5d755b8e5206c3d90effc0e8a4
                                                                                                                                                                        • Instruction ID: d4c728be922a76ae6bcbcef135859eed137ac8eb89f03c25c4971fca9234c9ed
                                                                                                                                                                        • Opcode Fuzzy Hash: fa830d07b303e4febcb4da5f7e799f98a810cc5d755b8e5206c3d90effc0e8a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 39E0ED30204204FFDB005F50DC44B6A3B75FF59715F24C066F9268E230C735D915AB59
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileW.KERNELBASE(00000000,00000000,?,00000000,?,004D1CC7,?), ref: 004D3537
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                                                        • Opcode ID: 0431e1757e281425d9ac383200b478633a063f1c4d8bcdccb00541b8b1ed7324
                                                                                                                                                                        • Instruction ID: 7cacc9553b87a1e9ea6f71c035b06bb878aecdb6c73046667c9169ccdc54c7c3
                                                                                                                                                                        • Opcode Fuzzy Hash: 0431e1757e281425d9ac383200b478633a063f1c4d8bcdccb00541b8b1ed7324
                                                                                                                                                                        • Instruction Fuzzy Hash: E3E086312005109F8325AF19FD70877B3B5FFA17653100A7FE053526255BA46E45D755
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 431132790-0
                                                                                                                                                                        • Opcode ID: 138611b3c8d2d14418416e0cc344baf835e6c6d56d715550cfa725b8728ea1c5
                                                                                                                                                                        • Instruction ID: 9e98a8476a9729633d41a5ffa431f8bf9fe518e65bb1498a9f71f9423bb49953
                                                                                                                                                                        • Opcode Fuzzy Hash: 138611b3c8d2d14418416e0cc344baf835e6c6d56d715550cfa725b8728ea1c5
                                                                                                                                                                        • Instruction Fuzzy Hash: A5E09AB2C4024E9ADF00DFD6C452BEFBBB8AB08315F50846BA205E6141EB785744CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 004D115E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                        • Opcode ID: 06c0b1fcec94be87ab236ae781c354f665e209719b5bb86a17325454a2c7bbc0
                                                                                                                                                                        • Instruction ID: 8e2d8666f7acd41f493aeab25cb17f2a209a9daebdcbad46433807285804cbfe
                                                                                                                                                                        • Opcode Fuzzy Hash: 06c0b1fcec94be87ab236ae781c354f665e209719b5bb86a17325454a2c7bbc0
                                                                                                                                                                        • Instruction Fuzzy Hash: 81C08C31000208FBCB024F40DC09BDA7F68AB04304F14C022FB0C085B2C373A9B0DA88
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004D1143
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 96723106f4b200f0712c1558b6c5aac690e02320e24d2de3cfe9a17be2ce2d15
                                                                                                                                                                        • Instruction ID: 2eb19241f55871fa9be22c40f947b9f0bdd9ab205dae0595562331a30f6923b3
                                                                                                                                                                        • Opcode Fuzzy Hash: 96723106f4b200f0712c1558b6c5aac690e02320e24d2de3cfe9a17be2ce2d15
                                                                                                                                                                        • Instruction Fuzzy Hash: 84B09232040208FBCA011F81EC06F85BF29EB15750F10C021F608490628773A431ABAE
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                        • Opcode ID: 979a44f0f8ce1f2261ae913dad40a4de843b065b7543943405a0b4a30036d8b8
                                                                                                                                                                        • Instruction ID: a3a86a73db99b12945fd4dcab59af690d3e43a5e835da62d66474065cc3565bb
                                                                                                                                                                        • Opcode Fuzzy Hash: 979a44f0f8ce1f2261ae913dad40a4de843b065b7543943405a0b4a30036d8b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 81D23871E086688FDB65CE29DD407EAB7B5EB84306F1445EBD40DE7240E738AE818F45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: DTN$DTN
                                                                                                                                                                        • API String ID: 0-1250216815
                                                                                                                                                                        • Opcode ID: 5a5de4475321df752b8b9df09e3ac9534813bd07a6e30a606723c2d77483104b
                                                                                                                                                                        • Instruction ID: 0607c67f28a96eb5a24363e56c03cf8c71c5e12342d9efb10fff22aae40735e4
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a5de4475321df752b8b9df09e3ac9534813bd07a6e30a606723c2d77483104b
                                                                                                                                                                        • Instruction Fuzzy Hash: D6F14F71E002599FDF14CF69C8846AEF7B1FF88315F15826EE915AB380D734AE418B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004D6D12
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 004D6DDE
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004D6DFE
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 004D6E08
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                        • Opcode ID: 2b61dfdb28fa5066c9c94d8f4b62dd053f2cfbb417de0d49e074a1d468ee6f09
                                                                                                                                                                        • Instruction ID: 260c0fd0bf12e7e04ce26a975193f8e689bcfa8ed03292365996f5812219861c
                                                                                                                                                                        • Opcode Fuzzy Hash: 2b61dfdb28fa5066c9c94d8f4b62dd053f2cfbb417de0d49e074a1d468ee6f09
                                                                                                                                                                        • Instruction Fuzzy Hash: AB313875D0521CDBDB20DFA4D989BCDBBB8AF08304F1041AAE40CAB350EB759A84DF09
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: BbM$BbM$rZM
                                                                                                                                                                        • API String ID: 0-1686574894
                                                                                                                                                                        • Opcode ID: cb85df31aa9bfd11ffa6f467c0a16aea0f2a4cbae32830c8a532bc60f67db55b
                                                                                                                                                                        • Instruction ID: 03ad5fa62ac7ac7f2d6f85d27a33d530354a4e16ae26af886ccaa662fca16344
                                                                                                                                                                        • Opcode Fuzzy Hash: cb85df31aa9bfd11ffa6f467c0a16aea0f2a4cbae32830c8a532bc60f67db55b
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A926072E006298FDB18CFBDC9906ACBBF2BF89341F15427AE455E7384E6389941CB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b0e0bbd5f1d96daac4612cb4a436a56454da5e40dfd1f64c71768d0abb85c165
                                                                                                                                                                        • Instruction ID: de3a6b3f9db51ed2ff7144ce028931dc92bfa998f47cb67f6486ac9b897b21c2
                                                                                                                                                                        • Opcode Fuzzy Hash: b0e0bbd5f1d96daac4612cb4a436a56454da5e40dfd1f64c71768d0abb85c165
                                                                                                                                                                        • Instruction Fuzzy Hash: CDB15872D442C59FDB118F2AC891BFEBBA5FF45305F14426BE805AB352D2389D01CBA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000401), ref: 004DDAFC
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000401), ref: 004DDB06
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000401), ref: 004DDB13
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                        • Opcode ID: ada323217bee2b77fac6e4d2a4027a78aed34ecf0fd36f7ced9cca0e3f599653
                                                                                                                                                                        • Instruction ID: 8cce19199d2dead7f43ee905f3c5aaa48d1a394ece86e8b0da2260ee30ceb0e5
                                                                                                                                                                        • Opcode Fuzzy Hash: ada323217bee2b77fac6e4d2a4027a78aed34ecf0fd36f7ced9cca0e3f599653
                                                                                                                                                                        • Instruction Fuzzy Hash: FD31D8749112189BCB21DF65D888BCDBBB4AF08310F5041EBE41CA6351E7749F859F49
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,?,004D2C07,?,004D14FB), ref: 004D1218
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 004D123F
                                                                                                                                                                          • Part of subcall function 004E86C5: EnterCriticalSection.KERNEL32(004F43C8,004F4400,?,?,004D120E,004F4400,?,?,004D2C07,?,004D14FB), ref: 004E86D0
                                                                                                                                                                          • Part of subcall function 004E86C5: LeaveCriticalSection.KERNEL32(004F43C8,?,004D120E,004F4400,?,?,004D2C07,?,004D14FB), ref: 004E870D
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 004D12A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalInit_thread_footerSection$EnterHeapLeaveProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3363689876-0
                                                                                                                                                                        • Opcode ID: 9a67bb661b6f9fa68ac3d7dc9b588e0029cbbe72648c5e69635101fbd88dbdde
                                                                                                                                                                        • Instruction ID: 58e26ea9467e2c193ef434ebfb227f02d261364dd0fd4a0edfa732497502a815
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a67bb661b6f9fa68ac3d7dc9b588e0029cbbe72648c5e69635101fbd88dbdde
                                                                                                                                                                        • Instruction Fuzzy Hash: 911160725042509BC7109B6AFC45B2B37A0E7C532AF21413FE614A62A2CF7C6566CB6D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004E7A06,?,?,00000008,?,?,004E7610,00000000), ref: 004E7C38
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                        • Opcode ID: 848a237e87c5eedf73ca6033620079fa7f029a11aea62f01730c375b0c04cc66
                                                                                                                                                                        • Instruction ID: 9e6e1a469a8c3ead26bf7ceabb0804440db95534a10c29a1b17cfb59b6102232
                                                                                                                                                                        • Opcode Fuzzy Hash: 848a237e87c5eedf73ca6033620079fa7f029a11aea62f01730c375b0c04cc66
                                                                                                                                                                        • Instruction Fuzzy Hash: 57B15C31614648CFD718CF29C48AB657BE0FF45366F258659E89ACF3A1C339E982CB44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004D6FBB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2325560087-0
                                                                                                                                                                        • Opcode ID: c0c706ebc180a68f733d183511aa26fc01ba5d874f36c103acf047e2ffb626d6
                                                                                                                                                                        • Instruction ID: 869c890e93e0d01c0e29685b45ae3a1baddf05b2c8fcb89c463defc1bc728dc8
                                                                                                                                                                        • Opcode Fuzzy Hash: c0c706ebc180a68f733d183511aa26fc01ba5d874f36c103acf047e2ffb626d6
                                                                                                                                                                        • Instruction Fuzzy Hash: BB5168B1A052059FDB25CF54D891BAEBBF4FB48311F24852BC405EB390E3B99E50CB59
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d2da51610b81e18ad9bab68cf60642727f8fb48acd28768318885ad124275f4a
                                                                                                                                                                        • Instruction ID: 4c0e3e2509a10cc53d0ef903065eea11604daa036e825ccdbec66f9e5edd2427
                                                                                                                                                                        • Opcode Fuzzy Hash: d2da51610b81e18ad9bab68cf60642727f8fb48acd28768318885ad124275f4a
                                                                                                                                                                        • Instruction Fuzzy Hash: 6341C6B5C04219AECB20EF6ACC99AAAB7B9AB45304F1441DFE408D7301D6389E458F54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 0
                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                        • Opcode ID: fde00648d8aca7059dbaa613e1d3749efc20f70bc9d56d93cb42199e826b907a
                                                                                                                                                                        • Instruction ID: cbfc3d19699d20570e2b2a8fa1d18c4c493870b18928f9f070be38d8e09f96ce
                                                                                                                                                                        • Opcode Fuzzy Hash: fde00648d8aca7059dbaa613e1d3749efc20f70bc9d56d93cb42199e826b907a
                                                                                                                                                                        • Instruction Fuzzy Hash: 6DE19774A006078FCB24CF68C5E0AAAB7F1AF49314B24565FE4569B390D738ED42CF5A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00006EA6,004D6812), ref: 004D6E9F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                        • Opcode ID: 1dcc28b7e2ffbf67365db7d5bc8ef28fb20a0c60c40c908bbe92ce1d2c042ba4
                                                                                                                                                                        • Instruction ID: fb394540dc298453cd865fec5b24db7afbd1e52b85be8dcce3ade3d20dfedb13
                                                                                                                                                                        • Opcode Fuzzy Hash: 1dcc28b7e2ffbf67365db7d5bc8ef28fb20a0c60c40c908bbe92ce1d2c042ba4
                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 07742bc48a47d668c5b7ba0a761fa324f4e69b4b27f22652eb96e8f34f5a8860
                                                                                                                                                                        • Instruction ID: 4e96cf97badfb845c24174ce09c45018dca9144b64c2186b6c281d915bd4ef07
                                                                                                                                                                        • Opcode Fuzzy Hash: 07742bc48a47d668c5b7ba0a761fa324f4e69b4b27f22652eb96e8f34f5a8860
                                                                                                                                                                        • Instruction Fuzzy Hash: 4902B672E005298FDF14CB7CC5906BCBBF2AB45345F154277E456EB384EA389A81CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 16ebe579c643b41b3b2ed50db8f55ad19555c0db4d7538cbefb163680043b31e
                                                                                                                                                                        • Instruction ID: 76ade5d36c5954b2dcf8776d20c68082f89676f5bf29812fa45772fe035a5adc
                                                                                                                                                                        • Opcode Fuzzy Hash: 16ebe579c643b41b3b2ed50db8f55ad19555c0db4d7538cbefb163680043b31e
                                                                                                                                                                        • Instruction Fuzzy Hash: E5E08C32921278EBCB25DBC9D91498AF3ECEB44B05B5244ABF902D3200C274DE00CBD4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 07b441ad80737fae624cd0199c2363617cbbe7bd83f795c05ac74d04cb32a94c
                                                                                                                                                                        • Instruction ID: 510f3ca16b23d31b687f1d0fbdb270a9e2bb28ba3f6b144d1446cf5129e03dd0
                                                                                                                                                                        • Opcode Fuzzy Hash: 07b441ad80737fae624cd0199c2363617cbbe7bd83f795c05ac74d04cb32a94c
                                                                                                                                                                        • Instruction Fuzzy Hash: 84C08C340009008ACE2A8D1482713A73354B3917C2F80048FC8034B743C95FAC8AD606
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(004F43C8,00000FA0,?,?,004E85BB), ref: 004E85E9
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,004E85BB), ref: 004E85F4
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,004E85BB), ref: 004E8605
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004E8617
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004E8625
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,004E85BB), ref: 004E8648
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(004F43C8,00000007,?,?,004E85BB), ref: 004E8664
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,004E85BB), ref: 004E8674
                                                                                                                                                                        Strings
                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 004E8611
                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 004E85EF
                                                                                                                                                                        • kernel32.dll, xrefs: 004E8600
                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 004E861D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 2565136772-3242537097
                                                                                                                                                                        • Opcode ID: 19385547470398ad53097606344bc79014dd272cf3492b8663ac1c8f9f23928e
                                                                                                                                                                        • Instruction ID: 992c5dc364e1bfd4d30e9ba94a1a0e7e14938336b2349bca0e53e9916e07d77d
                                                                                                                                                                        • Opcode Fuzzy Hash: 19385547470398ad53097606344bc79014dd272cf3492b8663ac1c8f9f23928e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7701F530B403919BCB205FB2AC49B273AA8AB90752701043BFE08D6351DE789820C62D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 004D8AA8
                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 004D8ACA
                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 004D8BD9
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 004D8CAB
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 004D8D2F
                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 004D8D4A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 2123188842-393685449
                                                                                                                                                                        • Opcode ID: add619eeb5596d5c361a61511322c8d02552170f686647f030a7afc2705afe5c
                                                                                                                                                                        • Instruction ID: eb85a9e879d1a92fb9c86d62857a2bfc2971f209ece9ba56d5a1f738a3a5bbd6
                                                                                                                                                                        • Opcode Fuzzy Hash: add619eeb5596d5c361a61511322c8d02552170f686647f030a7afc2705afe5c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8AB16871800209EFCF29DFA5C8A19AEB7B5FF14314B15415FE8006B352DB39EA51CBA9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 004D7407
                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 004D740F
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 004D7498
                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 004D74C3
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 004D7518
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                        • Opcode ID: e21b28314c15f82e6cbbaf9ea8b6b4764f9b14b10e454177c7aa1b903847e7e2
                                                                                                                                                                        • Instruction ID: 40c6e4d01adf0f575f42c203e9519002b3049f193565f697b3d8e24738f91819
                                                                                                                                                                        • Opcode Fuzzy Hash: e21b28314c15f82e6cbbaf9ea8b6b4764f9b14b10e454177c7aa1b903847e7e2
                                                                                                                                                                        • Instruction Fuzzy Hash: 8D41E734A042099FCF11DF69C8A0A9EBFB4AF45328F14819BEC145B352E739AE15CB95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Strings
                                                                                                                                                                        • M, xrefs: 004DE6AD
                                                                                                                                                                        • C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe, xrefs: 004DE678
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe$M
                                                                                                                                                                        • API String ID: 0-2059129694
                                                                                                                                                                        • Opcode ID: 67a3fbb2b77e4d3cba8f8979839f5fdc713712c81827bd288a14a6df447b82c4
                                                                                                                                                                        • Instruction ID: eea605a50d78b66c5fb922534e3be494d5eb847187c6c998083b4ff64e442e8c
                                                                                                                                                                        • Opcode Fuzzy Hash: 67a3fbb2b77e4d3cba8f8979839f5fdc713712c81827bd288a14a6df447b82c4
                                                                                                                                                                        • Instruction Fuzzy Hash: 18219D31600205AFDB60BF73CCA086B77ACEF50368B10452BF8199B351E73AEC1187A8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,FFFFFEAF,?,7FC17E2A,?,004E042C,004DBD16,?,FFFFFEAF,00000000), ref: 004E03E0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                        • Opcode ID: ade3a790d48566584adccec08002a3bc6b4d15e9f041739504cd2c340730bf8c
                                                                                                                                                                        • Instruction ID: 5d93997ffe3fb48d7e0155a0f9ca3c6bcc3114bed92b711df326a4eb835b8e59
                                                                                                                                                                        • Opcode Fuzzy Hash: ade3a790d48566584adccec08002a3bc6b4d15e9f041739504cd2c340730bf8c
                                                                                                                                                                        • Instruction Fuzzy Hash: F2215B31A00350ABC721DB22DC80A6F3728DF813A2F250162FC65E7381D778ED51C6D9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104,?,?), ref: 004D3A99
                                                                                                                                                                        • PathStripPathW.SHLWAPI(?,?,00000104,?,?), ref: 004D3AA6
                                                                                                                                                                        • PathRemoveExtensionW.SHLWAPI(?,?,00000104,?,?), ref: 004D3AB3
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 004D3AC6
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 004D3ADC
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 004D3B42
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Pathlstrlen$ExtensionRemoveStriplstrcpyn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2958138087-0
                                                                                                                                                                        • Opcode ID: 8262c58e831678339f6a968b7e7857ca51eb5b88faf925f7aef4a3de6029f2c6
                                                                                                                                                                        • Instruction ID: 19240c1bf56565abc81e4b083027012d35a5392b1548b8c0556d963a494269e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 8262c58e831678339f6a968b7e7857ca51eb5b88faf925f7aef4a3de6029f2c6
                                                                                                                                                                        • Instruction Fuzzy Hash: B921D7B59012189ACF20DF74DC689EE7374DB00315F2046A7D415D3356E778AB85CF0A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,004D7A78,004D774C,004D6EEA), ref: 004D7A8F
                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004D7A9D
                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004D7AB6
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,004D7A78,004D774C,004D6EEA), ref: 004D7B08
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                        • Opcode ID: d7d64235d44e9e39718567a010323f8fe4e51465b57e68191fc81a483dd99220
                                                                                                                                                                        • Instruction ID: 22131794c5a1898bdc90a46769a0fa6a930e9c06b85ad47602ba587bfb23ed5a
                                                                                                                                                                        • Opcode Fuzzy Hash: d7d64235d44e9e39718567a010323f8fe4e51465b57e68191fc81a483dd99220
                                                                                                                                                                        • Instruction Fuzzy Hash: 9401243260C3116EAA106B75ACA593B2F64DB06379730023FF020443F1FF198D25924C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,004D7CC4,?,?,004F3CF8,00000000,?,004D7DEF,00000004,InitializeCriticalSectionEx,004EACD4,InitializeCriticalSectionEx,00000000), ref: 004D7C93
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                                                                        • Opcode ID: 462648f7154b34bb8a43e5dd1c54365fc0b426a8d3fbb29967b6bf85e71c7723
                                                                                                                                                                        • Instruction ID: e973073d70b31dd21c8b7db7a8497f40500921f3a9ac3af86235e60dc6874cae
                                                                                                                                                                        • Opcode Fuzzy Hash: 462648f7154b34bb8a43e5dd1c54365fc0b426a8d3fbb29967b6bf85e71c7723
                                                                                                                                                                        • Instruction Fuzzy Hash: 5B11A731A55625AFDB228F689C55B5A33949F02F71F250123E905FB390E768FD0086DE
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,7FC17E2A,?,?,00000000,004E9C93,000000FF,?,004DA01B,004DA108,?,004D9FEF,00000000), ref: 004DA07D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004DA08F
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000,004E9C93,000000FF,?,004DA01B,004DA108,?,004D9FEF,00000000), ref: 004DA0B1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: b767a8a6100a7c142d4f51cf1a3b8f0e35c84fd0b66fd192d9d8adb6e6ddff3c
                                                                                                                                                                        • Instruction ID: 9daf4a006c4a62cc0f8987bc9ac3f5fe18e97c88d9d1be9478cebd3c32d66115
                                                                                                                                                                        • Opcode Fuzzy Hash: b767a8a6100a7c142d4f51cf1a3b8f0e35c84fd0b66fd192d9d8adb6e6ddff3c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C01A231940659AFCB129F40CC05FAEBBB8FB04B12F000536E811A2790DB78A914CA8A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 004E2A2B
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 004E2AEC
                                                                                                                                                                        • __freea.LIBCMT ref: 004E2B53
                                                                                                                                                                          • Part of subcall function 004DFAE8: RtlAllocateHeap.NTDLL(00000000,004DEBDC,?,?,004DEBDC,00000220,?,?,?), ref: 004DFB1A
                                                                                                                                                                        • __freea.LIBCMT ref: 004E2B68
                                                                                                                                                                        • __freea.LIBCMT ref: 004E2B78
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1423051803-0
                                                                                                                                                                        • Opcode ID: 6aca9534355cf62242d16d6e313d84eb244614ab821732f079b9154595da4f7f
                                                                                                                                                                        • Instruction ID: 44b6966228998c60a028e453a8646d0a4ae133c1645b3e6329ce77a9899a71d2
                                                                                                                                                                        • Opcode Fuzzy Hash: 6aca9534355cf62242d16d6e313d84eb244614ab821732f079b9154595da4f7f
                                                                                                                                                                        • Instruction Fuzzy Hash: E251B072A00286AFEB219F628D41EBB37ADEF44315B14013FFC09D7241E6B8DD509768
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,00000000,00000000,00000000), ref: 004D1D75
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                        • String ID: "%s"$/%s$recover
                                                                                                                                                                        • API String ID: 514040917-4067204065
                                                                                                                                                                        • Opcode ID: f83fc3f24675f0edcc122b5bfb04a8d3b1f21a6d960f42525b2242901ab88ab6
                                                                                                                                                                        • Instruction ID: 06d2c2bc4d40cf335226cb47d80ede67683547db5db0e05601f1f405dcaf6f3c
                                                                                                                                                                        • Opcode Fuzzy Hash: f83fc3f24675f0edcc122b5bfb04a8d3b1f21a6d960f42525b2242901ab88ab6
                                                                                                                                                                        • Instruction Fuzzy Hash: D311DD7194021C7BCB20EB62DD99EDE7778AF11714F1004ABF81993392DA78AF44CA98
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004D1097: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 004D109C
                                                                                                                                                                          • Part of subcall function 004D1097: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 004D10A6
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,004D100A), ref: 004E8004
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,004D100A), ref: 004E8013
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004E800E
                                                                                                                                                                        • 8N, xrefs: 004E7FF4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                        • String ID: 8N$ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 450123788-3666415509
                                                                                                                                                                        • Opcode ID: 50273f9531440d0852f9c9ab99cdf59fa9c2ba202492e8cbcee8acf7c922eaed
                                                                                                                                                                        • Instruction ID: cec0b409164628be5bb7cca0d873c43ee213c4126182b0b4ee506a0240f9c8f6
                                                                                                                                                                        • Opcode Fuzzy Hash: 50273f9531440d0852f9c9ab99cdf59fa9c2ba202492e8cbcee8acf7c922eaed
                                                                                                                                                                        • Instruction Fuzzy Hash: 58E06D702007D08BE7719F2AE8043567AE4AB44319F00892FE489C6752DBB9E448CBAA
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetConsoleOutputCP.KERNEL32(7FC17E2A,?,00000000,004F18B8), ref: 004E2ED3
                                                                                                                                                                          • Part of subcall function 004DF15E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004E2B49,?,00000000,-00000008), ref: 004DF20A
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004E312E
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004E3176
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 004E3219
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2112829910-0
                                                                                                                                                                        • Opcode ID: 172ea9e6e3c9717b224b6bd3702e9f4b03dc590a5cfa8502e3fdeb0dadcb1c48
                                                                                                                                                                        • Instruction ID: fbfce1a389accbd0e32e861277c9cf83514db38fd3a2c5e5c1eb145c20ad418a
                                                                                                                                                                        • Opcode Fuzzy Hash: 172ea9e6e3c9717b224b6bd3702e9f4b03dc590a5cfa8502e3fdeb0dadcb1c48
                                                                                                                                                                        • Instruction Fuzzy Hash: C3D1AAB1E002889FCF02CFE9D8849AEBBB4FF09306F18456AE955E7341D734A956CB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 7385a214c9da306f719ed116d370f0b0708d4396b7530d01a7801ad96fce6a52
                                                                                                                                                                        • Instruction ID: 00be9ae5a11d7dbb6898d7d196be2b27d4b4b58b27ae5c61306edc8423984cc8
                                                                                                                                                                        • Opcode Fuzzy Hash: 7385a214c9da306f719ed116d370f0b0708d4396b7530d01a7801ad96fce6a52
                                                                                                                                                                        • Instruction Fuzzy Hash: B751CE72600206AFDB29AF15D861B7B77B1EF40714F24452FF801973A1EB39E841E789
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004DF15E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004E2B49,?,00000000,-00000008), ref: 004DF20A
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 004DDED6
                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 004DDEDD
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?), ref: 004DDF17
                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 004DDF1E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1913693674-0
                                                                                                                                                                        • Opcode ID: bcc4d6d411a75e773e93c0518d5abf0c1d104bfebe86bdd09d5244b32dbb03f8
                                                                                                                                                                        • Instruction ID: 8f5842d3948f81d58bba0c7fc803a952eeaac5654d16ac4f6183351d48ac01d0
                                                                                                                                                                        • Opcode Fuzzy Hash: bcc4d6d411a75e773e93c0518d5abf0c1d104bfebe86bdd09d5244b32dbb03f8
                                                                                                                                                                        • Instruction Fuzzy Hash: F921B371A14605AFDF20AF66DCA086BB7ADEF10368711851FF81A8B350E779EC008758
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 004DF254
                                                                                                                                                                          • Part of subcall function 004DF15E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004E2B49,?,00000000,-00000008), ref: 004DF20A
                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004DF28C
                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004DF2AC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 158306478-0
                                                                                                                                                                        • Opcode ID: 603c09a9482ef167b79061ac34846c34c5da8d3f4a88d78586d504629729ad18
                                                                                                                                                                        • Instruction ID: c2bd60b0f49fc949b993ea7ff79fe763bb3f71d4bb28eab15a89075e4cc62f76
                                                                                                                                                                        • Opcode Fuzzy Hash: 603c09a9482ef167b79061ac34846c34c5da8d3f4a88d78586d504629729ad18
                                                                                                                                                                        • Instruction Fuzzy Hash: 2911C8A59015157F6B312BB25CEDC7F2A6CDE453A871000BBF50396341EA6E9D0582BD
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 004D14A3
                                                                                                                                                                        • VerSetConditionMask.KERNEL32(00000000), ref: 004D14A7
                                                                                                                                                                        • VerSetConditionMask.KERNEL32(00000000), ref: 004D14AB
                                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 004D14CF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2793162063-0
                                                                                                                                                                        • Opcode ID: cebc468029af1819774f5a9b8798831e0848ffbdfe83712681a77ae111c7e0b3
                                                                                                                                                                        • Instruction ID: 4fa86af8e947a02e5361972509784b602591376794b0458d5a590ba419b557da
                                                                                                                                                                        • Opcode Fuzzy Hash: cebc468029af1819774f5a9b8798831e0848ffbdfe83712681a77ae111c7e0b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 22111270A403187AEB20DF65DC4AFEFBBBCDF85B10F00049AA504A62C1DAB45B548A95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,004F18B8,00000000,00000000,?,?,004E5930,?,00000001,?,004F18B8,?,004E326D,004F18B8,?,00000000), ref: 004E65CD
                                                                                                                                                                        • GetLastError.KERNEL32(?,004E5930,?,00000001,?,004F18B8,?,004E326D,004F18B8,?,00000000,004F18B8,004F18B8,?,004E37F4,?), ref: 004E65D9
                                                                                                                                                                          • Part of subcall function 004E659F: CloseHandle.KERNEL32(FFFFFFFE,004E65E9,?,004E5930,?,00000001,?,004F18B8,?,004E326D,004F18B8,?,00000000,004F18B8,004F18B8), ref: 004E65AF
                                                                                                                                                                        • ___initconout.LIBCMT ref: 004E65E9
                                                                                                                                                                          • Part of subcall function 004E6561: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004E6590,004E591D,004F18B8,?,004E326D,004F18B8,?,00000000,004F18B8), ref: 004E6574
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,004F18B8,00000000,00000000,?,004E5930,?,00000001,?,004F18B8,?,004E326D,004F18B8,?,00000000,004F18B8), ref: 004E65FE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                        • Opcode ID: 6232d946dbec8cd53f8dc7b1c1990c47430a2d6d22111e9c150aeacefab4903b
                                                                                                                                                                        • Instruction ID: 60367b3acae95b1c40b523fb168bb00cae18d9d7cd46401301c6119cde796e0c
                                                                                                                                                                        • Opcode Fuzzy Hash: 6232d946dbec8cd53f8dc7b1c1990c47430a2d6d22111e9c150aeacefab4903b
                                                                                                                                                                        • Instruction Fuzzy Hash: 80F03736100198BBCF622F96DC4499E3F66FF183E2F014425F91885131C6359D30DB99
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,004E86EA,00000064), ref: 004E8770
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(004F43C8,?,?,004E86EA,00000064,?,004D120E,004F4400,?,?,004D2C07,?,004D14FB), ref: 004E877A
                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(?,00000000,?,004E86EA,00000064,?,004D120E,004F4400,?,?,004D2C07,?,004D14FB), ref: 004E878B
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(004F43C8,?,004E86EA,00000064,?,004D120E,004F4400,?,?,004D2C07,?,004D14FB), ref: 004E8792
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3269011525-0
                                                                                                                                                                        • Opcode ID: 232c31e4d26c8e2f995d99f4ac53493ce2494adb135015af7e95e975a44e1e01
                                                                                                                                                                        • Instruction ID: bca19b975d204ecfc4a43f0d9b0f6db73a20d10dc6270afc692f3a97cb14f131
                                                                                                                                                                        • Opcode Fuzzy Hash: 232c31e4d26c8e2f995d99f4ac53493ce2494adb135015af7e95e975a44e1e01
                                                                                                                                                                        • Instruction Fuzzy Hash: FEE09B31641264B7CB011F50EC49A6E7F64BB44763B110135FF0566161CF791A308BDE
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 004DDD6E: RtlFreeHeap.NTDLL(00000000,00000000,?,004DF9D4,004DBD16,00000000,004DBD16,?,004DF9F9,004DBD16,00000007,004DBD16,?,004E014B,004DBD16,004DBD16), ref: 004DDD84
                                                                                                                                                                          • Part of subcall function 004DDD6E: GetLastError.KERNEL32(004DBD16,?,004DF9D4,004DBD16,00000000,004DBD16,?,004DF9F9,004DBD16,00000007,004DBD16,?,004E014B,004DBD16,004DBD16), ref: 004DDD8F
                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 004DFFF8
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                        • String ID: @6O$H6O
                                                                                                                                                                        • API String ID: 4068849827-4014057546
                                                                                                                                                                        • Opcode ID: e3cb474336a5187b09cc175f4c91098a6947100b683f3c6d3b11e9eea72c31cc
                                                                                                                                                                        • Instruction ID: a96e3b5612fd4d70ce7100701e5b1dcf95446fdd1775ab2e1fbb70403e83b9e3
                                                                                                                                                                        • Opcode Fuzzy Hash: e3cb474336a5187b09cc175f4c91098a6947100b683f3c6d3b11e9eea72c31cc
                                                                                                                                                                        • Instruction Fuzzy Hash: 45316F319002499FEB31AA7AED55B5B73E6AF00315F10842FE065D7351DFB9AD80C768
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 004D8D7A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2865027185.00000000004D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2864993311.00000000004D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865064045.00000000004EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865096032.00000000004F3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2865125459.00000000004F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4d0000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                        • Opcode ID: 3b87ccdba6e6e247bbc64b66ba5a251f30bda946794044ad3dc13e1972fefee7
                                                                                                                                                                        • Instruction ID: 974320e873577a905e73b7ef90e92f0d8006576cefc5365e742723126fb49035
                                                                                                                                                                        • Opcode Fuzzy Hash: 3b87ccdba6e6e247bbc64b66ba5a251f30bda946794044ad3dc13e1972fefee7
                                                                                                                                                                        • Instruction Fuzzy Hash: DE416771900209AFCF15DF94C891AEEBBB5FF88304F19809AF904A6361D739A960DF59
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:1.7%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:1936
                                                                                                                                                                        Total number of Limit Nodes:29
                                                                                                                                                                        execution_graph 11611 e8c96a 11612 e89759 ___scrt_uninitialize_crt 7 API calls 11611->11612 11613 e8c971 11612->11613 11614 e8996e 11617 e899bc 11614->11617 11618 e89979 11617->11618 11619 e899c5 11617->11619 11619->11618 11620 e89b24 CallCatchBlock 44 API calls 11619->11620 11621 e89a00 11620->11621 11622 e89b24 CallCatchBlock 44 API calls 11621->11622 11623 e89a0b 11622->11623 11624 e8cc9b _unexpected 36 API calls 11623->11624 11625 e89a13 11624->11625 11626 e8ad6f 11629 e8b2b7 11626->11629 11628 e8ad84 _AnonymousOriginator 11630 e8b2cb 11629->11630 11631 e8b2c4 11629->11631 11630->11628 11632 e8bb0b ___vcrt_freefls@4 13 API calls 11631->11632 11632->11630 10387 e920e1 10388 e92101 10387->10388 10391 e92138 10388->10391 10390 e9212b 10392 e9213f 10391->10392 10393 e921de 10392->10393 10396 e9215f 10392->10396 10400 e932d7 10393->10400 10395 e93200 10395->10390 10396->10390 10396->10395 10398 e932d7 15 API calls 10396->10398 10399 e931fe 10398->10399 10399->10390 10401 e932e0 10400->10401 10404 e9374f 10401->10404 10405 e9378e __startOneArgErrorHandling 10404->10405 10409 e93810 __startOneArgErrorHandling 10405->10409 10412 e93be8 10405->10412 10408 e93845 10410 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10408->10410 10409->10408 10415 e93f01 10409->10415 10411 e921ee 10410->10411 10411->10390 10422 e93c0b 10412->10422 10416 e93f0e 10415->10416 10417 e93f23 10415->10417 10419 e93f28 10416->10419 10420 e8baf8 __freea 13 API calls 10416->10420 10418 e8baf8 __freea 13 API calls 10417->10418 10418->10419 10419->10408 10421 e93f1b 10420->10421 10421->10408 10423 e93c36 __raise_exc 10422->10423 10424 e93e2f RaiseException 10423->10424 10425 e93c06 10424->10425 10425->10409 10426 e8ace0 10429 e8ad13 10426->10429 10432 e8b254 10429->10432 10433 e8b261 ___std_exception_copy 10432->10433 10437 e8acee 10432->10437 10434 e8b28e 10433->10434 10433->10437 10438 e8cd85 10433->10438 10447 e8bb0b 10434->10447 10439 e8cd93 10438->10439 10440 e8cda1 10438->10440 10439->10440 10445 e8cdb9 10439->10445 10441 e8baf8 __freea 13 API calls 10440->10441 10442 e8cda9 10441->10442 10444 e8ba3a ___std_exception_copy 34 API calls 10442->10444 10443 e8cdb3 10443->10434 10444->10443 10445->10443 10446 e8baf8 __freea 13 API calls 10445->10446 10446->10442 10448 e8d52b __freea 13 API calls 10447->10448 10449 e8bb23 10448->10449 10449->10437 11339 e865e2 11340 e865f5 11339->11340 11341 e865ec 11339->11341 11340->11341 11342 e86605 HeapReAlloc 11340->11342 11342->11341 11343 e8a3e3 11344 e8abde __InternalCxxFrameHandler 44 API calls 11343->11344 11345 e8a409 11344->11345 10450 e8d4e5 10458 e8e884 10450->10458 10459 e8e7c1 _unexpected 5 API calls 10458->10459 10460 e8e8a0 10459->10460 10672 e8f466 10673 e8f395 ___scrt_uninitialize_crt 53 API calls 10672->10673 10674 e8f46e 10673->10674 10682 e91a57 10674->10682 10676 e8f473 10690 e91b02 10676->10690 10679 e8f49d 10680 e8d52b __freea 13 API calls 10679->10680 10681 e8f4a8 10680->10681 10683 e91a63 CallCatchBlock 10682->10683 10694 e8d642 EnterCriticalSection 10683->10694 10685 e91ada 10685->10676 10686 e91a6e 10686->10685 10687 e91aae DeleteCriticalSection 10686->10687 10695 e920a3 10686->10695 10689 e8d52b __freea 13 API calls 10687->10689 10689->10686 10691 e91b19 10690->10691 10692 e8f482 DeleteCriticalSection 10690->10692 10691->10692 10693 e8d52b __freea 13 API calls 10691->10693 10692->10676 10692->10679 10693->10692 10694->10686 10696 e920b6 ___std_exception_copy 10695->10696 10701 e91f7e 10696->10701 10698 e920c2 10699 e8b776 ___std_exception_copy 34 API calls 10698->10699 10700 e920ce 10699->10700 10700->10686 10702 e91f8a CallCatchBlock 10701->10702 10703 e91f94 10702->10703 10704 e91fb7 10702->10704 10705 e8b9bd ___std_exception_copy 34 API calls 10703->10705 10711 e91faf 10704->10711 10712 e8f4b2 EnterCriticalSection 10704->10712 10705->10711 10707 e91fd5 10713 e92015 10707->10713 10709 e91fe2 10727 e9200d 10709->10727 10711->10698 10712->10707 10714 e92022 10713->10714 10715 e92045 10713->10715 10716 e8b9bd ___std_exception_copy 34 API calls 10714->10716 10717 e8f2c7 ___scrt_uninitialize_crt 49 API calls 10715->10717 10718 e9203d 10715->10718 10716->10718 10719 e9205d 10717->10719 10718->10709 10720 e91b02 13 API calls 10719->10720 10721 e92065 10720->10721 10722 e9065c ___scrt_uninitialize_crt 34 API calls 10721->10722 10723 e92071 10722->10723 10730 e9289c 10723->10730 10726 e8d52b __freea 13 API calls 10726->10718 10772 e8f4c6 LeaveCriticalSection 10727->10772 10729 e92013 10729->10711 10731 e928c5 10730->10731 10732 e92078 10730->10732 10733 e92914 10731->10733 10735 e928ec 10731->10735 10732->10718 10732->10726 10734 e8b9bd ___std_exception_copy 34 API calls 10733->10734 10734->10732 10737 e9280b 10735->10737 10738 e92817 CallCatchBlock 10737->10738 10745 e8f701 EnterCriticalSection 10738->10745 10740 e92825 10742 e92856 10740->10742 10746 e9293f 10740->10746 10759 e92890 10742->10759 10745->10740 10747 e8f7d8 ___scrt_uninitialize_crt 34 API calls 10746->10747 10750 e9294f 10747->10750 10748 e92955 10762 e8f747 10748->10762 10750->10748 10751 e8f7d8 ___scrt_uninitialize_crt 34 API calls 10750->10751 10758 e92987 10750->10758 10753 e9297e 10751->10753 10752 e8f7d8 ___scrt_uninitialize_crt 34 API calls 10754 e92993 CloseHandle 10752->10754 10756 e8f7d8 ___scrt_uninitialize_crt 34 API calls 10753->10756 10754->10748 10757 e9299f GetLastError 10754->10757 10755 e929ad ___scrt_uninitialize_crt 10755->10742 10756->10758 10757->10748 10758->10748 10758->10752 10771 e8f724 LeaveCriticalSection 10759->10771 10761 e92879 10761->10732 10763 e8f7bd 10762->10763 10764 e8f756 10762->10764 10765 e8baf8 __freea 13 API calls 10763->10765 10764->10763 10770 e8f780 10764->10770 10766 e8f7c2 10765->10766 10767 e8bae5 ___scrt_uninitialize_crt 13 API calls 10766->10767 10768 e8f7ad 10767->10768 10768->10755 10769 e8f7a7 SetStdHandle 10769->10768 10770->10768 10770->10769 10771->10761 10772->10729 11346 e8f5e7 11347 e8e983 6 API calls 11346->11347 11348 e8f5e6 11347->11348 11348->11346 11349 e8f61d 11348->11349 11350 e8d52b __freea 13 API calls 11349->11350 11351 e8f627 11350->11351 11352 e8a5e7 11353 e8cd36 IsInExceptionSpec 34 API calls 11352->11353 11354 e8a5ef 11353->11354 11355 e8dbf8 11356 e8dc0a 11355->11356 11357 e8dc06 11355->11357 11358 e8dc0f 11356->11358 11359 e8dc35 11356->11359 11360 e8d6d2 _unexpected 13 API calls 11358->11360 11359->11357 11362 e8bb26 37 API calls 11359->11362 11361 e8dc18 11360->11361 11363 e8d52b __freea 13 API calls 11361->11363 11364 e8dc55 11362->11364 11363->11357 11365 e8d52b __freea 13 API calls 11364->11365 11365->11357 11366 e873fc 11377 e87423 InitializeCriticalSectionAndSpinCount GetModuleHandleW 11366->11377 11368 e87401 11369 e87690 4 API calls 11368->11369 11370 e87408 11369->11370 11371 e8741b 11370->11371 11372 e8740d 11370->11372 11374 e87bb0 4 API calls 11371->11374 11373 e8781d 37 API calls 11372->11373 11376 e87417 11373->11376 11375 e87422 11374->11375 11378 e87446 GetModuleHandleW 11377->11378 11379 e87457 GetProcAddress GetProcAddress 11377->11379 11378->11379 11380 e8749d 11378->11380 11381 e87475 11379->11381 11382 e87487 CreateEventW 11379->11382 11383 e87bb0 4 API calls 11380->11383 11381->11382 11384 e87479 11381->11384 11382->11380 11382->11384 11385 e874a4 DeleteCriticalSection 11383->11385 11384->11368 11386 e874b9 CloseHandle 11385->11386 11387 e874c0 11385->11387 11386->11387 11387->11368 10773 e8ea70 10774 e8eaa1 10773->10774 10776 e8ea7b 10773->10776 10775 e8ea8b FreeLibrary 10775->10776 10776->10774 10776->10775 11388 e921f1 11389 e92215 11388->11389 11390 e9222e 11389->11390 11392 e93507 __startOneArgErrorHandling 11389->11392 11391 e92278 11390->11391 11393 e93313 14 API calls 11390->11393 11395 e93549 __startOneArgErrorHandling 11392->11395 11396 e938a1 11392->11396 11393->11391 11397 e938da __startOneArgErrorHandling 11396->11397 11398 e93c0b __raise_exc RaiseException 11397->11398 11399 e93901 __startOneArgErrorHandling 11397->11399 11398->11399 11400 e93944 11399->11400 11401 e9391f 11399->11401 11402 e93f01 __startOneArgErrorHandling 13 API calls 11400->11402 11407 e93f30 11401->11407 11404 e9393f __startOneArgErrorHandling 11402->11404 11405 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11404->11405 11406 e93968 11405->11406 11406->11395 11408 e93f3d 11407->11408 11409 e93f4c __startOneArgErrorHandling 11408->11409 11411 e93f7b __startOneArgErrorHandling 11408->11411 11410 e93f01 __startOneArgErrorHandling 13 API calls 11409->11410 11412 e93f65 11410->11412 11413 e93fc9 11411->11413 11414 e93f01 __startOneArgErrorHandling 13 API calls 11411->11414 11412->11404 11413->11404 11414->11413 10464 e8e4f1 GetCommandLineA GetCommandLineW 10465 e878f3 10470 e87d47 SetUnhandledExceptionFilter 10465->10470 10467 e878f8 10471 e8cc66 10467->10471 10469 e87903 10470->10467 10472 e8cc8c 10471->10472 10473 e8cc72 10471->10473 10472->10469 10473->10472 10474 e8baf8 __freea 13 API calls 10473->10474 10475 e8cc7c 10474->10475 10476 e8ba3a ___std_exception_copy 34 API calls 10475->10476 10477 e8cc87 10476->10477 10477->10469 11633 e8c973 11636 e8c98a 11633->11636 11637 e8c99e 11636->11637 11638 e8c986 11636->11638 11637->11638 11639 e8d52b __freea 13 API calls 11637->11639 11639->11638 11415 e90df7 11418 e8e20d 11415->11418 11419 e8e216 11418->11419 11423 e8e248 11418->11423 11424 e8d2fb 11419->11424 11425 e8d30c 11424->11425 11426 e8d306 11424->11426 11427 e8e941 _unexpected 6 API calls 11425->11427 11447 e8d312 11425->11447 11428 e8e902 _unexpected 6 API calls 11426->11428 11429 e8d326 11427->11429 11428->11425 11431 e8d6d2 _unexpected 13 API calls 11429->11431 11429->11447 11430 e8d317 11449 e8e018 11430->11449 11433 e8d336 11431->11433 11432 e8cd36 IsInExceptionSpec 34 API calls 11434 e8d390 11432->11434 11435 e8d33e 11433->11435 11436 e8d353 11433->11436 11438 e8e941 _unexpected 6 API calls 11435->11438 11437 e8e941 _unexpected 6 API calls 11436->11437 11439 e8d35f 11437->11439 11440 e8d34a 11438->11440 11441 e8d372 11439->11441 11442 e8d363 11439->11442 11445 e8d52b __freea 13 API calls 11440->11445 11444 e8d06e _unexpected 13 API calls 11441->11444 11443 e8e941 _unexpected 6 API calls 11442->11443 11443->11440 11446 e8d37d 11444->11446 11445->11447 11448 e8d52b __freea 13 API calls 11446->11448 11447->11430 11447->11432 11448->11430 11472 e8e16d 11449->11472 11454 e8e05b 11454->11423 11455 e8fac8 14 API calls 11456 e8e06c 11455->11456 11457 e8e082 11456->11457 11458 e8e074 11456->11458 11488 e8e268 11457->11488 11459 e8d52b __freea 13 API calls 11458->11459 11459->11454 11462 e8e0ba 11464 e8baf8 __freea 13 API calls 11462->11464 11463 e8e0d5 11466 e8e101 11463->11466 11468 e8d52b __freea 13 API calls 11463->11468 11465 e8e0bf 11464->11465 11467 e8d52b __freea 13 API calls 11465->11467 11471 e8e14a 11466->11471 11494 e8dc8a 11466->11494 11467->11454 11468->11466 11470 e8d52b __freea 13 API calls 11470->11454 11471->11470 11473 e8e179 CallCatchBlock 11472->11473 11476 e8e193 ___scrt_uninitialize_crt 11473->11476 11500 e8d642 EnterCriticalSection 11473->11500 11475 e8e042 11481 e8dd98 11475->11481 11476->11475 11477 e8cd36 IsInExceptionSpec 34 API calls 11476->11477 11478 e8e20c 11477->11478 11479 e8e1a3 11479->11476 11480 e8d52b __freea 13 API calls 11479->11480 11480->11476 11501 e8db29 11481->11501 11484 e8ddb9 GetOEMCP 11486 e8dde2 11484->11486 11485 e8ddcb 11485->11486 11487 e8ddd0 GetACP 11485->11487 11486->11454 11486->11455 11487->11486 11489 e8dd98 38 API calls 11488->11489 11491 e8e288 11489->11491 11490 e8e296 11491->11490 11492 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11491->11492 11493 e8e0af 11492->11493 11493->11462 11493->11463 11495 e8dc96 CallCatchBlock 11494->11495 11534 e8d642 EnterCriticalSection 11495->11534 11497 e8dca0 11535 e8dcd7 11497->11535 11499 e8dcad 11499->11471 11500->11479 11502 e8db47 11501->11502 11508 e8db40 11501->11508 11503 e8d240 _unexpected 36 API calls 11502->11503 11502->11508 11504 e8db68 11503->11504 11509 e9046d 11504->11509 11508->11484 11508->11485 11510 e8db7e 11509->11510 11511 e90480 11509->11511 11513 e904cb 11510->11513 11511->11510 11517 e8ff56 11511->11517 11514 e904de 11513->11514 11515 e904f3 11513->11515 11514->11515 11529 e8e255 11514->11529 11515->11508 11518 e8ff62 CallCatchBlock 11517->11518 11519 e8d240 _unexpected 36 API calls 11518->11519 11520 e8ff6b 11519->11520 11521 e8ffb1 11520->11521 11528 e8d642 EnterCriticalSection 11520->11528 11521->11510 11523 e8ff89 11524 e8ffd7 ___scrt_uninitialize_crt 13 API calls 11523->11524 11525 e8ff9a ___scrt_uninitialize_crt 11524->11525 11525->11521 11526 e8cd36 IsInExceptionSpec 34 API calls 11525->11526 11527 e8ffd6 11526->11527 11528->11523 11530 e8d240 _unexpected 36 API calls 11529->11530 11531 e8e25a 11530->11531 11532 e8e16d ___scrt_uninitialize_crt 34 API calls 11531->11532 11533 e8e265 11532->11533 11533->11515 11534->11497 11542 e8e470 11535->11542 11537 e8dcf9 11538 e8e470 34 API calls 11537->11538 11539 e8dd18 11538->11539 11540 e8dd3f 11539->11540 11541 e8d52b __freea 13 API calls 11539->11541 11540->11499 11541->11540 11543 e8e481 11542->11543 11547 e8e47d 11542->11547 11544 e8e488 11543->11544 11549 e8e49b CallCatchBlock 11543->11549 11545 e8baf8 __freea 13 API calls 11544->11545 11546 e8e48d 11545->11546 11548 e8ba3a ___std_exception_copy 34 API calls 11546->11548 11547->11537 11548->11547 11549->11547 11550 e8e4c9 11549->11550 11551 e8e4d2 11549->11551 11552 e8baf8 __freea 13 API calls 11550->11552 11551->11547 11553 e8baf8 __freea 13 API calls 11551->11553 11554 e8e4ce 11552->11554 11553->11554 11555 e8ba3a ___std_exception_copy 34 API calls 11554->11555 11555->11547 11556 e871cb 11558 e871de 11556->11558 11557 e87233 11558->11557 11559 e870a4 13 API calls 11558->11559 11560 e8720a 11559->11560 11640 e8734c DeleteCriticalSection 11641 e873cc 11640->11641 11642 e8bb0b ___vcrt_freefls@4 13 API calls 11641->11642 11643 e873db 11641->11643 11642->11643 10478 e912cf 10482 e912d7 10478->10482 10485 e91046 10478->10485 10479 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10480 e9136c 10479->10480 10481 e90529 37 API calls 10481->10485 10482->10479 10483 e91d87 IsProcessorFeaturePresent 10483->10485 10485->10481 10485->10482 10485->10483 10486 e91252 WriteFile 10485->10486 10488 e91292 WriteFile 10485->10488 10489 e8e586 10485->10489 10486->10485 10487 e9134a GetLastError 10486->10487 10487->10482 10488->10485 10488->10487 10491 e8e59d WideCharToMultiByte 10489->10491 10491->10485 11644 e8c34e 11657 e8e674 GetEnvironmentStringsW 11644->11657 11646 e8c35f 11647 e8c371 11646->11647 11648 e8c365 11646->11648 11649 e8c3a2 34 API calls 11647->11649 11650 e8d52b __freea 13 API calls 11648->11650 11651 e8c378 11649->11651 11652 e8c36b 11650->11652 11653 e8d52b __freea 13 API calls 11651->11653 11654 e8c395 11653->11654 11655 e8d52b __freea 13 API calls 11654->11655 11656 e8c39b 11655->11656 11658 e8e683 11657->11658 11659 e8e685 11657->11659 11658->11646 11660 e8fac8 14 API calls 11659->11660 11661 e8e69a 11660->11661 11662 e8d52b __freea 13 API calls 11661->11662 11663 e8e6b4 FreeEnvironmentStringsW 11662->11663 11663->11646 10780 e87840 10781 e87848 10780->10781 10797 e8cb20 10781->10797 10783 e87853 10804 e87690 10783->10804 10786 e878ea 10787 e87868 __RTC_Initialize 10788 e8781d 37 API calls 10787->10788 10795 e878c5 10787->10795 10789 e87881 10788->10789 10789->10795 10810 e88083 InitializeSListHead 10789->10810 10791 e87897 10811 e88092 10791->10811 10793 e878ba 10817 e8cbfd 10793->10817 10796 e878e2 10795->10796 10824 e87bb0 IsProcessorFeaturePresent 10795->10824 10798 e8cb2f 10797->10798 10799 e8cb52 10797->10799 10798->10799 10800 e8baf8 __freea 13 API calls 10798->10800 10799->10783 10801 e8cb42 10800->10801 10802 e8ba3a ___std_exception_copy 34 API calls 10801->10802 10803 e8cb4d 10802->10803 10803->10783 10805 e8769c 10804->10805 10806 e876a0 10804->10806 10805->10787 10807 e87bb0 4 API calls 10806->10807 10809 e876ad ___scrt_release_startup_lock 10806->10809 10808 e87716 10807->10808 10809->10787 10810->10791 10828 e8ccd7 10811->10828 10813 e880a3 10814 e880aa 10813->10814 10815 e87bb0 4 API calls 10813->10815 10814->10793 10816 e880b2 10815->10816 10818 e8d240 _unexpected 36 API calls 10817->10818 10819 e8cc08 10818->10819 10820 e8cc40 10819->10820 10821 e8baf8 __freea 13 API calls 10819->10821 10820->10795 10822 e8cc35 10821->10822 10823 e8ba3a ___std_exception_copy 34 API calls 10822->10823 10823->10820 10825 e87bc6 CallCatchBlock 10824->10825 10826 e87c71 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10825->10826 10827 e87cbc CallCatchBlock 10826->10827 10827->10786 10829 e8ccf5 10828->10829 10833 e8cd15 10828->10833 10830 e8baf8 __freea 13 API calls 10829->10830 10831 e8cd0b 10830->10831 10832 e8ba3a ___std_exception_copy 34 API calls 10831->10832 10832->10833 10833->10813 11664 e83741 11665 e83747 11664->11665 11678 e8be5f 11665->11678 11667 e8375f 11687 e878a7 11667->11687 11669 e837a7 11696 e8dacf 11669->11696 11673 e837d7 11674 e90b2f IsProcessorFeaturePresent 11673->11674 11675 e8382f 11674->11675 11676 e91547 3 API calls 11675->11676 11677 e83847 11676->11677 11679 e8be6e 11678->11679 11680 e8be66 11678->11680 11682 e8bcd9 CallCatchBlock EnterCriticalSection 11679->11682 11681 e8bf1a CallCatchBlock 3 API calls 11680->11681 11681->11679 11683 e8bea6 11682->11683 11684 e8beac 11683->11684 11685 e8bec7 CallCatchBlock 13 API calls 11683->11685 11684->11667 11686 e8bec1 11685->11686 11688 e878ab 11687->11688 11689 e88092 38 API calls 11688->11689 11690 e878ba 11689->11690 11691 e8cbfd 36 API calls 11690->11691 11692 e878c5 11691->11692 11693 e878e2 11692->11693 11694 e87bb0 4 API calls 11692->11694 11693->11669 11695 e878ea 11694->11695 11695->11669 11697 e8da7a 11696->11697 11698 e8dad6 11696->11698 11710 e8d8ff 11697->11710 11699 e8daea FindClose 11698->11699 11721 e90690 11698->11721 11700 e8db1a 11699->11700 11704 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11700->11704 11703 e8db08 11703->11699 11705 e837cf 11704->11705 11706 e904d7 11705->11706 11707 e904de 11706->11707 11709 e904f3 11706->11709 11708 e8e255 ___scrt_uninitialize_crt 36 API calls 11707->11708 11707->11709 11708->11709 11709->11673 11711 e8d90f 11710->11711 11711->11711 11712 e8d6d2 _unexpected 13 API calls 11711->11712 11713 e8d942 11712->11713 11729 e8f5a8 11713->11729 11716 e8ba4a ___std_exception_copy 7 API calls 11717 e8d9b2 11716->11717 11718 e8da2c FindFirstFileExW 11717->11718 11719 e8da63 11718->11719 11720 e8d8ff 34 API calls 11719->11720 11722 e906ca 11721->11722 11723 e8baf8 __freea 13 API calls 11722->11723 11728 e906de 11722->11728 11725 e906d3 11723->11725 11724 e90706 11726 e8ba3a ___std_exception_copy 34 API calls 11725->11726 11725->11728 11726->11728 11727 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11727->11728 11728->11703 11728->11724 11728->11727 11728->11728 11732 e8f4da 11729->11732 11730 e8f4f4 11731 e8baf8 __freea 13 API calls 11730->11731 11733 e8d96e 11730->11733 11737 e8f4fe 11731->11737 11732->11730 11732->11733 11734 e8f532 11732->11734 11733->11716 11734->11733 11736 e8baf8 __freea 13 API calls 11734->11736 11735 e8ba3a ___std_exception_copy 34 API calls 11735->11733 11736->11737 11737->11735 10834 e8b043 10837 e8b02f CallCatchBlock 10834->10837 10839 e8b0a8 10834->10839 10835 e8cd36 IsInExceptionSpec 34 API calls 10836 e8b0e8 10835->10836 10838 e8b0cf 44 API calls 10837->10838 10837->10839 10838->10839 10839->10835 10840 e8b0ad 10839->10840 10495 e8ccc7 10496 e8ccca 10495->10496 10497 e8cd36 IsInExceptionSpec 34 API calls 10496->10497 10498 e8ccd6 10497->10498 11561 e865c7 11562 e865de 11561->11562 11563 e865d0 HeapFree 11561->11563 11563->11562 11738 e8d747 11739 e8d77d 11738->11739 11740 e8d767 11738->11740 11745 e8d8ff 35 API calls 11739->11745 11751 e8d805 11739->11751 11756 e8d7f1 11739->11756 11741 e8baf8 __freea 13 API calls 11740->11741 11742 e8d76c 11741->11742 11743 e8ba3a ___std_exception_copy 34 API calls 11742->11743 11746 e8d776 11743->11746 11744 e8c2f3 13 API calls 11747 e8d83b 11744->11747 11745->11739 11748 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11746->11748 11749 e8d844 11747->11749 11758 e8d85d 11747->11758 11752 e8d8f0 11748->11752 11750 e8d52b __freea 13 API calls 11749->11750 11750->11751 11764 e8dbab 11751->11764 11753 e8d8cb 11755 e8d52b __freea 13 API calls 11753->11755 11757 e8d8d8 11755->11757 11756->11744 11759 e8dbab 13 API calls 11757->11759 11758->11753 11758->11758 11760 e8f5a8 34 API calls 11758->11760 11761 e8d8f2 11758->11761 11759->11746 11760->11758 11762 e8ba4a ___std_exception_copy 7 API calls 11761->11762 11763 e8d8fe 11762->11763 11765 e8dbb8 11764->11765 11766 e8dbc8 11764->11766 11765->11766 11767 e8d52b __freea 13 API calls 11765->11767 11768 e8d52b __freea 13 API calls 11766->11768 11767->11765 11769 e8dbd0 11768->11769 11769->11746 10499 e874db LeaveCriticalSection 10500 e8755d 10499->10500 10501 e87568 RtlWakeAllConditionVariable 10500->10501 10502 e87579 SetEvent ResetEvent 10500->10502 11770 e8475f 11772 e847b3 11770->11772 11771 e8480e 11772->11771 11773 e866ab 40 API calls 11772->11773 11774 e848ab 11773->11774 11775 e86c13 IsProcessorFeaturePresent 11774->11775 11776 e84913 11775->11776 11777 e87d53 11778 e87d8a 11777->11778 11780 e87d65 11777->11780 11780->11778 11786 e89ab5 11780->11786 11784 e8cc9b _unexpected 36 API calls 11785 e87da8 11784->11785 11787 e89b24 CallCatchBlock 44 API calls 11786->11787 11788 e87d97 11787->11788 11789 e89abe 11788->11789 11790 e89b24 CallCatchBlock 44 API calls 11789->11790 11791 e87da1 11790->11791 11791->11784 11792 e86553 11793 e8653e LoadResource 11792->11793 11794 e86555 11792->11794 11795 e8656f 11793->11795 11796 e8654f LockResource 11793->11796 11794->11795 11797 e8655b SizeofResource 11794->11797 11796->11792 11797->11795 11564 e8cbd6 11567 e8cb5d 11564->11567 11568 e8cb69 CallCatchBlock 11567->11568 11571 e8d642 EnterCriticalSection 11568->11571 11570 e8cb73 11571->11570 9593 e879d7 9594 e879db 9593->9594 9595 e879e2 9593->9595 9638 e8bfe0 9594->9638 9613 e87ccb 9595->9613 9598 e879e8 9617 e86c1e GetModuleHandleW GetProcAddress 9598->9617 9600 e879fd 9633 e87d04 GetModuleHandleW 9600->9633 9603 e87a08 9605 e87a11 9603->9605 9644 e8bfba 9603->9644 9604 e87a72 9635 e8c006 9604->9635 9647 e877c8 9605->9647 9657 e895e0 9613->9657 9615 e87cde GetStartupInfoW 9616 e87cf1 9615->9616 9616->9598 9618 e86c3d 9617->9618 9659 e86887 9618->9659 9620 e86c4c 9686 e86dd7 9620->9686 9622 e86c56 9689 e86a8c 9622->9689 9624 e86c64 9625 e86c6b LoadLibraryExW 9624->9625 9626 e86c83 9624->9626 9627 e86c7e 9625->9627 9628 e86c87 GetProcAddress 9625->9628 9626->9600 9630 e86820 GetLastError 9627->9630 9629 e86c99 GetCommandLineW 9628->9629 9632 e86ca5 FreeLibrary 9628->9632 9629->9632 9630->9626 9632->9626 9634 e87a04 9633->9634 9634->9603 9634->9604 10017 e8be30 9635->10017 9639 e8bff6 _unexpected CallCatchBlock 9638->9639 9639->9595 10072 e8d240 GetLastError 9639->10072 9641 e8cd36 IsInExceptionSpec 34 API calls 9642 e8ccd6 9641->9642 9645 e8be30 CallCatchBlock 15 API calls 9644->9645 9646 e8bfc5 9645->9646 9646->9605 9648 e877d4 9647->9648 9649 e877ec 9648->9649 10217 e8c9ca 9648->10217 9651 e877e2 10222 e89759 9651->10222 9654 e8bfc9 9655 e8be30 CallCatchBlock 15 API calls 9654->9655 9656 e87a80 9655->9656 9658 e895f7 9657->9658 9658->9615 9658->9658 9660 e86dd7 41 API calls 9659->9660 9661 e86898 9660->9661 9662 e868b1 GetModuleFileNameW 9661->9662 9663 e868c9 9662->9663 9664 e869a0 9663->9664 9718 e8664f 9663->9718 9664->9620 9666 e869e3 9668 e86914 9757 e86eab 9668->9757 9669 e86906 9748 e86f7d 9669->9748 9672 e86912 9733 e86cc6 9672->9733 9674 e86931 9737 e86ffa 9674->9737 9676 e8693c 9741 e86d76 9676->9741 9678 e8694e 9679 e86dd7 41 API calls 9678->9679 9680 e8695e 9679->9680 9681 e86973 SHGetFolderPathW 9680->9681 9682 e8698c 9681->9682 9682->9664 9770 e86d3c 9682->9770 9684 e86998 9685 e86d3c CharLowerBuffW 9684->9685 9685->9664 9687 e8664f 41 API calls 9686->9687 9688 e86ddf 9687->9688 9688->9622 9690 e86ac1 CallCatchBlock 9689->9690 9691 e86ad0 GetModuleFileNameW 9690->9691 9692 e86aeb 9691->9692 9693 e86af5 PathRemoveFileSpecW 9691->9693 9991 e86820 GetLastError 9692->9991 9993 e8b6ca 9693->9993 9697 e86b31 10002 e8683b 9697->10002 9700 e86b40 9704 e86eab 34 API calls 9700->9704 9701 e86b63 9702 e8b6ca 34 API calls 9701->9702 9703 e86b7b 9702->9703 9705 e86dd7 41 API calls 9703->9705 9710 e86af0 9704->9710 9706 e86b89 9705->9706 10008 e869ee RegOpenKeyExW 9706->10008 9708 e86b9a 9709 e86ba0 PathAppendW 9708->9709 9708->9710 9711 e86bb3 PathAppendW 9709->9711 9712 e86bc5 9709->9712 9711->9712 9713 e86bce 9711->9713 9714 e86820 GetLastError 9712->9714 9715 e8683b 2 API calls 9713->9715 9714->9710 9716 e86bd9 9715->9716 9716->9710 9717 e86eab 34 API calls 9716->9717 9717->9710 9719 e8667d 9718->9719 9722 e86666 9718->9722 9775 e8750b EnterCriticalSection 9719->9775 9721 e86678 9721->9666 9721->9668 9721->9669 9722->9721 9724 e8750b 2 API calls 9722->9724 9723 e86688 9723->9722 9725 e86692 GetProcessHeap 9723->9725 9726 e866cd 9724->9726 9778 e8781d 9725->9778 9726->9721 9729 e8781d 37 API calls 9726->9729 9731 e8671a 9729->9731 9782 e874c1 EnterCriticalSection 9731->9782 9853 e86dfe 9733->9853 9735 e86cd4 PathRemoveFileSpecW 9736 e86ce3 9735->9736 9736->9674 9738 e87005 9737->9738 9739 e87013 9738->9739 9855 e870a4 9738->9855 9739->9676 9742 e86d8e 9741->9742 9747 e86da2 9741->9747 9743 e86dc3 9742->9743 9744 e86d9d 9742->9744 9745 e86eab 34 API calls 9743->9745 9746 e86ffa 13 API calls 9744->9746 9745->9747 9746->9747 9747->9678 9865 e87387 EnterCriticalSection 9748->9865 9750 e86fef 9750->9672 9751 e86fa8 FindResourceExW 9754 e86f92 9751->9754 9753 e87387 5 API calls 9753->9754 9754->9750 9754->9751 9754->9753 9755 e86fe0 9754->9755 9870 e86539 9754->9870 9755->9750 9877 e87118 FindResourceW 9755->9877 9759 e86ec3 9757->9759 9767 e86eb9 9757->9767 9758 e86f57 9759->9758 9760 e86f3d 9759->9760 9761 e86ef3 9759->9761 9762 e870a4 13 API calls 9760->9762 9763 e86f04 9761->9763 9765 e86f1a 9761->9765 9761->9767 9762->9767 9764 e8baf8 __freea 13 API calls 9763->9764 9766 e86f09 9764->9766 9765->9767 9768 e8baf8 __freea 13 API calls 9765->9768 9769 e8ba3a ___std_exception_copy 34 API calls 9766->9769 9767->9672 9768->9766 9769->9767 9771 e86d4b 9770->9771 9772 e86d6b 9771->9772 9773 e86d56 CharLowerBuffW 9771->9773 9774 e86d66 9773->9774 9774->9684 9776 e8751f 9775->9776 9777 e87552 LeaveCriticalSection 9776->9777 9777->9723 9783 e877f0 9778->9783 9781 e874c1 EnterCriticalSection 9784 e877ff 9783->9784 9785 e87806 9783->9785 9789 e8c80d 9784->9789 9792 e8c88a 9785->9792 9788 e866b8 9788->9781 9790 e8c88a 37 API calls 9789->9790 9791 e8c81f 9790->9791 9791->9788 9795 e8c5d6 9792->9795 9794 e8c8bb 9794->9788 9796 e8c5e2 CallCatchBlock 9795->9796 9801 e8d642 EnterCriticalSection 9796->9801 9798 e8c5f0 9802 e8c631 9798->9802 9800 e8c5fd 9800->9794 9801->9798 9803 e8c64c 9802->9803 9811 e8c685 _unexpected 9802->9811 9804 e8c69f 9803->9804 9803->9811 9812 e8bb26 9803->9812 9806 e8bb26 37 API calls 9804->9806 9804->9811 9808 e8c6b5 9806->9808 9807 e8c695 9821 e8d52b 9807->9821 9810 e8d52b __freea 13 API calls 9808->9810 9810->9811 9811->9800 9813 e8bb4e 9812->9813 9814 e8bb33 9812->9814 9816 e8bb5d 9813->9816 9834 e8d565 9813->9834 9814->9813 9815 e8bb3f 9814->9815 9831 e8baf8 9815->9831 9841 e8d598 9816->9841 9820 e8bb44 CallCatchBlock 9820->9807 9822 e8d536 HeapFree 9821->9822 9830 e8d560 9821->9830 9823 e8d54b GetLastError 9822->9823 9822->9830 9824 e8d54f 9823->9824 9825 e8d53a HeapFree 9824->9825 9826 e8d551 __freea 9824->9826 9825->9823 9825->9830 9827 e8baf8 __freea 11 API calls 9826->9827 9828 e8d55b 9827->9828 9829 e8baf8 __freea 11 API calls 9828->9829 9829->9830 9830->9804 9832 e8d391 IsInExceptionSpec 13 API calls 9831->9832 9833 e8bafd 9832->9833 9833->9820 9835 e8d570 9834->9835 9836 e8d585 HeapSize 9834->9836 9837 e8baf8 __freea 13 API calls 9835->9837 9836->9816 9838 e8d575 9837->9838 9839 e8ba3a ___std_exception_copy 34 API calls 9838->9839 9840 e8d580 9839->9840 9840->9816 9842 e8d5b0 9841->9842 9843 e8d5a5 9841->9843 9844 e8d5b8 9842->9844 9851 e8d5c1 _unexpected 9842->9851 9845 e8fac8 14 API calls 9843->9845 9846 e8d52b __freea 13 API calls 9844->9846 9849 e8d5ad 9845->9849 9846->9849 9847 e8d5eb HeapReAlloc 9847->9849 9847->9851 9848 e8d5c6 9850 e8baf8 __freea 13 API calls 9848->9850 9849->9820 9850->9849 9851->9847 9851->9848 9852 e8ed5b _unexpected EnterCriticalSection 9851->9852 9852->9851 9854 e86e2f 9853->9854 9856 e870b6 9855->9856 9864 e870c5 9855->9864 9857 e8baf8 __freea 13 API calls 9856->9857 9858 e870bf CallCatchBlock 9856->9858 9857->9858 9859 e870f9 9858->9859 9861 e87107 9858->9861 9860 e8baf8 __freea 13 API calls 9859->9860 9862 e870fe 9860->9862 9863 e8baf8 __freea 13 API calls 9861->9863 9861->9864 9863->9864 9864->9739 9866 e873a0 9865->9866 9869 e873a9 LeaveCriticalSection 9865->9869 9866->9869 9883 e87362 9866->9883 9869->9754 9871 e8653e LoadResource 9870->9871 9872 e8654f LockResource 9871->9872 9876 e8656f 9871->9876 9873 e86553 9872->9873 9873->9871 9874 e86555 9873->9874 9875 e8655b SizeofResource 9874->9875 9874->9876 9875->9876 9876->9754 9878 e87139 9877->9878 9882 e87168 9877->9882 9879 e86539 3 API calls 9878->9879 9880 e87146 9879->9880 9880->9882 9894 e8b61a 9880->9894 9882->9750 9884 e8736c 9883->9884 9885 e87371 9884->9885 9893 e864a0 RaiseException 9884->9893 9885->9869 9887 e87386 EnterCriticalSection 9889 e873a9 LeaveCriticalSection 9887->9889 9890 e873a0 9887->9890 9889->9869 9890->9889 9892 e87362 RaiseException 9890->9892 9892->9889 9893->9887 9895 e8b62b 9894->9895 9904 e8b627 9894->9904 9896 e8b632 9895->9896 9898 e8b645 _wmemset 9895->9898 9897 e8baf8 __freea 13 API calls 9896->9897 9899 e8b637 9897->9899 9901 e8b67f 9898->9901 9902 e8b676 9898->9902 9898->9904 9908 e8ba3a 9899->9908 9901->9904 9905 e8baf8 __freea 13 API calls 9901->9905 9903 e8baf8 __freea 13 API calls 9902->9903 9906 e8b67b 9903->9906 9904->9882 9905->9906 9907 e8ba3a ___std_exception_copy 34 API calls 9906->9907 9907->9904 9911 e8b986 9908->9911 9912 e8b998 ___std_exception_copy 9911->9912 9917 e8b9bd 9912->9917 9914 e8b9b0 9928 e8b776 9914->9928 9918 e8b9d4 9917->9918 9919 e8b9cd 9917->9919 9925 e8b9e2 9918->9925 9938 e8b7b2 9918->9938 9934 e8b7db GetLastError 9919->9934 9922 e8ba09 9922->9925 9941 e8ba4a IsProcessorFeaturePresent 9922->9941 9924 e8ba39 9926 e8b986 ___std_exception_copy 34 API calls 9924->9926 9925->9914 9927 e8ba46 9926->9927 9927->9914 9929 e8b782 9928->9929 9930 e8b799 9929->9930 9973 e8b821 9929->9973 9932 e8b7ac 9930->9932 9933 e8b821 ___std_exception_copy 34 API calls 9930->9933 9932->9904 9933->9932 9935 e8b7f4 9934->9935 9945 e8d442 9935->9945 9939 e8b7bd GetLastError SetLastError 9938->9939 9940 e8b7d6 9938->9940 9939->9922 9940->9922 9942 e8ba56 9941->9942 9967 e8b83e 9942->9967 9946 e8d45b 9945->9946 9947 e8d455 9945->9947 9948 e8e941 _unexpected 6 API calls 9946->9948 9966 e8b80c SetLastError 9946->9966 9949 e8e902 _unexpected 6 API calls 9947->9949 9950 e8d475 9948->9950 9949->9946 9951 e8d6d2 _unexpected 13 API calls 9950->9951 9950->9966 9952 e8d485 9951->9952 9953 e8d48d 9952->9953 9954 e8d4a2 9952->9954 9956 e8e941 _unexpected 6 API calls 9953->9956 9955 e8e941 _unexpected 6 API calls 9954->9955 9957 e8d4ae 9955->9957 9963 e8d499 9956->9963 9958 e8d4c1 9957->9958 9959 e8d4b2 9957->9959 9961 e8d06e _unexpected 13 API calls 9958->9961 9960 e8e941 _unexpected 6 API calls 9959->9960 9960->9963 9964 e8d4cc 9961->9964 9962 e8d52b __freea 13 API calls 9962->9966 9963->9962 9965 e8d52b __freea 13 API calls 9964->9965 9965->9966 9966->9918 9968 e8b85a CallCatchBlock 9967->9968 9969 e8b886 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9968->9969 9970 e8b957 CallCatchBlock 9969->9970 9971 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 9970->9971 9972 e8b975 GetCurrentProcess TerminateProcess 9971->9972 9972->9924 9974 e8b82b 9973->9974 9975 e8b834 9973->9975 9976 e8b7db ___std_exception_copy 15 API calls 9974->9976 9975->9930 9977 e8b830 9976->9977 9977->9975 9980 e8cd36 9977->9980 9981 e8eeb2 IsInExceptionSpec EnterCriticalSection 9980->9981 9982 e8cd3b 9981->9982 9983 e8cd46 9982->9983 9984 e8eef7 IsInExceptionSpec 33 API calls 9982->9984 9985 e8cd50 IsProcessorFeaturePresent 9983->9985 9986 e8cd6f 9983->9986 9984->9983 9988 e8cd5c 9985->9988 9987 e8bfc9 CallCatchBlock 15 API calls 9986->9987 9990 e8cd79 9987->9990 9989 e8b83e CallCatchBlock IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9988->9989 9989->9986 9992 e8682a 9991->9992 9992->9710 9994 e8b6d8 9993->9994 9995 e8b6e6 9993->9995 9994->9995 10000 e8b700 9994->10000 9996 e8baf8 __freea 13 API calls 9995->9996 9997 e8b6f0 9996->9997 9999 e8ba3a ___std_exception_copy 34 API calls 9997->9999 9998 e86b16 PathAppendW 9998->9692 9998->9697 9999->9998 10000->9998 10001 e8baf8 __freea 13 API calls 10000->10001 10001->9997 10003 e86878 10002->10003 10004 e86852 10002->10004 10012 e873ee 10003->10012 10004->10003 10005 e86859 GetFileAttributesExW 10004->10005 10005->10003 10009 e86a2b 10008->10009 10010 e86a1f 10008->10010 10011 e86a43 SHQueryValueExW 10009->10011 10010->9708 10011->10010 10013 e86885 10012->10013 10014 e873f7 IsProcessorFeaturePresent 10012->10014 10013->9700 10013->9701 10016 e87acb 10014->10016 10018 e8be5d 10017->10018 10026 e8be6e 10017->10026 10019 e87d04 CallCatchBlock GetModuleHandleW 10018->10019 10021 e8be62 10019->10021 10021->10026 10039 e8bf1a GetModuleHandleExW 10021->10039 10022 e8bea6 10023 e87a78 10022->10023 10032 e8bec7 10022->10032 10023->9654 10028 e8bcd9 10026->10028 10027 e8bec1 10029 e8bce5 CallCatchBlock 10028->10029 10045 e8d642 EnterCriticalSection 10029->10045 10031 e8bcef CallCatchBlock 10031->10022 10046 e8bef8 10032->10046 10035 e8bee5 10037 e8bf1a CallCatchBlock 3 API calls 10035->10037 10036 e8bed5 GetCurrentProcess TerminateProcess 10036->10035 10038 e8beed ExitProcess 10037->10038 10040 e8bf59 GetProcAddress 10039->10040 10041 e8bf7a 10039->10041 10040->10041 10042 e8bf6d 10040->10042 10043 e8bf89 10041->10043 10044 e8bf80 FreeLibrary 10041->10044 10042->10041 10043->10026 10044->10043 10045->10031 10051 e8d6a1 GetPEB 10046->10051 10049 e8bf02 GetPEB 10050 e8bed1 10049->10050 10050->10035 10050->10036 10052 e8befd 10051->10052 10053 e8d6bb 10051->10053 10052->10049 10052->10050 10055 e8e844 10053->10055 10058 e8e7c1 10055->10058 10057 e8e860 10057->10052 10059 e8e7ef 10058->10059 10063 e8e7eb _unexpected 10058->10063 10059->10063 10064 e8e6f6 10059->10064 10062 e8e809 GetProcAddress 10062->10063 10063->10057 10070 e8e707 ___vcrt_FlsSetValue 10064->10070 10065 e8e79d 10065->10062 10065->10063 10066 e8e725 LoadLibraryExW 10067 e8e740 GetLastError 10066->10067 10068 e8e7a4 10066->10068 10067->10070 10068->10065 10069 e8e7b6 FreeLibrary 10068->10069 10069->10065 10070->10065 10070->10066 10071 e8e773 LoadLibraryExW 10070->10071 10071->10068 10071->10070 10073 e8d25c 10072->10073 10074 e8d256 10072->10074 10078 e8d260 SetLastError 10073->10078 10104 e8e941 10073->10104 10099 e8e902 10074->10099 10082 e8ccac 10078->10082 10083 e8d2f5 10078->10083 10081 e8d28d 10084 e8d295 10081->10084 10085 e8d2a6 10081->10085 10082->9641 10086 e8cd36 IsInExceptionSpec 34 API calls 10083->10086 10087 e8e941 _unexpected 6 API calls 10084->10087 10088 e8e941 _unexpected 6 API calls 10085->10088 10089 e8d2fa 10086->10089 10090 e8d2a3 10087->10090 10091 e8d2b2 10088->10091 10096 e8d52b __freea 13 API calls 10090->10096 10092 e8d2cd 10091->10092 10093 e8d2b6 10091->10093 10116 e8d06e 10092->10116 10095 e8e941 _unexpected 6 API calls 10093->10095 10095->10090 10096->10078 10098 e8d52b __freea 13 API calls 10098->10078 10100 e8e7c1 _unexpected 5 API calls 10099->10100 10101 e8e91e 10100->10101 10102 e8e939 TlsGetValue 10101->10102 10103 e8e927 10101->10103 10103->10073 10105 e8e7c1 _unexpected 5 API calls 10104->10105 10106 e8e95d 10105->10106 10107 e8e97b TlsSetValue 10106->10107 10108 e8d278 10106->10108 10108->10078 10109 e8d6d2 10108->10109 10115 e8d6df _unexpected 10109->10115 10110 e8d71f 10112 e8baf8 __freea 12 API calls 10110->10112 10111 e8d70a HeapAlloc 10113 e8d71d 10111->10113 10111->10115 10112->10113 10113->10081 10115->10110 10115->10111 10121 e8ed5b 10115->10121 10129 e8cf02 10116->10129 10118 e8d0dc 10133 e8d014 10118->10133 10120 e8d105 10120->10098 10124 e8ed88 10121->10124 10123 e8ed66 10123->10115 10125 e8ed94 CallCatchBlock 10124->10125 10128 e8d642 EnterCriticalSection 10125->10128 10127 e8ed9f _unexpected 10127->10123 10128->10127 10130 e8cf0e CallCatchBlock 10129->10130 10139 e8d642 EnterCriticalSection 10130->10139 10132 e8cf18 _unexpected 10132->10118 10134 e8d020 CallCatchBlock 10133->10134 10140 e8d642 EnterCriticalSection 10134->10140 10136 e8d02a 10141 e8d1f5 10136->10141 10138 e8d042 _unexpected 10138->10120 10139->10132 10140->10136 10142 e8d22b _unexpected 10141->10142 10143 e8d204 _unexpected 10141->10143 10142->10138 10143->10142 10145 e8fd0a 10143->10145 10146 e8fd8a 10145->10146 10149 e8fd20 10145->10149 10147 e8fdd8 10146->10147 10150 e8d52b __freea 13 API calls 10146->10150 10213 e8fe7b 10147->10213 10149->10146 10151 e8fd53 10149->10151 10156 e8d52b __freea 13 API calls 10149->10156 10152 e8fdac 10150->10152 10153 e8fd75 10151->10153 10161 e8d52b __freea 13 API calls 10151->10161 10154 e8d52b __freea 13 API calls 10152->10154 10155 e8d52b __freea 13 API calls 10153->10155 10157 e8fdbf 10154->10157 10158 e8fd7f 10155->10158 10160 e8fd48 10156->10160 10162 e8d52b __freea 13 API calls 10157->10162 10163 e8d52b __freea 13 API calls 10158->10163 10159 e8fe46 10164 e8d52b __freea 13 API calls 10159->10164 10173 e8f858 10160->10173 10166 e8fd6a 10161->10166 10167 e8fdcd 10162->10167 10163->10146 10171 e8fe4c 10164->10171 10201 e8f956 10166->10201 10169 e8d52b __freea 13 API calls 10167->10169 10169->10147 10170 e8d52b 13 API calls __freea 10172 e8fde6 10170->10172 10171->10142 10172->10159 10172->10170 10174 e8f869 10173->10174 10200 e8f952 10173->10200 10175 e8f87a 10174->10175 10176 e8d52b __freea 13 API calls 10174->10176 10177 e8f88c 10175->10177 10179 e8d52b __freea 13 API calls 10175->10179 10176->10175 10178 e8f89e 10177->10178 10180 e8d52b __freea 13 API calls 10177->10180 10181 e8f8b0 10178->10181 10182 e8d52b __freea 13 API calls 10178->10182 10179->10177 10180->10178 10183 e8f8c2 10181->10183 10184 e8d52b __freea 13 API calls 10181->10184 10182->10181 10185 e8f8d4 10183->10185 10187 e8d52b __freea 13 API calls 10183->10187 10184->10183 10186 e8f8e6 10185->10186 10188 e8d52b __freea 13 API calls 10185->10188 10189 e8f8f8 10186->10189 10190 e8d52b __freea 13 API calls 10186->10190 10187->10185 10188->10186 10191 e8d52b __freea 13 API calls 10189->10191 10193 e8f90a 10189->10193 10190->10189 10191->10193 10192 e8f91c 10194 e8f92e 10192->10194 10196 e8d52b __freea 13 API calls 10192->10196 10193->10192 10195 e8d52b __freea 13 API calls 10193->10195 10197 e8f940 10194->10197 10198 e8d52b __freea 13 API calls 10194->10198 10195->10192 10196->10194 10199 e8d52b __freea 13 API calls 10197->10199 10197->10200 10198->10197 10199->10200 10200->10151 10202 e8f9bb 10201->10202 10203 e8f963 10201->10203 10202->10153 10204 e8f973 10203->10204 10205 e8d52b __freea 13 API calls 10203->10205 10206 e8f985 10204->10206 10208 e8d52b __freea 13 API calls 10204->10208 10205->10204 10207 e8f997 10206->10207 10209 e8d52b __freea 13 API calls 10206->10209 10210 e8f9a9 10207->10210 10211 e8d52b __freea 13 API calls 10207->10211 10208->10206 10209->10207 10210->10202 10212 e8d52b __freea 13 API calls 10210->10212 10211->10210 10212->10202 10214 e8fe88 _unexpected 10213->10214 10216 e8fea7 10213->10216 10215 e8d52b __freea 13 API calls 10214->10215 10214->10216 10215->10216 10216->10172 10218 e8c9d5 10217->10218 10219 e8c9e7 ___scrt_uninitialize_crt 10217->10219 10220 e8c9e3 10218->10220 10228 e8f395 10218->10228 10219->9651 10220->9651 10223 e877ea 10222->10223 10224 e89762 10222->10224 10360 e89bf7 10224->10360 10231 e8f222 10228->10231 10234 e8f176 10231->10234 10233 e8f261 10233->10220 10235 e8f182 CallCatchBlock 10234->10235 10240 e8d642 EnterCriticalSection 10235->10240 10237 e8f1f8 ___scrt_uninitialize_crt 10237->10233 10238 e8f18c ___scrt_uninitialize_crt 10238->10237 10241 e8f0ea 10238->10241 10240->10238 10242 e8f0f6 CallCatchBlock 10241->10242 10249 e8f4b2 EnterCriticalSection 10242->10249 10244 e8f100 ___scrt_uninitialize_crt 10245 e8f14c 10244->10245 10250 e8f330 10244->10250 10263 e8f16a 10245->10263 10249->10244 10251 e8f345 ___std_exception_copy 10250->10251 10252 e8f34c 10251->10252 10253 e8f357 10251->10253 10254 e8f222 ___scrt_uninitialize_crt 53 API calls 10252->10254 10266 e8f2c7 10253->10266 10256 e8f352 10254->10256 10258 e8b776 ___std_exception_copy 34 API calls 10256->10258 10260 e8f38f 10258->10260 10260->10245 10261 e8f378 10279 e90f24 10261->10279 10359 e8f4c6 LeaveCriticalSection 10263->10359 10265 e8f158 10265->10238 10267 e8f307 10266->10267 10268 e8f2e0 10266->10268 10267->10256 10272 e9065c 10267->10272 10268->10267 10269 e9065c ___scrt_uninitialize_crt 34 API calls 10268->10269 10270 e8f2fc 10269->10270 10290 e9174f 10270->10290 10273 e90668 10272->10273 10274 e9067d 10272->10274 10275 e8baf8 __freea 13 API calls 10273->10275 10274->10261 10276 e9066d 10275->10276 10277 e8ba3a ___std_exception_copy 34 API calls 10276->10277 10278 e90678 10277->10278 10278->10261 10280 e90f42 10279->10280 10281 e90f35 10279->10281 10283 e90f8b 10280->10283 10285 e90f69 10280->10285 10282 e8baf8 __freea 13 API calls 10281->10282 10289 e90f3a 10282->10289 10284 e8baf8 __freea 13 API calls 10283->10284 10286 e90f90 10284->10286 10326 e90e82 10285->10326 10288 e8ba3a ___std_exception_copy 34 API calls 10286->10288 10288->10289 10289->10256 10291 e9175b CallCatchBlock 10290->10291 10292 e9181f 10291->10292 10294 e917b0 10291->10294 10300 e91763 10291->10300 10293 e8b9bd ___std_exception_copy 34 API calls 10292->10293 10293->10300 10301 e8f701 EnterCriticalSection 10294->10301 10296 e917b6 10297 e917d3 10296->10297 10302 e91857 10296->10302 10323 e91817 10297->10323 10300->10267 10301->10296 10303 e9187c 10302->10303 10321 e9189f ___scrt_uninitialize_crt 10302->10321 10304 e91880 10303->10304 10307 e918de ___scrt_uninitialize_crt 10303->10307 10305 e8b9bd ___std_exception_copy 34 API calls 10304->10305 10305->10321 10306 e913db ___scrt_uninitialize_crt 37 API calls 10308 e918ff 10306->10308 10307->10306 10309 e91945 10308->10309 10310 e91905 10308->10310 10311 e91959 10309->10311 10312 e919a8 WriteFile 10309->10312 10314 e90fa1 ___scrt_uninitialize_crt 37 API calls 10310->10314 10310->10321 10315 e91961 10311->10315 10316 e91996 10311->10316 10313 e919ca GetLastError 10312->10313 10312->10321 10313->10321 10314->10321 10318 e91984 10315->10318 10320 e91966 10315->10320 10317 e91459 ___scrt_uninitialize_crt IsProcessorFeaturePresent WriteFile GetLastError 10316->10317 10317->10321 10319 e9161d ___scrt_uninitialize_crt IsProcessorFeaturePresent WideCharToMultiByte WriteFile GetLastError 10318->10319 10319->10321 10320->10321 10322 e91534 ___scrt_uninitialize_crt IsProcessorFeaturePresent WriteFile GetLastError 10320->10322 10321->10297 10322->10321 10324 e8f724 ___scrt_uninitialize_crt LeaveCriticalSection 10323->10324 10325 e9181d 10324->10325 10325->10300 10327 e90e8e CallCatchBlock 10326->10327 10339 e8f701 EnterCriticalSection 10327->10339 10329 e90e9d 10337 e90ee2 10329->10337 10340 e8f7d8 10329->10340 10331 e8baf8 __freea 13 API calls 10333 e90ee9 10331->10333 10332 e90ec9 FlushFileBuffers 10332->10333 10334 e90ed5 GetLastError 10332->10334 10356 e90f18 10333->10356 10353 e8bae5 10334->10353 10337->10331 10339->10329 10341 e8f7fa 10340->10341 10342 e8f7e5 10340->10342 10344 e8bae5 ___scrt_uninitialize_crt 13 API calls 10341->10344 10346 e8f81f 10341->10346 10343 e8bae5 ___scrt_uninitialize_crt 13 API calls 10342->10343 10345 e8f7ea 10343->10345 10347 e8f82a 10344->10347 10348 e8baf8 __freea 13 API calls 10345->10348 10346->10332 10349 e8baf8 __freea 13 API calls 10347->10349 10350 e8f7f2 10348->10350 10351 e8f832 10349->10351 10350->10332 10352 e8ba3a ___std_exception_copy 34 API calls 10351->10352 10352->10350 10354 e8d391 IsInExceptionSpec 13 API calls 10353->10354 10355 e8baea 10354->10355 10355->10337 10357 e8f724 ___scrt_uninitialize_crt LeaveCriticalSection 10356->10357 10358 e90f01 10357->10358 10358->10289 10359->10265 10361 e89c01 10360->10361 10363 e89767 10360->10363 10368 e89f35 10361->10368 10364 e89c4e 10363->10364 10365 e89c78 10364->10365 10366 e89c59 10364->10366 10365->10223 10367 e89c63 DeleteCriticalSection 10366->10367 10367->10365 10367->10367 10373 e89eb1 10368->10373 10371 e89f67 TlsFree 10372 e89f5b 10371->10372 10372->10363 10374 e89ec9 10373->10374 10375 e89eec 10373->10375 10374->10375 10379 e89e17 10374->10379 10375->10371 10375->10372 10378 e89ede GetProcAddress 10378->10375 10385 e89e23 ___vcrt_FlsSetValue 10379->10385 10380 e89e39 LoadLibraryExW 10382 e89e9e 10380->10382 10383 e89e57 GetLastError 10380->10383 10381 e89e97 10381->10375 10381->10378 10382->10381 10384 e89ea6 FreeLibrary 10382->10384 10383->10385 10384->10381 10385->10380 10385->10381 10386 e89e79 LoadLibraryExW 10385->10386 10386->10382 10386->10385 10841 e83857 10938 e8ed5f 10841->10938 10843 e8385f 10941 e90c6f 10843->10941 10845 e8386f 10965 e91787 10845->10965 10849 e8388f 10980 e906a7 10849->10980 10851 e838a7 10988 e913b7 10851->10988 10855 e838c7 10860 e83957 10855->10860 11004 e8e73f GetLastError 10855->11004 10857 e8393f 11012 e8ef4f 10857->11012 11034 e8e8a7 10860->11034 10863 e839a7 10870 e839e7 10863->10870 11037 e847e7 10863->11037 10866 e83a3f 11057 e87957 10866->11057 11044 e8743f 10870->11044 10871 e83ac7 11090 e8bed7 TerminateProcess 10871->11090 10873 e83a5f 10873->10871 11086 e8a187 10873->11086 10939 e8ed88 _unexpected EnterCriticalSection 10938->10939 10940 e8ed66 10938->10940 10939->10940 10940->10843 10942 e90c75 10941->10942 10942->10942 10943 e90c8c 10942->10943 11094 e8e50a 10942->11094 10945 e90ccd 10943->10945 11098 e8e9ce 10943->11098 10947 e8fc6d __freea 13 API calls 10945->10947 10949 e90d99 10947->10949 10953 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10949->10953 10950 e90cbe 10950->10945 10956 e8e9ce 6 API calls 10950->10956 10951 e90cf6 10952 e90d81 10951->10952 10958 e90d08 __alloca_probe_16 10951->10958 11104 e8fac8 10951->11104 10955 e8fc6d __freea 13 API calls 10952->10955 10954 e90dac 10953->10954 10954->10845 10955->10945 10956->10945 10958->10952 10959 e8e9ce 6 API calls 10958->10959 10960 e90d4b 10959->10960 10960->10952 10961 e8e586 ___scrt_uninitialize_crt WideCharToMultiByte 10960->10961 10962 e90d65 10961->10962 10962->10952 10963 e90d6e 10962->10963 11111 e8fc6d 10963->11111 10966 e9181f 10965->10966 10967 e91792 10965->10967 10969 e8b9bd ___std_exception_copy 34 API calls 10966->10969 10967->10966 10968 e917b0 10967->10968 11124 e8f701 EnterCriticalSection 10968->11124 10975 e83887 10969->10975 10971 e917b6 10972 e917d3 10971->10972 10973 e91857 ___scrt_uninitialize_crt 47 API calls 10971->10973 10974 e91817 ___scrt_uninitialize_crt LeaveCriticalSection 10972->10974 10973->10972 10974->10975 10976 e8cb8f 10975->10976 10977 e8cb82 10976->10977 10977->10976 10979 e8cba1 10977->10979 11125 e8ffd7 10977->11125 10979->10849 10981 e906ca 10980->10981 10982 e8baf8 __freea 13 API calls 10981->10982 10987 e906de 10981->10987 10984 e906d3 10982->10984 10983 e90706 10985 e8ba3a ___std_exception_copy 34 API calls 10984->10985 10984->10987 10985->10987 10986 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10986->10987 10987->10851 10987->10983 10987->10986 10989 e913cc GetLastError 10988->10989 10992 e91395 10988->10992 10990 e838b7 10989->10990 10993 e911c7 10990->10993 10991 e91f4c CreateFileW CloseHandle WriteConsoleW GetLastError WriteConsoleW 10991->10992 10992->10988 10992->10989 10992->10990 10992->10991 11002 e91046 10993->11002 10994 e90529 37 API calls 10994->11002 10995 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10996 e9136c 10995->10996 10996->10855 10997 e8e586 ___scrt_uninitialize_crt WideCharToMultiByte 10997->11002 10998 e91252 WriteFile 10999 e9134a GetLastError 10998->10999 10998->11002 11001 e912d7 10999->11001 11000 e91292 WriteFile 11000->10999 11000->11002 11001->10995 11002->10993 11002->10994 11002->10997 11002->10998 11002->11000 11002->11001 11003 e91d87 IsProcessorFeaturePresent 11002->11003 11003->11002 11006 e8e707 ___vcrt_FlsSetValue 11004->11006 11005 e8e79d 11005->10857 11006->11005 11007 e8e725 LoadLibraryExW 11006->11007 11010 e8e773 LoadLibraryExW 11006->11010 11008 e8e740 GetLastError 11007->11008 11009 e8e7a4 11007->11009 11008->11006 11009->11005 11011 e8e7b6 FreeLibrary 11009->11011 11010->11006 11010->11009 11011->11005 11013 e8ef91 11012->11013 11014 e8efa3 11013->11014 11129 e8d642 EnterCriticalSection 11013->11129 11016 e8efe5 11014->11016 11017 e8f0d6 IsInExceptionSpec 11014->11017 11019 e8f014 11014->11019 11016->11019 11020 e8d240 _unexpected 36 API calls 11016->11020 11018 e8bfc9 CallCatchBlock 15 API calls 11017->11018 11021 e8f0e9 11018->11021 11023 e8d240 _unexpected 36 API calls 11019->11023 11025 e8f069 11019->11025 11027 e8394f 11019->11027 11022 e8f009 11020->11022 11024 e8d240 _unexpected 36 API calls 11022->11024 11023->11025 11024->11019 11026 e8d240 _unexpected 36 API calls 11025->11026 11025->11027 11026->11027 11028 e8f557 11027->11028 11030 e8f556 11028->11030 11029 e8f508 11029->10860 11030->11029 11031 e8baf8 __freea 13 API calls 11030->11031 11032 e8f500 11031->11032 11033 e8ba3a ___std_exception_copy 34 API calls 11032->11033 11033->11029 11035 e8e8b8 TlsAlloc 11034->11035 11036 e8e8a9 11034->11036 11035->11036 11036->10863 11039 e847b3 11037->11039 11038 e8480e 11038->10870 11039->11037 11039->11038 11130 e866ab 11039->11130 11041 e848ab 11138 e86c13 11041->11138 11045 e87439 11044->11045 11046 e87457 GetProcAddress GetProcAddress 11044->11046 11045->11044 11051 e8744b GetModuleHandleW 11045->11051 11047 e87475 11046->11047 11048 e87487 CreateEventW 11046->11048 11047->11048 11050 e87479 11047->11050 11049 e8749d 11048->11049 11048->11050 11052 e87bb0 4 API calls 11049->11052 11050->10866 11051->11045 11053 e87450 11051->11053 11054 e874a4 DeleteCriticalSection 11052->11054 11053->11046 11053->11049 11055 e874b9 CloseHandle 11054->11055 11056 e874c0 11054->11056 11055->11056 11056->10866 11058 e87972 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallCatchBlock 11057->11058 11073 e83a57 11057->11073 11059 e87ccb GetStartupInfoW 11058->11059 11060 e879e8 11059->11060 11061 e86c1e 70 API calls 11060->11061 11062 e879fd 11061->11062 11063 e87d04 CallCatchBlock GetModuleHandleW 11062->11063 11064 e87a04 11063->11064 11065 e87a08 11064->11065 11066 e87a72 11064->11066 11067 e87a11 11065->11067 11069 e8bfba 15 API calls 11065->11069 11068 e8c006 15 API calls 11066->11068 11070 e877c8 ___scrt_uninitialize_crt 60 API calls 11067->11070 11071 e87a78 11068->11071 11069->11067 11070->11073 11072 e8bfc9 CallCatchBlock 15 API calls 11071->11072 11074 e87a80 11072->11074 11075 e8c35f 11073->11075 11076 e8c371 11075->11076 11077 e8c365 11075->11077 11142 e8c3a2 11076->11142 11079 e8d52b __freea 13 API calls 11077->11079 11080 e8c36b 11079->11080 11080->10873 11082 e8d52b __freea 13 API calls 11083 e8c395 11082->11083 11084 e8d52b __freea 13 API calls 11083->11084 11085 e8c39b 11084->11085 11085->10873 11087 e8a18a CallCatchBlock 11086->11087 11088 e89b24 CallCatchBlock 44 API calls 11087->11088 11089 e8a1ce 11088->11089 11091 e8bee5 11090->11091 11092 e8bf1a CallCatchBlock 3 API calls 11091->11092 11093 e8beed ExitProcess 11092->11093 11095 e8e51b MultiByteToWideChar 11094->11095 11097 e8e57f 11095->11097 11097->10943 11115 e8e6c2 11098->11115 11102 e8e9df 11102->10945 11102->10950 11102->10951 11103 e8ea1f LCMapStringW 11103->11102 11105 e8fb06 11104->11105 11110 e8fad6 _unexpected 11104->11110 11107 e8baf8 __freea 13 API calls 11105->11107 11106 e8faf1 HeapAlloc 11108 e8fb04 11106->11108 11106->11110 11107->11108 11108->10958 11109 e8ed5b _unexpected EnterCriticalSection 11109->11110 11110->11105 11110->11106 11110->11109 11112 e8fc79 11111->11112 11113 e8fc8a 11111->11113 11112->11113 11114 e8d52b __freea 13 API calls 11112->11114 11113->10945 11114->11113 11116 e8e7c1 _unexpected 5 API calls 11115->11116 11117 e8e6d8 11116->11117 11117->11102 11118 e8ea2b 11117->11118 11121 e8e6dc 11118->11121 11120 e8ea36 11120->11103 11122 e8e7c1 _unexpected 5 API calls 11121->11122 11123 e8e6f2 11122->11123 11123->11120 11124->10971 11126 e8fff2 11125->11126 11127 e8ffe5 _unexpected 11125->11127 11126->10977 11127->11126 11128 e8fd0a _unexpected 13 API calls 11127->11128 11128->11126 11129->11014 11131 e86666 11130->11131 11132 e86678 11131->11132 11133 e8750b 2 API calls 11131->11133 11132->11041 11134 e866cd 11133->11134 11134->11132 11135 e8781d 37 API calls 11134->11135 11136 e8671a 11135->11136 11141 e874c1 EnterCriticalSection 11136->11141 11139 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11138->11139 11140 e84913 11139->11140 11145 e8c3c1 11142->11145 11143 e8d6d2 _unexpected 13 API calls 11144 e8c401 11143->11144 11146 e8c409 11144->11146 11152 e8c413 11144->11152 11145->11143 11145->11145 11147 e8d52b __freea 13 API calls 11146->11147 11149 e8c378 11147->11149 11148 e8c488 11150 e8d52b __freea 13 API calls 11148->11150 11149->11082 11150->11149 11151 e8d6d2 _unexpected 13 API calls 11151->11152 11152->11148 11152->11151 11153 e8c498 11152->11153 11155 e8b6ca 34 API calls 11152->11155 11158 e8c4b3 11152->11158 11161 e8d52b __freea 13 API calls 11152->11161 11164 e8c4c0 11153->11164 11155->11152 11157 e8d52b __freea 13 API calls 11159 e8c4a6 11157->11159 11160 e8ba4a ___std_exception_copy 7 API calls 11158->11160 11162 e8d52b __freea 13 API calls 11159->11162 11163 e8c4bf 11160->11163 11161->11152 11162->11149 11165 e8c49e 11164->11165 11166 e8c4cd 11164->11166 11165->11157 11167 e8c4e4 11166->11167 11168 e8d52b __freea 13 API calls 11166->11168 11169 e8d52b __freea 13 API calls 11167->11169 11168->11166 11169->11165 11170 e8ae28 11173 e8af9f 11170->11173 11172 e8ae30 11174 e8afe5 11173->11174 11175 e8afaf 11173->11175 11174->11172 11175->11174 11176 e89b24 CallCatchBlock 44 API calls 11175->11176 11177 e8afdb 11176->11177 11177->11172 11572 e909a9 11573 e906de 11572->11573 11574 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11573->11574 11574->11573 11798 e90929 11800 e906de 11798->11800 11799 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11799->11800 11800->11799 11800->11800 10504 e8a2a9 10505 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10504->10505 10506 e8a2bb 10505->10506 10509 e8abde 10506->10509 10510 e8abec ___except_validate_context_record 10509->10510 10513 e89b24 10510->10513 10527 e89b32 10513->10527 10515 e89b29 10516 e89b31 10515->10516 10541 e8eeb2 10515->10541 10519 e8cd46 10521 e8cd50 IsProcessorFeaturePresent 10519->10521 10522 e8cd6f 10519->10522 10524 e8cd5c 10521->10524 10523 e8bfc9 CallCatchBlock 15 API calls 10522->10523 10526 e8cd79 10523->10526 10525 e8b83e CallCatchBlock 4 API calls 10524->10525 10525->10522 10528 e89b3b 10527->10528 10529 e89b3e GetLastError 10527->10529 10528->10515 10552 e89f70 10529->10552 10532 e89b72 10533 e89bb8 SetLastError 10532->10533 10533->10515 10535 e89b6c CallCatchBlock 10535->10532 10536 e89b94 10535->10536 10538 e89fab ___vcrt_FlsSetValue 6 API calls 10535->10538 10537 e89fab ___vcrt_FlsSetValue 6 API calls 10536->10537 10539 e89ba8 10536->10539 10537->10539 10538->10536 10540 e8bb0b ___vcrt_freefls@4 13 API calls 10539->10540 10540->10532 10562 e8ede4 10541->10562 10543 e8cd3b 10543->10519 10544 e8eef7 10543->10544 10545 e8ef03 IsInExceptionSpec CallCatchBlock 10544->10545 10547 e8ef58 IsInExceptionSpec 10545->10547 10567 e8d391 GetLastError 10545->10567 10548 e8ef61 10547->10548 10549 e8baf8 __freea 13 API calls 10547->10549 10548->10519 10550 e8ef7c 10549->10550 10551 e8ba3a ___std_exception_copy 34 API calls 10550->10551 10551->10548 10553 e89eb1 ___vcrt_FlsSetValue 5 API calls 10552->10553 10554 e89f8a 10553->10554 10555 e89fa2 TlsGetValue 10554->10555 10556 e89b53 10554->10556 10555->10556 10556->10532 10556->10533 10557 e89fab 10556->10557 10558 e89eb1 ___vcrt_FlsSetValue 5 API calls 10557->10558 10559 e89fc5 10558->10559 10560 e89fe0 TlsSetValue 10559->10560 10561 e89fd4 10559->10561 10560->10561 10561->10535 10563 e8edf0 CallCatchBlock 10562->10563 10566 e8d642 EnterCriticalSection 10563->10566 10565 e8edfe IsInExceptionSpec 10565->10543 10566->10565 10568 e8d3ad 10567->10568 10569 e8d3a7 10567->10569 10571 e8e941 _unexpected 6 API calls 10568->10571 10587 e8d3b1 SetLastError 10568->10587 10570 e8e902 _unexpected 6 API calls 10569->10570 10570->10568 10572 e8d3c9 10571->10572 10574 e8d6d2 _unexpected 11 API calls 10572->10574 10572->10587 10575 e8d3de 10574->10575 10576 e8d3e6 10575->10576 10577 e8d3f7 10575->10577 10578 e8e941 _unexpected 6 API calls 10576->10578 10579 e8e941 _unexpected 6 API calls 10577->10579 10580 e8d3f4 10578->10580 10581 e8d403 10579->10581 10586 e8d52b __freea 11 API calls 10580->10586 10582 e8d41e 10581->10582 10583 e8d407 10581->10583 10584 e8d06e _unexpected 11 API calls 10582->10584 10585 e8e941 _unexpected 6 API calls 10583->10585 10588 e8d429 10584->10588 10585->10580 10586->10587 10587->10547 10589 e8d52b __freea 11 API calls 10588->10589 10589->10587 10590 e944aa 10591 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 10590->10591 10592 e944bb 10591->10592 11178 e8662d 11181 e86596 11178->11181 11180 e86638 _AnonymousOriginator 11182 e865b1 11181->11182 11183 e865a2 11181->11183 11182->11180 11183->11182 11184 e865a8 HeapDestroy 11183->11184 11184->11182 11801 e9212f 11802 e92138 11801->11802 11803 e921de 11802->11803 11806 e9215f 11802->11806 11804 e932d7 15 API calls 11803->11804 11807 e921ee 11804->11807 11805 e93200 11806->11805 11808 e932d7 15 API calls 11806->11808 11809 e931fe 11808->11809 11810 e89d20 11811 e89d32 11810->11811 11813 e89d40 11810->11813 11812 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11811->11812 11812->11813 10593 e8eaa6 GetProcessHeap 11185 e8ec27 11186 e8ec33 CallCatchBlock 11185->11186 11195 e8d642 EnterCriticalSection 11186->11195 11188 e8ec3a 11196 e8f663 11188->11196 11190 e8ec49 11194 e8ec58 11190->11194 11207 e8eac1 GetStartupInfoW 11190->11207 11195->11188 11197 e8f66f CallCatchBlock 11196->11197 11198 e8f678 11197->11198 11199 e8f699 11197->11199 11201 e8baf8 __freea 13 API calls 11198->11201 11218 e8d642 EnterCriticalSection 11199->11218 11202 e8f67d 11201->11202 11203 e8ba3a ___std_exception_copy 34 API calls 11202->11203 11204 e8f687 11203->11204 11204->11190 11206 e8f6a5 11206->11204 11219 e8f5b3 11206->11219 11208 e8eade 11207->11208 11209 e8eb72 11207->11209 11208->11209 11210 e8f663 34 API calls 11208->11210 11213 e8eb77 11209->11213 11211 e8eb06 11210->11211 11211->11209 11212 e8eb36 GetFileType 11211->11212 11212->11211 11217 e8eb7e 11213->11217 11214 e8ebc1 GetStdHandle 11214->11217 11215 e8ec23 11215->11194 11216 e8ebd4 GetFileType 11216->11217 11217->11214 11217->11215 11217->11216 11218->11206 11220 e8d6d2 _unexpected 13 API calls 11219->11220 11221 e8f5c5 11220->11221 11222 e8f5e0 11221->11222 11223 e8d52b __freea 13 API calls 11221->11223 11224 e8f627 11223->11224 11224->11206 11225 e8be27 11226 e8cc9b _unexpected 36 API calls 11225->11226 11227 e8be2f 11226->11227 11814 e87b27 11817 e87a8e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 11814->11817 11816 e87bae 11817->11816 11228 e87a3a 11229 e87d04 CallCatchBlock GetModuleHandleW 11228->11229 11230 e87a42 11229->11230 11231 e87a78 11230->11231 11232 e87a46 11230->11232 11233 e8bfc9 CallCatchBlock 15 API calls 11231->11233 11234 e87a51 11232->11234 11237 e8bfab 11232->11237 11235 e87a80 11233->11235 11238 e8be30 CallCatchBlock 15 API calls 11237->11238 11239 e8bfb6 11238->11239 11239->11234 11818 e8a53a 11819 e8a551 11818->11819 11820 e8cd36 IsInExceptionSpec 34 API calls 11819->11820 11821 e8a556 CallCatchBlock 11820->11821 11824 e8a419 11821->11824 11823 e8a58b ___AdjustPointer 11825 e8a425 CallCatchBlock 11824->11825 11826 e8cd36 IsInExceptionSpec 34 API calls 11825->11826 11827 e8a4a0 ___AdjustPointer 11825->11827 11828 e8a556 CallCatchBlock 11826->11828 11827->11823 11829 e8a419 34 API calls 11828->11829 11830 e8a58b ___AdjustPointer 11829->11830 11830->11823 11831 e9453b 11832 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11831->11832 11833 e9454f 11832->11833 11834 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11833->11834 11835 e94559 11834->11835 10594 e8c8bd 10595 e8d52b __freea 13 API calls 10594->10595 10596 e8c8cb 10595->10596 10597 e8d52b __freea 13 API calls 10596->10597 10598 e8c8de 10597->10598 10599 e8d52b __freea 13 API calls 10598->10599 10600 e8c8ef 10599->10600 10601 e8d52b __freea 13 API calls 10600->10601 10602 e8c900 10601->10602 11836 e8ad3f 11837 e8b2b7 ___std_exception_destroy 13 API calls 11836->11837 11838 e8ad4e 11837->11838 11575 e897b0 11576 e897ce CallCatchBlock 11575->11576 11587 e89770 11576->11587 11588 e8978f 11587->11588 11589 e89782 11587->11589 11590 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11589->11590 11590->11588 11240 e92a30 11243 e92a4e 11240->11243 11242 e92a46 11247 e92a53 11243->11247 11246 e92ae8 11246->11242 11247->11246 11248 e93313 11247->11248 11249 e93326 DecodePointer 11248->11249 11250 e93336 11248->11250 11249->11250 11251 e9337a 11250->11251 11252 e93365 11250->11252 11253 e92c7f 11250->11253 11251->11253 11255 e8baf8 __freea 13 API calls 11251->11255 11252->11253 11254 e8baf8 __freea 13 API calls 11252->11254 11253->11242 11254->11253 11255->11253 11256 e8ae32 11257 e89b24 CallCatchBlock 44 API calls 11256->11257 11258 e8ae3a __FrameHandler3::FrameUnwindToState 11257->11258 11263 e8b001 11258->11263 11264 e8b00d __FrameHandler3::FrameUnwindToState CallCatchBlock 11263->11264 11265 e89b24 CallCatchBlock 44 API calls 11264->11265 11266 e8b028 11265->11266 11591 e865b2 HeapAlloc 11839 e8c934 11842 e8c525 11839->11842 11841 e8c939 11843 e8c531 __EH_prolog3 11842->11843 11852 e8c4ef 11843->11852 11848 e8c4c0 13 API calls 11849 e8c55d 11848->11849 11850 e8c4c0 13 API calls 11849->11850 11851 e8c568 11850->11851 11851->11841 11853 e8c507 11852->11853 11854 e8c501 11852->11854 11856 e8c50a 11853->11856 11855 e8c4c0 13 API calls 11854->11855 11855->11853 11857 e8c51c 11856->11857 11858 e8c522 11856->11858 11859 e8c4c0 13 API calls 11857->11859 11858->11848 11859->11858 11860 e89b08 11861 e89b1f 11860->11861 11862 e89b12 11860->11862 11862->11861 11863 e8bb0b ___vcrt_freefls@4 13 API calls 11862->11863 11863->11861 10603 e8b08d 10604 e8b02f 10603->10604 10604->10603 10605 e8b0a8 10604->10605 10610 e8b0cf 10604->10610 10607 e8cd36 IsInExceptionSpec 34 API calls 10605->10607 10608 e8b0ad 10605->10608 10609 e8b0e8 10607->10609 10611 e89b24 CallCatchBlock 44 API calls 10610->10611 10612 e8b0d4 10611->10612 10613 e89b24 CallCatchBlock 44 API calls 10612->10613 10614 e8b0df 10612->10614 10613->10614 10614->10605 10615 e8d68f LeaveCriticalSection 10616 e86480 10621 e872d6 10616->10621 10619 e8781d 37 API calls 10620 e86494 10619->10620 10622 e872de 10621->10622 10628 e86511 InitializeCriticalSectionAndSpinCount 10622->10628 10625 e87309 IsDebuggerPresent 10626 e8648a 10625->10626 10627 e87313 OutputDebugStringW 10625->10627 10626->10619 10627->10626 10629 e86520 GetLastError 10628->10629 10630 e8652c 10628->10630 10629->10630 10630->10625 10630->10626 10631 e87a81 10634 e88032 10631->10634 10633 e87a86 10633->10633 10635 e88048 10634->10635 10637 e88051 10635->10637 10638 e87fe5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 10635->10638 10637->10633 10638->10637 11267 e8d601 11268 e8d60c 11267->11268 11270 e8d635 11268->11270 11271 e8d631 11268->11271 11273 e8e983 11268->11273 11278 e8d659 11270->11278 11274 e8e7c1 _unexpected 5 API calls 11273->11274 11275 e8e99f 11274->11275 11276 e8e9bd InitializeCriticalSectionAndSpinCount 11275->11276 11277 e8e9a8 11275->11277 11276->11277 11277->11268 11279 e8d666 11278->11279 11281 e8d685 11278->11281 11280 e8d670 DeleteCriticalSection 11279->11280 11280->11280 11280->11281 11281->11271 10639 e8b083 10642 e89a5f 10639->10642 10643 e89a71 10642->10643 10644 e89a83 10642->10644 10643->10644 10645 e89a79 10643->10645 10646 e89b24 CallCatchBlock 44 API calls 10644->10646 10648 e89b24 CallCatchBlock 44 API calls 10645->10648 10652 e89a81 10645->10652 10647 e89a88 10646->10647 10650 e89b24 CallCatchBlock 44 API calls 10647->10650 10647->10652 10649 e89aa1 10648->10649 10651 e89b24 CallCatchBlock 44 API calls 10649->10651 10650->10652 10653 e89aac 10651->10653 10656 e8cc9b 10653->10656 10657 e8cca7 CallCatchBlock 10656->10657 10658 e8d240 _unexpected 36 API calls 10657->10658 10659 e8ccac 10658->10659 10660 e8cd36 IsInExceptionSpec 34 API calls 10659->10660 10661 e8ccd6 10660->10661 11282 e93205 11284 e9322d 11282->11284 11283 e93265 11284->11283 11285 e9325e 11284->11285 11286 e93257 11284->11286 11291 e932c0 11285->11291 11288 e932d7 15 API calls 11286->11288 11289 e9325c 11288->11289 11292 e932e0 11291->11292 11293 e9374f __startOneArgErrorHandling 15 API calls 11292->11293 11294 e93263 11293->11294 11867 e87905 11868 e87911 CallCatchBlock 11867->11868 11890 e87657 11868->11890 11870 e87918 11871 e87a6b 11870->11871 11879 e87942 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallCatchBlock 11870->11879 11872 e87a72 11871->11872 11873 e87bb0 4 API calls 11871->11873 11874 e8c006 15 API calls 11872->11874 11873->11872 11875 e87a78 11874->11875 11876 e8bfc9 CallCatchBlock 15 API calls 11875->11876 11877 e87a80 11876->11877 11878 e87961 11879->11878 11880 e87ccb GetStartupInfoW 11879->11880 11881 e879e8 11880->11881 11882 e86c1e 70 API calls 11881->11882 11883 e879fd 11882->11883 11884 e87d04 CallCatchBlock GetModuleHandleW 11883->11884 11885 e87a04 11884->11885 11885->11872 11886 e87a08 11885->11886 11887 e87a11 11886->11887 11888 e8bfba 15 API calls 11886->11888 11889 e877c8 ___scrt_uninitialize_crt 60 API calls 11887->11889 11888->11887 11889->11878 11891 e87660 11890->11891 11898 e87db1 IsProcessorFeaturePresent 11891->11898 11895 e87671 11896 e87675 11895->11896 11897 e89759 ___scrt_uninitialize_crt 7 API calls 11895->11897 11896->11870 11897->11896 11899 e8766c 11898->11899 11900 e8973a 11899->11900 11908 e89c12 11900->11908 11903 e89743 11903->11895 11905 e8974b 11906 e89756 11905->11906 11907 e89c4e ___vcrt_uninitialize_locks DeleteCriticalSection 11905->11907 11906->11895 11907->11903 11909 e89c1b 11908->11909 11911 e89c44 11909->11911 11912 e8973f 11909->11912 11922 e89fe9 11909->11922 11913 e89c4e ___vcrt_uninitialize_locks DeleteCriticalSection 11911->11913 11912->11903 11914 e89bc4 11912->11914 11913->11912 11927 e89efa 11914->11927 11917 e89bd9 11917->11905 11918 e89fab ___vcrt_FlsSetValue 6 API calls 11919 e89be7 11918->11919 11920 e89bf4 11919->11920 11921 e89bf7 ___vcrt_uninitialize_ptd 6 API calls 11919->11921 11920->11905 11921->11917 11923 e89eb1 ___vcrt_FlsSetValue 5 API calls 11922->11923 11924 e8a003 11923->11924 11925 e8a021 InitializeCriticalSectionAndSpinCount 11924->11925 11926 e8a00c 11924->11926 11925->11926 11926->11909 11928 e89eb1 ___vcrt_FlsSetValue 5 API calls 11927->11928 11929 e89f14 11928->11929 11930 e89f2d TlsAlloc 11929->11930 11931 e89bce 11929->11931 11931->11917 11931->11918 11932 e93507 11933 e93520 __startOneArgErrorHandling 11932->11933 11934 e93549 __startOneArgErrorHandling 11933->11934 11935 e938a1 15 API calls 11933->11935 11935->11934 10662 e8ec87 10663 e8ec8c 10662->10663 10664 e8ecaf 10663->10664 10666 e8f62e 10663->10666 10667 e8f63b 10666->10667 10668 e8f65d 10666->10668 10669 e8f649 DeleteCriticalSection 10667->10669 10670 e8f657 10667->10670 10668->10663 10669->10669 10669->10670 10671 e8d52b __freea 13 API calls 10670->10671 10671->10668 11936 e8d107 11937 e8d112 11936->11937 11938 e8d122 11936->11938 11939 e8d11a 11937->11939 11942 e8d128 11937->11942 11941 e8d52b __freea 13 API calls 11939->11941 11941->11938 11943 e8d13d 11942->11943 11944 e8d143 11942->11944 11945 e8d52b __freea 13 API calls 11943->11945 11946 e8d52b __freea 13 API calls 11944->11946 11945->11944 11947 e8d14f 11946->11947 11948 e8d52b __freea 13 API calls 11947->11948 11949 e8d15a 11948->11949 11950 e8d52b __freea 13 API calls 11949->11950 11951 e8d165 11950->11951 11952 e8d52b __freea 13 API calls 11951->11952 11953 e8d170 11952->11953 11954 e8d52b __freea 13 API calls 11953->11954 11955 e8d17b 11954->11955 11956 e8d52b __freea 13 API calls 11955->11956 11957 e8d186 11956->11957 11958 e8d52b __freea 13 API calls 11957->11958 11959 e8d191 11958->11959 11960 e8d52b __freea 13 API calls 11959->11960 11961 e8d19c 11960->11961 11962 e8d52b __freea 13 API calls 11961->11962 11963 e8d1aa 11962->11963 11968 e8cf54 11963->11968 11965 e8d1d0 11974 e8cfbf 11965->11974 11967 e8d1f3 11967->11939 11969 e8cf60 CallCatchBlock 11968->11969 11980 e8d642 EnterCriticalSection 11969->11980 11971 e8cf6a 11972 e8cf94 11971->11972 11973 e8d52b __freea 13 API calls 11971->11973 11972->11965 11973->11972 11975 e8cfcb CallCatchBlock 11974->11975 11981 e8d642 EnterCriticalSection 11975->11981 11977 e8cfd5 11978 e8d1f5 _unexpected 13 API calls 11977->11978 11979 e8cfe8 11978->11979 11979->11967 11980->11971 11981->11977 11295 e86618 HeapSize 11296 e92a1a IsProcessorFeaturePresent 11297 e8c01c 11298 e8c033 11297->11298 11310 e8c02c 11297->11310 11299 e8c054 GetModuleFileNameW 11298->11299 11300 e8c03e 11298->11300 11304 e8c079 11299->11304 11301 e8baf8 __freea 13 API calls 11300->11301 11302 e8c043 11301->11302 11303 e8ba3a ___std_exception_copy 34 API calls 11302->11303 11303->11310 11318 e8c2f3 11304->11318 11306 e8c0a6 11307 e8c0d9 11306->11307 11308 e8c0f5 11306->11308 11309 e8d52b __freea 13 API calls 11307->11309 11311 e8c10c 11308->11311 11312 e8c116 11308->11312 11309->11310 11313 e8d52b __freea 13 API calls 11311->11313 11315 e8d52b __freea 13 API calls 11312->11315 11314 e8c114 11313->11314 11316 e8d52b __freea 13 API calls 11314->11316 11315->11314 11317 e8c14a 11316->11317 11319 e8c336 11318->11319 11320 e8c304 11318->11320 11319->11306 11320->11319 11321 e8d6d2 _unexpected 13 API calls 11320->11321 11322 e8c32d 11321->11322 11323 e8d52b __freea 13 API calls 11322->11323 11323->11319 11592 e8f39e 11593 e8f3ab 11592->11593 11594 e8d6d2 _unexpected 13 API calls 11593->11594 11595 e8f3c5 11594->11595 11596 e8d52b __freea 13 API calls 11595->11596 11597 e8f3d1 11596->11597 11598 e8d6d2 _unexpected 13 API calls 11597->11598 11601 e8f3f7 11597->11601 11600 e8f3eb 11598->11600 11599 e8e983 6 API calls 11599->11601 11602 e8d52b __freea 13 API calls 11600->11602 11601->11599 11603 e8f403 11601->11603 11602->11601 11604 e9059f 11605 e905c3 11604->11605 11610 e9059e 11604->11610 11606 e905ce 11605->11606 11607 e90622 11605->11607 11609 e8e50a MultiByteToWideChar 11606->11609 11606->11610 11608 e8e50a MultiByteToWideChar 11607->11608 11608->11610 11609->11610 11324 e8381f 11329 e90b2f 11324->11329 11326 e8382f 11332 e91547 11326->11332 11331 e906de 11329->11331 11330 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11330->11331 11331->11326 11331->11329 11331->11330 11331->11331 11338 e91589 11332->11338 11333 e91602 11334 e873ee __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z IsProcessorFeaturePresent 11333->11334 11336 e83847 11334->11336 11335 e915b8 WriteFile 11337 e91604 GetLastError 11335->11337 11335->11338 11337->11333 11338->11333 11338->11335

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00E86C2C
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00E86C33
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00E86C72
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DllEntry), ref: 00E86C8D
                                                                                                                                                                        • GetCommandLineW.KERNEL32(?), ref: 00E86C9C
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00E86CAF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryProc$CommandFreeHandleLineLoadModule
                                                                                                                                                                        • String ID: DllEntry$SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                        • API String ID: 1042781669-3472957018
                                                                                                                                                                        • Opcode ID: 707108da29d8bf75b3545a9fdef9628410eb07e0387f67f6a4527fbf1117ce6c
                                                                                                                                                                        • Instruction ID: 9cbc8cb6f8f0b5e6e983a1ae94f67d09d7819237615020a0e077779c68d734cd
                                                                                                                                                                        • Opcode Fuzzy Hash: 707108da29d8bf75b3545a9fdef9628410eb07e0387f67f6a4527fbf1117ce6c
                                                                                                                                                                        • Instruction Fuzzy Hash: 6E11C832954216BFC711BBA59C4AF6EB7A8DF04755F102016F98EB7290EE648D089BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • ___scrt_release_startup_lock.LIBCMT ref: 00E87997
                                                                                                                                                                        • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00E879AB
                                                                                                                                                                        • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00E879D1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ___scrt_is_nonwritable_in_current_image$___scrt_release_startup_lock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1748507086-0
                                                                                                                                                                        • Opcode ID: eae044c9a8d49bb009a7f5e5e96fcc1b94bb3bac8a8a7079d9896cc74dcb1721
                                                                                                                                                                        • Instruction ID: e8e92bdc8258b6b9b0c48ccee35abb63b2fe16bf69cc47ae496e446203a9c1f5
                                                                                                                                                                        • Opcode Fuzzy Hash: eae044c9a8d49bb009a7f5e5e96fcc1b94bb3bac8a8a7079d9896cc74dcb1721
                                                                                                                                                                        • Instruction Fuzzy Hash: F111223214C7509AE639BB64AC06A6E67E09FC2765F3425ABF4CD771C2DE22CD418760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00E8BEC1,?,00E8B83D,?,?,2541802F,00E8B83D,?), ref: 00E8BED8
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00E8BEC1,?,00E8B83D,?,?,2541802F,00E8B83D,?), ref: 00E8BEDF
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00E8BEF1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 0d679d27d9f70f0ba84b19dc780ed41609d06bdb0c496053d63403c402d2840a
                                                                                                                                                                        • Instruction ID: 52d0b378fcf833930492a69309262145ad1f8ed09a3f3a743f07c9648d00f145
                                                                                                                                                                        • Opcode Fuzzy Hash: 0d679d27d9f70f0ba84b19dc780ed41609d06bdb0c496053d63403c402d2840a
                                                                                                                                                                        • Instruction Fuzzy Hash: BDD09232018508AFCF013F62DD0D99A3F6ABF44341B045056BA5DAA132DB319AAADB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104), ref: 00E868B9
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00000000,00000104,?,?,00000000), ref: 00E8697C
                                                                                                                                                                          • Part of subcall function 00E86F7D: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,00000000,?,?,00E86912,-00000010), ref: 00E86FAE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFolderModuleNamePathResource
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2248019921-0
                                                                                                                                                                        • Opcode ID: 4ca49af09e546abf72e2c706e4eef616dcea3c8219d4e5a0a4096091b0be42e6
                                                                                                                                                                        • Instruction ID: 77a08a3f294c5d0f91a7a0f10bebdfd1dc083049cda9307ecddb6272845c57e2
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ca49af09e546abf72e2c706e4eef616dcea3c8219d4e5a0a4096091b0be42e6
                                                                                                                                                                        • Instruction Fuzzy Hash: B9415C71E00119ABCB04FFA4C9969FEB7B9AF40304B505569E95EB72D1EF309E05CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 129 e8bed7-e8bef1 TerminateProcess call e8bf1a ExitProcess
                                                                                                                                                                        APIs
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00E8BEC1,?,00E8B83D,?,?,2541802F,00E8B83D,?), ref: 00E8BEDF
                                                                                                                                                                          • Part of subcall function 00E8BF1A: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,2541802F,?,?,00000000,00E944E2,000000FF,?,00E8BEED,?,?,00E8BEC1,?), ref: 00E8BF4F
                                                                                                                                                                          • Part of subcall function 00E8BF1A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E8BF61
                                                                                                                                                                          • Part of subcall function 00E8BF1A: FreeLibrary.KERNEL32(00000000,?,00000000,00E944E2,000000FF,?,00E8BEED,?,?,00E8BEC1,?), ref: 00E8BF83
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00E8BEF1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$AddressExitFreeHandleLibraryModuleProcTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 561399071-0
                                                                                                                                                                        • Opcode ID: a355ea5b101b4b8e089d7107a3874a286268b39cd7dda375ce820d638c0edea9
                                                                                                                                                                        • Instruction ID: 994dde117181f79d5f80b4ed8dd34eb9938e09228653d8307851c3ad6a63e7c2
                                                                                                                                                                        • Opcode Fuzzy Hash: a355ea5b101b4b8e089d7107a3874a286268b39cd7dda375ce820d638c0edea9
                                                                                                                                                                        • Instruction Fuzzy Hash: 1FC04C31518005EFCF013F61EC1D6493F25FB003417045412F949A5130DB359AA99F65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • ___scrt_uninitialize_crt.LIBCMT ref: 00E87A14
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ___scrt_uninitialize_crt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4113623384-0
                                                                                                                                                                        • Opcode ID: 709bca4e187f511ee77649e2a20a5ba413465b510d0d084e5f801a0d71867823
                                                                                                                                                                        • Instruction ID: 43bdc16dbab6855dfc88a47fa81277faaae5b884ab5e8cb378fd88af0cfe29bf
                                                                                                                                                                        • Opcode Fuzzy Hash: 709bca4e187f511ee77649e2a20a5ba413465b510d0d084e5f801a0d71867823
                                                                                                                                                                        • Instruction Fuzzy Hash: 01F0B43264C62096DA357BA4AC03AAD67E1DF827A5F302855F8CE772D2DB26C9008764
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E87BBC
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(00E83C7F), ref: 00E87C88
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E87CA8
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00E87CB2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                        • Opcode ID: c89e65842ac490b3b14c153d55c71f0b631c32ae988da5c673cc4bc118a4b462
                                                                                                                                                                        • Instruction ID: 1953ad217a6effadac381d62f6b63ecd7f0df21a5ce094e9b604928fbfe2f4c1
                                                                                                                                                                        • Opcode Fuzzy Hash: c89e65842ac490b3b14c153d55c71f0b631c32ae988da5c673cc4bc118a4b462
                                                                                                                                                                        • Instruction Fuzzy Hash: B7313A75D452189FDB11EFA1D9897CDBBF8AF08304F10409AE44DA7290EB719A88CF44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 242 e8a670-e8a69b call e8b229 245 e8a6a1-e8a6a4 242->245 246 e8aa14-e8aa19 call e8cd36 242->246 245->246 247 e8a6aa-e8a6b3 245->247 249 e8a6b9-e8a6bd 247->249 250 e8a7b0-e8a7b6 247->250 249->250 252 e8a6c3-e8a6ca 249->252 253 e8a7be-e8a7cc 250->253 256 e8a6cc-e8a6d3 252->256 257 e8a6e2-e8a6e7 252->257 254 e8a97d-e8a980 253->254 255 e8a7d2-e8a7d6 253->255 261 e8a982-e8a985 254->261 262 e8a9a3-e8a9ac call e89b24 254->262 255->254 259 e8a7dc-e8a7e3 255->259 256->257 260 e8a6d5-e8a6dc 256->260 257->250 258 e8a6ed-e8a6f5 call e89b24 257->258 275 e8a6fb-e8a714 call e89b24 * 2 258->275 276 e8a9ae-e8a9b2 258->276 265 e8a7fb-e8a801 259->265 266 e8a7e5-e8a7ec 259->266 260->250 260->257 261->246 263 e8a98b-e8a9a0 call e8aa1a 261->263 262->246 262->276 263->262 272 e8a919-e8a91d 265->272 273 e8a807-e8a82e call e8a063 265->273 266->265 270 e8a7ee-e8a7f5 266->270 270->254 270->265 278 e8a929-e8a935 272->278 279 e8a91f-e8a928 call e8990e 272->279 273->272 287 e8a834-e8a837 273->287 275->246 300 e8a71a-e8a720 275->300 278->262 280 e8a937-e8a93b 278->280 279->278 284 e8a94d-e8a955 280->284 285 e8a93d-e8a945 280->285 290 e8a96c-e8a979 call e8b0e9 284->290 291 e8a957-e8a96a call e89b24 * 2 284->291 285->262 289 e8a947-e8a94b 285->289 293 e8a83a-e8a84f 287->293 289->262 289->284 307 e8a9d8-e8a9ed call e89b24 * 2 290->307 308 e8a97b 290->308 317 e8a9b3 call e8cc9b 291->317 297 e8a8fa-e8a90d 293->297 298 e8a855-e8a858 293->298 297->293 301 e8a913-e8a916 297->301 298->297 303 e8a85e-e8a866 298->303 305 e8a74c-e8a754 call e89b24 300->305 306 e8a722-e8a726 300->306 301->272 303->297 309 e8a86c-e8a880 303->309 323 e8a7b8-e8a7bb 305->323 324 e8a756-e8a776 call e89b24 * 2 call e8b0e9 305->324 306->305 312 e8a728-e8a72f 306->312 337 e8a9ef 307->337 338 e8a9f2-e8aa0f call e8a256 call e8afe9 call e8b1a6 call e8af60 307->338 308->262 313 e8a883-e8a893 309->313 318 e8a731-e8a738 312->318 319 e8a743-e8a746 312->319 320 e8a8bb-e8a8c8 313->320 321 e8a895-e8a8a8 call e8ab50 313->321 333 e8a9b8-e8a9d3 call e8990e call e8acfb call e8b2d6 317->333 318->319 328 e8a73a-e8a741 318->328 319->246 319->305 320->313 326 e8a8ca 320->326 334 e8a8aa-e8a8b0 321->334 335 e8a8cc-e8a8f4 call e8a5f0 321->335 323->253 324->323 355 e8a778-e8a77d 324->355 332 e8a8f7 326->332 328->305 328->319 332->297 333->307 334->321 340 e8a8b2-e8a8b8 334->340 335->332 337->338 338->246 340->320 355->317 357 e8a783-e8a796 call e8ad50 355->357 357->333 362 e8a79c-e8a7a8 357->362 362->317 363 e8a7ae 362->363 363->357
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00E8A76D
                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 00E8A78F
                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 00E8A89E
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00E8A970
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00E8A9F4
                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 00E8AA0F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                        • String ID: csm$csm$csm$I
                                                                                                                                                                        • API String ID: 2123188842-2268701674
                                                                                                                                                                        • Opcode ID: 5082a74c07d0f0fda493bf67f96ae0f92c9602ee44569a3b4e62e19063f2fb09
                                                                                                                                                                        • Instruction ID: cb858fc3bfa28941438f9d83896aa9e5a6a7c95252cf50fd37f45d2b880cad0e
                                                                                                                                                                        • Opcode Fuzzy Hash: 5082a74c07d0f0fda493bf67f96ae0f92c9602ee44569a3b4e62e19063f2fb09
                                                                                                                                                                        • Instruction Fuzzy Hash: CAB16C71800209EFEF19EF94D9419AEB7B5EF44314B19606AE80D7B212D331DA51CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 364 e8743f-e87444 365 e87445-e8744e GetModuleHandleW 364->365 366 e87457-e87473 GetProcAddress * 2 364->366 374 e87439-e8743b 365->374 375 e87450-e87455 365->375 367 e87475-e87477 366->367 368 e87487-e8749b CreateEventW 366->368 367->368 372 e87479-e8747f 367->372 369 e8749d-e874b7 call e87bb0 DeleteCriticalSection 368->369 370 e87484-e87486 368->370 378 e874b9-e874ba CloseHandle 369->378 379 e874c0 369->379 372->370 374->364 375->369 377 e87456 375->377 377->366 378->379
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E8744B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00E8745D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E8746B
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00E8748E
                                                                                                                                                                          • Part of subcall function 00E87BB0: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E87BBC
                                                                                                                                                                          • Part of subcall function 00E87BB0: IsDebuggerPresent.KERNEL32(00E83C7F), ref: 00E87C88
                                                                                                                                                                          • Part of subcall function 00E87BB0: SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E87CA8
                                                                                                                                                                          • Part of subcall function 00E87BB0: UnhandledExceptionFilter.KERNEL32(?), ref: 00E87CB2
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00E9592C,00000007,00E83C8F), ref: 00E874AA
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00E874BA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressExceptionFilterHandlePresentProcUnhandled$CloseCreateCriticalDebuggerDeleteEventFeatureModuleProcessorSection
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$kernel32.dll
                                                                                                                                                                        • API String ID: 2503302297-3593338985
                                                                                                                                                                        • Opcode ID: 6ffaa5a78e08605b46a8fd7ef463acacdb788a094765f051d3edf0f61977ca5c
                                                                                                                                                                        • Instruction ID: 61b731276eb3997bc4f1dea1d56681f9e25a9b9ad92db26cedc5c4fbd5eac59b
                                                                                                                                                                        • Opcode Fuzzy Hash: 6ffaa5a78e08605b46a8fd7ef463acacdb788a094765f051d3edf0f61977ca5c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8E01D672919711DFDB122B776C09B6A3E98AB407647291457FCACF2261EB30CC0C8B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 380 e87423-e87444 InitializeCriticalSectionAndSpinCount GetModuleHandleW 381 e87446-e87455 GetModuleHandleW 380->381 382 e87457-e87473 GetProcAddress * 2 380->382 381->382 383 e8749d-e874b7 call e87bb0 DeleteCriticalSection 381->383 384 e87475-e87477 382->384 385 e87487-e8749b CreateEventW 382->385 390 e874b9-e874ba CloseHandle 383->390 391 e874c0 383->391 384->385 388 e87479-e8747f 384->388 385->383 386 e87484-e87486 385->386 388->386 390->391
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(00E9592C,00000FA0,?,?,00E87401), ref: 00E8742F
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00E87401), ref: 00E8743A
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E8744B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00E8745D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E8746B
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00E9592C,00000007,00E83C8F), ref: 00E874AA
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00E874BA
                                                                                                                                                                        Strings
                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00E87463
                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00E87435
                                                                                                                                                                        • kernel32.dll, xrefs: 00E87446
                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00E87457
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountDeleteInitializeSpin
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 2467298183-3242537097
                                                                                                                                                                        • Opcode ID: d81dab50d47ebe856a2796018bee0ccc2105b8a4670a531a67376e5218f6d157
                                                                                                                                                                        • Instruction ID: 2d75c9c1e3e1ebf5dd364a6d04f47375e452eddf576867d1148f039a00e49de1
                                                                                                                                                                        • Opcode Fuzzy Hash: d81dab50d47ebe856a2796018bee0ccc2105b8a4670a531a67376e5218f6d157
                                                                                                                                                                        • Instruction Fuzzy Hash: 83F0A73265A760AF83323BA76C0DA5B3E589B80B717152013F99CF2390DA70CC4D87A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 392 e93313-e93324 393 e93336 392->393 394 e93326-e93334 DecodePointer 392->394 395 e9333b-e93341 393->395 394->395 396 e93425-e93428 395->396 397 e93347 395->397 398 e934ba 396->398 399 e9342e-e93431 396->399 400 e93419 397->400 401 e9334d-e93350 397->401 405 e934c1 398->405 403 e93433-e93436 399->403 404 e93474 399->404 402 e9341b-e93420 400->402 406 e93352 401->406 407 e933b7-e933ba 401->407 408 e93503-e93506 402->408 409 e93438-e9343b 403->409 410 e9346b-e93472 403->410 416 e9347b-e934ab 404->416 413 e934c8-e934f1 405->413 414 e933a4-e933b2 406->414 415 e93354-e93359 406->415 411 e933bc-e933bf 407->411 412 e93410-e93417 407->412 418 e9343d-e93440 409->418 419 e93462-e93469 409->419 410->416 420 e933c1-e933c4 411->420 421 e93404-e9340b 411->421 417 e933d1-e933ff 412->417 440 e934fe-e93501 413->440 442 e934f3-e934f8 call e8baf8 413->442 414->413 422 e9335b-e9335e 415->422 423 e93395-e9339f 415->423 439 e934ad-e934b8 call e8baf8 416->439 416->440 417->440 425 e93459-e93460 418->425 426 e93442-e93447 418->426 419->416 420->408 427 e933ca 420->427 421->405 429 e93389-e93390 422->429 430 e93360-e93363 422->430 423->413 425->416 431 e93449-e9344c 426->431 432 e93452-e93457 426->432 427->417 429->416 434 e9337a-e93384 430->434 435 e93365-e93368 430->435 431->408 431->432 432->402 434->413 435->408 436 e9336e-e93375 435->436 436->416 439->440 440->408 442->440
                                                                                                                                                                        APIs
                                                                                                                                                                        • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00E92C7F), ref: 00E9332C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DecodePointer
                                                                                                                                                                        • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                        • API String ID: 3527080286-3064271455
                                                                                                                                                                        • Opcode ID: 4363681d2634c1780623d555f0c079ac38c5fe057fcb03c049cec359227e36da
                                                                                                                                                                        • Instruction ID: 53d6e7e94017625aaeb668cd02c0e51d8a120b53bf17100ab79ca8b8a66f63f1
                                                                                                                                                                        • Opcode Fuzzy Hash: 4363681d2634c1780623d555f0c079ac38c5fe057fcb03c049cec359227e36da
                                                                                                                                                                        • Instruction Fuzzy Hash: A751CFB090060ACBCF119F79E84D5EDBFB0FF49308F522046D5A9B6264CB748B69CB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 447 e897b0-e89801 call e94430 call e89770 call e89de7 454 e8985d-e89860 447->454 455 e89803-e89815 447->455 456 e89880-e89889 454->456 457 e89862-e8986d 454->457 455->456 458 e89817-e8982e 455->458 459 e89874-e8987d call e89770 457->459 460 e8986f call e89dd0 457->460 461 e89830-e8983e call e89d70 458->461 462 e89844 458->462 459->456 460->459 469 e89840 461->469 470 e89854-e8985b 461->470 464 e89847-e8984c 462->464 464->458 468 e8984e-e89850 464->468 468->456 471 e89852 468->471 472 e8988a-e89893 469->472 473 e89842 469->473 470->459 471->459 474 e898cd-e898dd call e89db0 472->474 475 e89895-e8989c 472->475 473->464 480 e898df-e898ee call e89dd0 474->480 481 e898f1-e8990d call e89770 call e89d90 474->481 475->474 477 e8989e-e898ad call e94230 475->477 485 e898ca 477->485 486 e898af-e898c7 477->486 480->481 485->474 486->485
                                                                                                                                                                        APIs
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00E897E7
                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00E897EF
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00E89878
                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00E898A3
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00E898F8
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                        • Opcode ID: 77abbc15b58eb5207e5c6ed43477c87766d3471dc84dd096fca87cf5bd491492
                                                                                                                                                                        • Instruction ID: 372824e7bab86dd1380210528d665541f8173f086291c22bf3d60a4403af2f86
                                                                                                                                                                        • Opcode Fuzzy Hash: 77abbc15b58eb5207e5c6ed43477c87766d3471dc84dd096fca87cf5bd491492
                                                                                                                                                                        • Instruction Fuzzy Hash: 00418234E0020AAFCF14EF69C885AAEBBE5AF46318F189155E81D7B393D7319905CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00E86AE1
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,00000104), ref: 00E86AFC
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,goopdate.dll,?,?,00000104), ref: 00E86B2B
                                                                                                                                                                          • Part of subcall function 00E86820: GetLastError.KERNEL32(00E86AF0,?,?,00000104), ref: 00E86820
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FilePath$AppendErrorLastModuleNameRemoveSpec
                                                                                                                                                                        • String ID: goopdate.dll
                                                                                                                                                                        • API String ID: 3739599460-235033069
                                                                                                                                                                        • Opcode ID: f6920ce0c5765f230a898f44e2ce465495ddbd63cf4023feb192eef5397a64c0
                                                                                                                                                                        • Instruction ID: 22391d92979ad9dc3929059adb856813d5206d468718fc662d025e669eb5e3de
                                                                                                                                                                        • Opcode Fuzzy Hash: f6920ce0c5765f230a898f44e2ce465495ddbd63cf4023feb192eef5397a64c0
                                                                                                                                                                        • Instruction Fuzzy Hash: 58413FB290121D9ACF21FB60DC45EDAB3BC9B44344F1095E6A50DF3142EA309E898B65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00E8E803,00E8C8BB,0000000C,?,00000000,00000000,?,00E8E95D,00000021,FlsSetValue,00E82924,00E8292C,?), ref: 00E8E7B7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                        • Opcode ID: 46f2b6ec6ba1d6191edc2b8cfb2cc3e39fa297400af0d3d676ef57a19f51ccde
                                                                                                                                                                        • Instruction ID: 671f331af3f59e6a1398ec54cd280fbac5ae8fa5ec9b2827007702fbbb5605a8
                                                                                                                                                                        • Opcode Fuzzy Hash: 46f2b6ec6ba1d6191edc2b8cfb2cc3e39fa297400af0d3d676ef57a19f51ccde
                                                                                                                                                                        • Instruction Fuzzy Hash: E321B432A51211AFCB21BB66DC84A6A37A8EF517A4B251223ED1DB7390E735ED04C7D0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00E89B29,00E89ABA,00E87D97), ref: 00E89B40
                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E89B4E
                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E89B67
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00E89B29,00E89ABA,00E87D97), ref: 00E89BB9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                        • Opcode ID: ca6e5271d11aa4c1d2434d4485fb86e76739e8745996c45eb90ee72fa76482b0
                                                                                                                                                                        • Instruction ID: 0b23b2cec27447341d98d84cc1ffa03d3d513321c779c8f73d9c5a68cdab9470
                                                                                                                                                                        • Opcode Fuzzy Hash: ca6e5271d11aa4c1d2434d4485fb86e76739e8745996c45eb90ee72fa76482b0
                                                                                                                                                                        • Instruction Fuzzy Hash: 83016833A1E7012EE62536717C85A7B26E4DB51BB9728122BFA1CB40E2EF214C155384
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00E89ED8,?,?,00E95CEC,00000000,?,00E8A003,00000004,InitializeCriticalSectionEx,00E81C14,InitializeCriticalSectionEx,00000000), ref: 00E89EA7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                                                                        • Opcode ID: a72c704c9972c6fcfe3c4c44d42053c7c255b61f5f412aecfd7e5d314dd7ee58
                                                                                                                                                                        • Instruction ID: bd12ad990b73510951692fe583df6ce18303d7a1c44c6ec83862f14878059d7e
                                                                                                                                                                        • Opcode Fuzzy Hash: a72c704c9972c6fcfe3c4c44d42053c7c255b61f5f412aecfd7e5d314dd7ee58
                                                                                                                                                                        • Instruction Fuzzy Hash: F911E332E44220AFCB22EB699C00B7A7BD4AF01764F181212E94CFB2C1D730EC048BD1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,2541802F,?,?,00000000,00E944E2,000000FF,?,00E8BEED,?,?,00E8BEC1,?), ref: 00E8BF4F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E8BF61
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,00E944E2,000000FF,?,00E8BEED,?,?,00E8BEC1,?), ref: 00E8BF83
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: 12ed054f25f627663ffc117a5b47746988a568c0f41c2427c1ca126e660664f4
                                                                                                                                                                        • Instruction ID: 01af388d71ee85ffb847b7c428b81c0fbc58bd8e59a79e4e2967c9101e7303ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 12ed054f25f627663ffc117a5b47746988a568c0f41c2427c1ca126e660664f4
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A01A231A18616EFDB119F51CC05BAFBBBCFB04B15F004527F919B2290DB749808CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,00E87530,00000064), ref: 00E875B6
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00E9592C,?,?,00E87530,00000064,?,00E86688,00E964A0,?,?,00E86DDF,?,00E86898), ref: 00E875C0
                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00E87530,00000064,?,00E86688,00E964A0,?,?,00E86DDF,?,00E86898), ref: 00E875D1
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00E9592C,?,00E87530,00000064,?,00E86688,00E964A0,?,?,00E86DDF,?,00E86898), ref: 00E875D8
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                        • String ID: ,Y
                                                                                                                                                                        • API String ID: 3269011525-2465771
                                                                                                                                                                        • Opcode ID: 5155f8cb8bdbca2069a46a70f96c13d5c57a4e8378e25ea39a5c9cb97c782f3a
                                                                                                                                                                        • Instruction ID: 7203bea58bbcff77392d2ae7f21f703cb5680324a55a71c54dd83fa5e5b7b825
                                                                                                                                                                        • Opcode Fuzzy Hash: 5155f8cb8bdbca2069a46a70f96c13d5c57a4e8378e25ea39a5c9cb97c782f3a
                                                                                                                                                                        • Instruction Fuzzy Hash: 39E0B632559A14FFDF022B62AC09AAE3E26EB88761B105423B59E751608A6149299B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00E90C47
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00E90D08
                                                                                                                                                                        • __freea.LIBCMT ref: 00E90D6F
                                                                                                                                                                          • Part of subcall function 00E8FAC8: HeapAlloc.KERNEL32(00000000,00000000,00E8C8BB,?,00E8D5AD,?,00000000,?,00E8BB6F,00000000,00E8C8BB,00000004,?,00000000,?,00E8C6B5), ref: 00E8FAFA
                                                                                                                                                                        • __freea.LIBCMT ref: 00E90D84
                                                                                                                                                                        • __freea.LIBCMT ref: 00E90D94
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1096550386-0
                                                                                                                                                                        • Opcode ID: af977311365aecd0c6515be830ede6996c65cbdfae403bc438ee1c788b53997a
                                                                                                                                                                        • Instruction ID: 831d4d56afdd73f43abe2b5bde92ec9fa5262bf7b42ad83c018dd9f9e0bd224b
                                                                                                                                                                        • Opcode Fuzzy Hash: af977311365aecd0c6515be830ede6996c65cbdfae403bc438ee1c788b53997a
                                                                                                                                                                        • Instruction Fuzzy Hash: FF51B07260021AAFEF25AFA4CC81EBB76A9EF44758B551229FD0CF6250E670DC1097A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00E8E586: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E90D65,?,00000000,-00000008), ref: 00E8E632
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00E9125F
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E912A7
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00E9134A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ByteCharErrorLastMultiWide
                                                                                                                                                                        • String ID: 9E
                                                                                                                                                                        • API String ID: 2404604323-3001708350
                                                                                                                                                                        • Opcode ID: ba7a35d15e4cda30080cc36bde5491699c45b9bfa7d6fcd4990c8f93b4910f45
                                                                                                                                                                        • Instruction ID: 9b437cb32885e0872bacd726c1ccd20ca2d6addcfe0318c3405b04aab11ee4b9
                                                                                                                                                                        • Opcode Fuzzy Hash: ba7a35d15e4cda30080cc36bde5491699c45b9bfa7d6fcd4990c8f93b4910f45
                                                                                                                                                                        • Instruction Fuzzy Hash: 18B156B5E042499FCF15CFE9D880AEDBBB4FF09304F1855AAE866F7251D630A846CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 00E8A89E
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00E8A9F4
                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 00E8AA0F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwind
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 3456342781-1018135373
                                                                                                                                                                        • Opcode ID: 642a0442d03eae0b495662b046ef9e1978e354a09645f722246a977795d08441
                                                                                                                                                                        • Instruction ID: e336e530e24b30b3258320628b7f5977f9f4e6e7e7a4925fc55476112ae63f53
                                                                                                                                                                        • Opcode Fuzzy Hash: 642a0442d03eae0b495662b046ef9e1978e354a09645f722246a977795d08441
                                                                                                                                                                        • Instruction Fuzzy Hash: AE517B71D002099FEF18EF94D881A9EB7B5FF44314F19516AE80D7B212D730EA52CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,?,00E86DDF,?,00E86898), ref: 00E86692
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00E866B9
                                                                                                                                                                          • Part of subcall function 00E8750B: EnterCriticalSection.KERNEL32(00E9592C,00E964A0,?,?,00E86688,00E964A0,?,?,00E86DDF,?,00E86898), ref: 00E87516
                                                                                                                                                                          • Part of subcall function 00E8750B: LeaveCriticalSection.KERNEL32(00E9592C,?,00E86688,00E964A0,?,?,00E86DDF,?,00E86898), ref: 00E87553
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00E8671B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalInit_thread_footerSection$EnterHeapLeaveProcess
                                                                                                                                                                        • String ID: ]
                                                                                                                                                                        • API String ID: 3363689876-639326497
                                                                                                                                                                        • Opcode ID: f88e2ae127db43198c4a93573165dd0665f4019bf2de3bf464005ded87d0d604
                                                                                                                                                                        • Instruction ID: e767df28b9b160abc366e682f77f02052b46d03f6d275ddec7923c09565b9d02
                                                                                                                                                                        • Opcode Fuzzy Hash: f88e2ae127db43198c4a93573165dd0665f4019bf2de3bf464005ded87d0d604
                                                                                                                                                                        • Instruction Fuzzy Hash: A111B272108650AFCB10EBA6FC46B4937E0B780B39F20211BE07DBB1A2DB3464099F51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(00E8393F), ref: 00E8E73F
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,?,?,?), ref: 00E8E776
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00E8E803,00E8C8BB,0000000C,?,00000000,00000000,?,00E8E95D,00000021,FlsSetValue,00E82924,00E8292C,?), ref: 00E8E7B7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$ErrorFreeLastLoad
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 1501378888-537541572
                                                                                                                                                                        • Opcode ID: 9a1139054e186d7cf6367ea997f9c8f262680337de9d0ebb1e5cc92d29948866
                                                                                                                                                                        • Instruction ID: d3c7273a8ec088e18c35d504208b618e51b9bec8d2f588d846753352ab5098cc
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a1139054e186d7cf6367ea997f9c8f262680337de9d0ebb1e5cc92d29948866
                                                                                                                                                                        • Instruction Fuzzy Hash: BEF0E273A50350A7CB3176359C85A6A36989B6177AF102623F81EF22C1E639E904C3A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 7b7e4047ac534e7ed79e0ce21cf71215bc3256b4793a898b6513caa4f07c0490
                                                                                                                                                                        • Instruction ID: 1fac768e39fc6406b1931fad7669038cac47bb54a47584594a4a62a70bd76526
                                                                                                                                                                        • Opcode Fuzzy Hash: 7b7e4047ac534e7ed79e0ce21cf71215bc3256b4793a898b6513caa4f07c0490
                                                                                                                                                                        • Instruction Fuzzy Hash: C851D3716012029FEB29BF54D845BBA77A5FF40318F18503AE91DB7291E771EC81C792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00E91F6A,?,00000001,?,?,?,00E9139E,?,?,00000000), ref: 00E927CD
                                                                                                                                                                        • GetLastError.KERNEL32(?,00E91F6A,?,00000001,?,?,?,00E9139E,?,?,00000000,?,?,?,00E91925,?), ref: 00E927D9
                                                                                                                                                                          • Part of subcall function 00E9279F: CloseHandle.KERNEL32(FFFFFFFE,00E927E9,?,00E91F6A,?,00000001,?,?,?,00E9139E,?,?,00000000,?,?), ref: 00E927AF
                                                                                                                                                                        • ___initconout.LIBCMT ref: 00E927E9
                                                                                                                                                                          • Part of subcall function 00E92761: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00E92790,00E91F57,?,?,00E9139E,?,?,00000000,?), ref: 00E92774
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00E91F6A,?,00000001,?,?,?,00E9139E,?,?,00000000,?), ref: 00E927FE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                        • Opcode ID: be932f6d032e91d5025013ebaa19fa6db2f3b08663081f9b90d6c859448bcf52
                                                                                                                                                                        • Instruction ID: 42a5d14a76092b5e7704d5806fdd8e1d110a4f22ec7ad11a4f95fe77ae455f91
                                                                                                                                                                        • Opcode Fuzzy Hash: be932f6d032e91d5025013ebaa19fa6db2f3b08663081f9b90d6c859448bcf52
                                                                                                                                                                        • Instruction Fuzzy Hash: EFF0AC37551524BFCF262FD6DC099993FA6FB083A1F045057FE19B5130C6328824DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00E9592C,?,00E86720,00E964A4,00E94563,?,?,00E86DDF,?,00E86898), ref: 00E874FE
                                                                                                                                                                        • RtlWakeAllConditionVariable.NTDLL ref: 00E87575
                                                                                                                                                                        • SetEvent.KERNEL32(?,00E964A4,00E94563,?,?,00E86DDF,?,00E86898), ref: 00E8757F
                                                                                                                                                                        • ResetEvent.KERNEL32(?,00E964A4,00E94563,?,?,00E86DDF,?,00E86898), ref: 00E8758B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$ConditionCriticalLeaveResetSectionVariableWake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2297329535-0
                                                                                                                                                                        • Opcode ID: 72e241521916280226e8aa8e0d07b57e32d048803de6031d0a9fcc872b1225b2
                                                                                                                                                                        • Instruction ID: c2695b34aa700f78405ce85f2c0929b954d3dbb9887fb76ba1aab7d33c8365be
                                                                                                                                                                        • Opcode Fuzzy Hash: 72e241521916280226e8aa8e0d07b57e32d048803de6031d0a9fcc872b1225b2
                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF05E33919A20CFC702AF2AFC18A947B61FB48721701006BE549B7330C7301C59CB80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00E8D52B: HeapFree.KERNEL32(00000000,00000000,?,00E8F9D8,00000000,00000000,00000000,?,00E8F9FD,00000000,00000007,00000000,?,00E8FEA1,00000000,00000000), ref: 00E8D541
                                                                                                                                                                          • Part of subcall function 00E8D52B: GetLastError.KERNEL32(00000000,?,00E8F9D8,00000000,00000000,00000000,?,00E8F9FD,00000000,00000007,00000000,?,00E8FEA1,00000000,00000000), ref: 00E8D54C
                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 00E8FD4E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                        • String ID: (Q$0Q
                                                                                                                                                                        • API String ID: 4068849827-2422991843
                                                                                                                                                                        • Opcode ID: e780641e9f280bace0b0c942b912ee672924b24b086548cd1061b113ffb36c51
                                                                                                                                                                        • Instruction ID: 8f1dadc76f2208bb174cd0fecbb62e095a2a8ddd281650b9ab9e04f9c9e21ff8
                                                                                                                                                                        • Opcode Fuzzy Hash: e780641e9f280bace0b0c942b912ee672924b24b086548cd1061b113ffb36c51
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F315932604601DFEB21BBB9DC45B5A73E8EB05318F10682AE55DF71A6DB30AD858B11
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00E8AA3F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                        • Opcode ID: f9dae4f64c584bc03a0d31dff3a81e2d444541d8e635b50322bf54e2e58b4759
                                                                                                                                                                        • Instruction ID: 4ad989056fc066fc32a50bd68073639239e5ec160175da3cf1b86d7630d90a06
                                                                                                                                                                        • Opcode Fuzzy Hash: f9dae4f64c584bc03a0d31dff3a81e2d444541d8e635b50322bf54e2e58b4759
                                                                                                                                                                        • Instruction Fuzzy Hash: 14414C71900109AFDF15EF98CD81AAEBBB6FF48304F1891AAF90C77221D3359950DB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019},00000000,00020019,?,?,?), ref: 00E86A15
                                                                                                                                                                        • SHQueryValueExW.SHLWAPI(?,00E85D10,00000000,?,00000000,?,00000032,?,?), ref: 00E86A58
                                                                                                                                                                        Strings
                                                                                                                                                                        • Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}, xrefs: 00E86A07
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenQueryValue
                                                                                                                                                                        • String ID: Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
                                                                                                                                                                        • API String ID: 4153817207-790910960
                                                                                                                                                                        • Opcode ID: b5e707eb8995385b08b1ec024ecd1318c5d95bc391110dab0da2774555c7568c
                                                                                                                                                                        • Instruction ID: ca3a3bd0bc22e0bf21ca5639d067a31c46901579141e6ec91e5d22c5f8c4b1ce
                                                                                                                                                                        • Opcode Fuzzy Hash: b5e707eb8995385b08b1ec024ecd1318c5d95bc391110dab0da2774555c7568c
                                                                                                                                                                        • Instruction Fuzzy Hash: A7117772D40219ABCB14BA698C05DBFBAB8EB40714F105296B85DF71D0DA748A04C7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00E87387: EnterCriticalSection.KERNEL32(00E958FC,?,?,?,00E86F92,00000000,?,?,00000000,?,?,00E86912,-00000010), ref: 00E87392
                                                                                                                                                                          • Part of subcall function 00E87387: LeaveCriticalSection.KERNEL32(00E958FC,?,?,?,00E86F92,00000000,?,?,00000000,?,?,00E86912,-00000010), ref: 00E873BE
                                                                                                                                                                        • FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,00000000,?,?,00E86912,-00000010), ref: 00E86FAE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterFindLeaveResource
                                                                                                                                                                        • String ID: X$X
                                                                                                                                                                        • API String ID: 2190064429-2819970280
                                                                                                                                                                        • Opcode ID: 28a10341efdeda612fb2955381247df5969a6fce6cb36263abddd4404c2d96ab
                                                                                                                                                                        • Instruction ID: ccacf30809699f7483ac80ad314885d255ca1d99211dc8c5a18e7fbe8c1be2e3
                                                                                                                                                                        • Opcode Fuzzy Hash: 28a10341efdeda612fb2955381247df5969a6fce6cb36263abddd4404c2d96ab
                                                                                                                                                                        • Instruction Fuzzy Hash: 5B01A73270552067DB257A59B851B7EA5D9DF81B94F202039FE4EFB280DE60CD0157E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00E8A76D
                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 00E8A78F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionSpectype_info::operator==
                                                                                                                                                                        • String ID: I
                                                                                                                                                                        • API String ID: 3804924280-4183857641
                                                                                                                                                                        • Opcode ID: a016f86f74e73706923923a4126e1da4837565255cf3da5f0581178ceecbc062
                                                                                                                                                                        • Instruction ID: 1b01f69af00d06f3ba63a1f43b772a6e350d5babd55caf82b8481be6047dd512
                                                                                                                                                                        • Opcode Fuzzy Hash: a016f86f74e73706923923a4126e1da4837565255cf3da5f0581178ceecbc062
                                                                                                                                                                        • Instruction Fuzzy Hash: 30F03075804615DFEF15FF84D54186EB3F0FF153287696567E46DB7602C731A8028B82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00E86511: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00E86516
                                                                                                                                                                          • Part of subcall function 00E86511: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00E86520
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00E8648A), ref: 00E87309
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E8648A), ref: 00E87318
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E87313
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2858339700.0000000000E81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2858306759.0000000000E80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858377494.0000000000E95000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2858408168.0000000000E97000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_e80000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 450123788-631824599
                                                                                                                                                                        • Opcode ID: 66e5cd7d5cb78d3975bf3c7404cb94078ed695ca2d9409b3aa10164f83490511
                                                                                                                                                                        • Instruction ID: 44f43c31c5505261f467b3d22c2909ccb395e9ab943cb4cc28327d0deba0e979
                                                                                                                                                                        • Opcode Fuzzy Hash: 66e5cd7d5cb78d3975bf3c7404cb94078ed695ca2d9409b3aa10164f83490511
                                                                                                                                                                        • Instruction Fuzzy Hash: 33E06D702143408FC360BF65E9053867AE8AB00745F206D9FE8DEF2241DBB1D44C8BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:4%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:1283
                                                                                                                                                                        Total number of Limit Nodes:31
                                                                                                                                                                        execution_graph 8269 8cb08d 8275 8cb02f __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 8269->8275 8270 8cb0a8 8272 8ccd36 CallUnexpected 41 API calls 8270->8272 8273 8cb0ad __FrameHandler3::FrameUnwindToState 8270->8273 8274 8cb0e8 8272->8274 8275->8270 8276 8cb0cf 8275->8276 8281 8c9b24 8276->8281 8278 8cb0d4 8279 8c9b24 _unexpected 51 API calls 8278->8279 8280 8cb0df 8278->8280 8279->8280 8280->8270 8294 8c9b32 8281->8294 8283 8c9b29 8283->8278 8308 8ceeb2 8283->8308 8286 8ccd46 8288 8ccd50 IsProcessorFeaturePresent 8286->8288 8289 8ccd6f 8286->8289 8290 8ccd5c 8288->8290 8291 8cbfc9 CallUnexpected 23 API calls 8289->8291 8293 8cb83e CallUnexpected 8 API calls 8290->8293 8292 8ccd79 8291->8292 8293->8289 8295 8c9b3e GetLastError 8294->8295 8296 8c9b3b 8294->8296 8338 8c9f70 8295->8338 8296->8283 8299 8c9bb8 SetLastError 8299->8283 8300 8c9fab ___vcrt_FlsSetValue 6 API calls 8301 8c9b6c _unexpected 8300->8301 8302 8c9b94 8301->8302 8303 8c9fab ___vcrt_FlsSetValue 6 API calls 8301->8303 8307 8c9b72 8301->8307 8304 8c9fab ___vcrt_FlsSetValue 6 API calls 8302->8304 8305 8c9ba8 8302->8305 8303->8302 8304->8305 8343 8cbb0b 8305->8343 8307->8299 8346 8cede4 8308->8346 8311 8ceef7 8312 8cef03 __FrameHandler3::FrameUnwindToState 8311->8312 8315 8cef2a CallUnexpected 8312->8315 8319 8cef30 CallUnexpected 8312->8319 8357 8cd391 GetLastError 8312->8357 8314 8cef77 8316 8cbaf8 ___free_lconv_mon 14 API calls 8314->8316 8315->8314 8317 8cef61 8315->8317 8315->8319 8318 8cef7c 8316->8318 8317->8286 8320 8cba3a ___std_exception_copy 41 API calls 8318->8320 8321 8cefa3 8319->8321 8380 8cd642 EnterCriticalSection 8319->8380 8320->8317 8324 8cefe5 8321->8324 8325 8cf0d6 8321->8325 8335 8cf014 8321->8335 8330 8cd240 _unexpected 41 API calls 8324->8330 8324->8335 8326 8cf0e1 8325->8326 8385 8cd68a LeaveCriticalSection 8325->8385 8329 8cbfc9 CallUnexpected 23 API calls 8326->8329 8331 8cf0e9 8329->8331 8333 8cf009 8330->8333 8332 8cd240 _unexpected 41 API calls 8336 8cf069 8332->8336 8334 8cd240 _unexpected 41 API calls 8333->8334 8334->8335 8381 8cf083 8335->8381 8336->8317 8337 8cd240 _unexpected 41 API calls 8336->8337 8337->8317 8339 8c9eb1 ___vcrt_FlsSetValue 5 API calls 8338->8339 8340 8c9f8a 8339->8340 8341 8c9b53 8340->8341 8342 8c9fa2 TlsGetValue 8340->8342 8341->8299 8341->8300 8341->8307 8342->8341 8344 8cd52b ___free_lconv_mon 14 API calls 8343->8344 8345 8cbb23 8344->8345 8345->8307 8347 8cedf0 __FrameHandler3::FrameUnwindToState 8346->8347 8352 8cd642 EnterCriticalSection 8347->8352 8349 8cedfe 8353 8cee3c 8349->8353 8352->8349 8356 8cd68a LeaveCriticalSection 8353->8356 8355 8ccd3b 8355->8286 8355->8311 8356->8355 8358 8cd3a7 8357->8358 8359 8cd3ad 8357->8359 8360 8ce902 _unexpected 6 API calls 8358->8360 8361 8ce941 _unexpected 6 API calls 8359->8361 8363 8cd3b1 SetLastError 8359->8363 8360->8359 8362 8cd3c9 8361->8362 8362->8363 8365 8cd6d2 _unexpected 12 API calls 8362->8365 8363->8315 8366 8cd3de 8365->8366 8367 8cd3e6 8366->8367 8368 8cd3f7 8366->8368 8369 8ce941 _unexpected 6 API calls 8367->8369 8370 8ce941 _unexpected 6 API calls 8368->8370 8371 8cd3f4 8369->8371 8372 8cd403 8370->8372 8377 8cd52b ___free_lconv_mon 12 API calls 8371->8377 8373 8cd41e 8372->8373 8374 8cd407 8372->8374 8375 8cd06e _unexpected 12 API calls 8373->8375 8376 8ce941 _unexpected 6 API calls 8374->8376 8378 8cd429 8375->8378 8376->8371 8377->8363 8379 8cd52b ___free_lconv_mon 12 API calls 8378->8379 8379->8363 8380->8321 8382 8cf089 8381->8382 8383 8cf05a 8381->8383 8386 8cd68a LeaveCriticalSection 8382->8386 8383->8317 8383->8332 8383->8336 8385->8326 8386->8383 7280 8c7905 7281 8c7911 __FrameHandler3::FrameUnwindToState 7280->7281 7306 8c7657 7281->7306 7283 8c7918 7284 8c7a6b 7283->7284 7293 8c7942 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 7283->7293 7354 8c7bb0 IsProcessorFeaturePresent 7284->7354 7286 8c7a72 7334 8cc006 7286->7334 7291 8c7961 7292 8c79e2 7314 8c7ccb 7292->7314 7293->7291 7293->7292 7337 8cbfe0 7293->7337 7295 8c79e8 7318 8c6c1e GetModuleHandleW GetProcAddress 7295->7318 7298 8c79fd 7343 8c7d04 GetModuleHandleW 7298->7343 7301 8c7a08 7302 8c7a11 7301->7302 7345 8cbfba 7301->7345 7348 8c77c8 7302->7348 7307 8c7660 7306->7307 7361 8c7db1 IsProcessorFeaturePresent 7307->7361 7311 8c7671 7312 8c7675 7311->7312 7371 8c9759 7311->7371 7312->7283 7433 8c95e0 7314->7433 7317 8c7cf1 7317->7295 7319 8c6c3d 7318->7319 7435 8c6887 7319->7435 7321 8c6c4c 7462 8c6dd7 7321->7462 7323 8c6c56 7465 8c6a8c 7323->7465 7326 8c6c6b LoadLibraryExW 7327 8c6c7e 7326->7327 7328 8c6c87 GetProcAddress 7326->7328 7496 8c6820 GetLastError 7327->7496 7331 8c6ca5 FreeLibrary 7328->7331 7332 8c6c99 GetCommandLineW 7328->7332 7329 8c6c83 7329->7298 7331->7329 7332->7331 7803 8cbe30 7334->7803 7338 8cbff6 __FrameHandler3::FrameUnwindToState _unexpected 7337->7338 7338->7292 7893 8cd240 GetLastError 7338->7893 7340 8ccd36 CallUnexpected 41 API calls 7341 8cccd6 7340->7341 7344 8c7a04 7343->7344 7344->7286 7344->7301 7346 8cbe30 CallUnexpected 23 API calls 7345->7346 7347 8cbfc5 7346->7347 7347->7302 7349 8c77d4 7348->7349 7353 8c77ea 7349->7353 8098 8cc9ca 7349->8098 7351 8c77e2 7352 8c9759 ___scrt_uninitialize_crt 7 API calls 7351->7352 7352->7353 7353->7291 7355 8c7bc6 CallUnexpected 7354->7355 7356 8c7c71 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7355->7356 7357 8c7cbc CallUnexpected 7356->7357 7357->7286 7358 8cbfc9 7359 8cbe30 CallUnexpected 23 API calls 7358->7359 7360 8c7a80 7359->7360 7362 8c766c 7361->7362 7363 8c973a 7362->7363 7377 8c9c12 7363->7377 7366 8c9743 7366->7311 7368 8c974b 7369 8c9756 7368->7369 7391 8c9c4e 7368->7391 7369->7311 7372 8c976c 7371->7372 7373 8c9762 7371->7373 7372->7312 7374 8c9bf7 ___vcrt_uninitialize_ptd 6 API calls 7373->7374 7375 8c9767 7374->7375 7376 8c9c4e ___vcrt_uninitialize_locks DeleteCriticalSection 7375->7376 7376->7372 7378 8c9c1b 7377->7378 7380 8c9c44 7378->7380 7382 8c973f 7378->7382 7395 8c9fe9 7378->7395 7381 8c9c4e ___vcrt_uninitialize_locks DeleteCriticalSection 7380->7381 7381->7382 7382->7366 7383 8c9bc4 7382->7383 7414 8c9efa 7383->7414 7386 8c9bd9 7386->7368 7389 8c9bf4 7389->7368 7392 8c9c78 7391->7392 7393 8c9c59 7391->7393 7392->7366 7394 8c9c63 DeleteCriticalSection 7393->7394 7394->7392 7394->7394 7400 8c9eb1 7395->7400 7398 8ca021 InitializeCriticalSectionAndSpinCount 7399 8ca00c 7398->7399 7399->7378 7401 8c9ec9 7400->7401 7405 8c9eec 7400->7405 7401->7405 7406 8c9e17 7401->7406 7404 8c9ede GetProcAddress 7404->7405 7405->7398 7405->7399 7411 8c9e23 ___vcrt_FlsSetValue 7406->7411 7407 8c9e97 7407->7404 7407->7405 7408 8c9e39 LoadLibraryExW 7409 8c9e9e 7408->7409 7410 8c9e57 GetLastError 7408->7410 7409->7407 7412 8c9ea6 FreeLibrary 7409->7412 7410->7411 7411->7407 7411->7408 7413 8c9e79 LoadLibraryExW 7411->7413 7412->7407 7413->7409 7413->7411 7415 8c9eb1 ___vcrt_FlsSetValue 5 API calls 7414->7415 7416 8c9f14 7415->7416 7417 8c9f2d TlsAlloc 7416->7417 7418 8c9bce 7416->7418 7418->7386 7419 8c9fab 7418->7419 7420 8c9eb1 ___vcrt_FlsSetValue 5 API calls 7419->7420 7421 8c9fc5 7420->7421 7422 8c9fe0 TlsSetValue 7421->7422 7423 8c9be7 7421->7423 7422->7423 7423->7389 7424 8c9bf7 7423->7424 7425 8c9c07 7424->7425 7426 8c9c01 7424->7426 7425->7386 7428 8c9f35 7426->7428 7429 8c9eb1 ___vcrt_FlsSetValue 5 API calls 7428->7429 7430 8c9f4f 7429->7430 7431 8c9f67 TlsFree 7430->7431 7432 8c9f5b 7430->7432 7431->7432 7432->7425 7434 8c7cde GetStartupInfoW 7433->7434 7434->7317 7436 8c6dd7 56 API calls 7435->7436 7437 8c6898 7436->7437 7438 8c68b1 GetModuleFileNameW 7437->7438 7439 8c68c9 7438->7439 7461 8c69a0 7439->7461 7498 8c664f 7439->7498 7441 8c69e3 7443 8c6914 7537 8c6eab 7443->7537 7444 8c6906 7528 8c6f7d 7444->7528 7447 8c6912 7513 8c6cc6 7447->7513 7449 8c6931 7517 8c6ffa 7449->7517 7451 8c693c 7521 8c6d76 7451->7521 7453 8c694e 7454 8c6dd7 56 API calls 7453->7454 7455 8c695e 7454->7455 7456 8c6973 SHGetFolderPathW 7455->7456 7457 8c698c 7456->7457 7457->7461 7550 8c6d3c 7457->7550 7459 8c6998 7460 8c6d3c CharLowerBuffW 7459->7460 7460->7461 7461->7321 7463 8c664f 56 API calls 7462->7463 7464 8c6ddf 7463->7464 7464->7323 7466 8c6ac1 CallUnexpected 7465->7466 7467 8c6ad0 GetModuleFileNameW 7466->7467 7468 8c6aeb 7467->7468 7469 8c6af5 PathRemoveFileSpecW 7467->7469 7470 8c6820 GetLastError 7468->7470 7776 8cb6ca 7469->7776 7488 8c6af0 7470->7488 7473 8c6b31 7785 8c683b 7473->7785 7476 8c6c1c 7476->7326 7476->7329 7478 8c6b63 7480 8cb6ca 41 API calls 7478->7480 7479 8c6b40 7482 8c6eab 41 API calls 7479->7482 7481 8c6b7b 7480->7481 7483 8c6dd7 56 API calls 7481->7483 7482->7488 7484 8c6b89 7483->7484 7791 8c69ee RegOpenKeyExW 7484->7791 7486 8c6b9a 7487 8c6ba0 PathAppendW 7486->7487 7486->7488 7489 8c6bc5 7487->7489 7490 8c6bb3 PathAppendW 7487->7490 7795 8c73ee 7488->7795 7492 8c6820 GetLastError 7489->7492 7490->7489 7491 8c6bce 7490->7491 7493 8c683b 6 API calls 7491->7493 7492->7488 7494 8c6bd9 7493->7494 7494->7488 7495 8c6eab 41 API calls 7494->7495 7495->7488 7497 8c682a 7496->7497 7497->7329 7499 8c667d 7498->7499 7501 8c6666 7498->7501 7555 8c750b EnterCriticalSection 7499->7555 7500 8c6678 7500->7441 7500->7443 7500->7444 7501->7500 7504 8c750b 6 API calls 7501->7504 7503 8c6688 7503->7501 7505 8c6692 GetProcessHeap 7503->7505 7506 8c66cd 7504->7506 7560 8c781d 7505->7560 7506->7500 7508 8c781d 44 API calls 7506->7508 7510 8c671a 7508->7510 7512 8c74c1 __Init_thread_footer 5 API calls 7510->7512 7512->7500 7645 8c6dfe 7513->7645 7515 8c6cd4 PathRemoveFileSpecW 7516 8c6ce3 7515->7516 7516->7449 7518 8c7005 7517->7518 7519 8c7013 7518->7519 7647 8c70a4 7518->7647 7519->7451 7522 8c6d8e 7521->7522 7527 8c6da2 7521->7527 7523 8c6dc3 7522->7523 7525 8c6d9d 7522->7525 7524 8c6eab 41 API calls 7523->7524 7524->7527 7526 8c6ffa 14 API calls 7525->7526 7526->7527 7527->7453 7653 8c7387 EnterCriticalSection 7528->7653 7530 8c6fa8 FindResourceExW 7531 8c6f92 7530->7531 7531->7530 7533 8c7387 5 API calls 7531->7533 7534 8c6fe0 7531->7534 7536 8c6fef 7531->7536 7658 8c6539 LoadResource 7531->7658 7533->7531 7534->7536 7662 8c7118 FindResourceW 7534->7662 7536->7447 7539 8c6eb9 __InternalCxxFrameHandler 7537->7539 7540 8c6ec3 7537->7540 7538 8c6f57 7539->7447 7540->7538 7541 8c6f3d 7540->7541 7542 8c6ef3 7540->7542 7543 8c70a4 14 API calls 7541->7543 7542->7539 7544 8c6f04 7542->7544 7546 8c6f1a 7542->7546 7543->7539 7545 8cbaf8 ___free_lconv_mon 14 API calls 7544->7545 7547 8c6f09 7545->7547 7546->7539 7548 8cbaf8 ___free_lconv_mon 14 API calls 7546->7548 7549 8cba3a ___std_exception_copy 41 API calls 7547->7549 7548->7547 7549->7539 7551 8c6d4b 7550->7551 7552 8c6d56 CharLowerBuffW 7551->7552 7553 8c6d6b 7551->7553 7554 8c6d66 7552->7554 7554->7459 7556 8c751f 7555->7556 7557 8c7524 LeaveCriticalSection 7556->7557 7568 8c7593 7556->7568 7557->7503 7573 8c77f0 7560->7573 7563 8c74c1 EnterCriticalSection LeaveCriticalSection 7564 8c755d 7563->7564 7565 8c7568 RtlWakeAllConditionVariable 7564->7565 7566 8c7579 SetEvent ResetEvent 7564->7566 7565->7501 7566->7501 7569 8c75ba LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 7568->7569 7570 8c75a1 SleepConditionVariableCS 7568->7570 7571 8c75de 7569->7571 7570->7571 7571->7556 7574 8c77ff 7573->7574 7575 8c7806 7573->7575 7579 8cc80d 7574->7579 7582 8cc88a 7575->7582 7578 8c66b8 7578->7563 7580 8cc88a 44 API calls 7579->7580 7581 8cc81f 7580->7581 7581->7578 7585 8cc5d6 7582->7585 7586 8cc5e2 __FrameHandler3::FrameUnwindToState 7585->7586 7593 8cd642 EnterCriticalSection 7586->7593 7588 8cc5f0 7594 8cc631 7588->7594 7590 8cc5fd 7604 8cc625 7590->7604 7593->7588 7595 8cc64c 7594->7595 7596 8cc6bf _unexpected 7594->7596 7595->7596 7597 8cc69f 7595->7597 7607 8cbb26 7595->7607 7596->7590 7597->7596 7599 8cbb26 44 API calls 7597->7599 7601 8cc6b5 7599->7601 7600 8cc695 7616 8cd52b 7600->7616 7603 8cd52b ___free_lconv_mon 14 API calls 7601->7603 7603->7596 7644 8cd68a LeaveCriticalSection 7604->7644 7606 8cc60e 7606->7578 7608 8cbb4e 7607->7608 7609 8cbb33 7607->7609 7611 8cbb5d 7608->7611 7625 8cd565 7608->7625 7609->7608 7610 8cbb3f 7609->7610 7622 8cbaf8 7610->7622 7632 8cd598 7611->7632 7615 8cbb44 CallUnexpected 7615->7600 7617 8cd536 HeapFree 7616->7617 7618 8cd560 7616->7618 7617->7618 7619 8cd54b GetLastError 7617->7619 7618->7597 7620 8cd558 ___free_lconv_mon 7619->7620 7621 8cbaf8 ___free_lconv_mon 12 API calls 7620->7621 7621->7618 7623 8cd391 CallUnexpected 14 API calls 7622->7623 7624 8cbafd 7623->7624 7624->7615 7626 8cd585 HeapSize 7625->7626 7627 8cd570 7625->7627 7626->7611 7628 8cbaf8 ___free_lconv_mon 14 API calls 7627->7628 7629 8cd575 7628->7629 7630 8cba3a ___std_exception_copy 41 API calls 7629->7630 7631 8cd580 7630->7631 7631->7611 7633 8cd5a5 7632->7633 7634 8cd5b0 7632->7634 7635 8cfac8 15 API calls 7633->7635 7636 8cd5b8 7634->7636 7642 8cd5c1 _unexpected 7634->7642 7640 8cd5ad 7635->7640 7637 8cd52b ___free_lconv_mon 14 API calls 7636->7637 7637->7640 7638 8cd5eb HeapReAlloc 7638->7640 7638->7642 7639 8cd5c6 7641 8cbaf8 ___free_lconv_mon 14 API calls 7639->7641 7640->7615 7641->7640 7642->7638 7642->7639 7643 8ced5b _unexpected EnterCriticalSection LeaveCriticalSection 7642->7643 7643->7642 7644->7606 7646 8c6e2f 7645->7646 7648 8c70b6 7647->7648 7651 8c70d9 __InternalCxxFrameHandler 7647->7651 7649 8cbaf8 ___free_lconv_mon 14 API calls 7648->7649 7650 8c70bf CallUnexpected 7648->7650 7649->7650 7650->7651 7652 8cbaf8 14 API calls ___free_lconv_mon 7650->7652 7651->7519 7652->7650 7654 8c73a9 LeaveCriticalSection 7653->7654 7655 8c73a0 7653->7655 7654->7531 7655->7654 7668 8c7362 7655->7668 7659 8c654f LockResource 7658->7659 7661 8c656f 7658->7661 7660 8c655c SizeofResource 7659->7660 7659->7661 7660->7661 7661->7531 7663 8c7168 7662->7663 7664 8c7139 7662->7664 7663->7536 7665 8c6539 3 API calls 7664->7665 7666 8c7146 7665->7666 7666->7663 7679 8cb61a 7666->7679 7669 8c736c 7668->7669 7670 8c7371 7669->7670 7678 8c64a0 RaiseException 7669->7678 7670->7654 7672 8c7386 EnterCriticalSection 7674 8c73a9 LeaveCriticalSection 7672->7674 7675 8c73a0 7672->7675 7674->7654 7675->7674 7677 8c7362 RaiseException 7675->7677 7677->7674 7678->7672 7680 8cb62b 7679->7680 7689 8cb627 __InternalCxxFrameHandler 7679->7689 7681 8cb645 _wmemset 7680->7681 7682 8cb632 7680->7682 7686 8cb67f 7681->7686 7687 8cb676 7681->7687 7681->7689 7683 8cbaf8 ___free_lconv_mon 14 API calls 7682->7683 7684 8cb637 7683->7684 7693 8cba3a 7684->7693 7686->7689 7691 8cbaf8 ___free_lconv_mon 14 API calls 7686->7691 7688 8cbaf8 ___free_lconv_mon 14 API calls 7687->7688 7690 8cb67b 7688->7690 7689->7663 7692 8cba3a ___std_exception_copy 41 API calls 7690->7692 7691->7690 7692->7689 7696 8cb986 7693->7696 7697 8cb998 ___std_exception_copy 7696->7697 7702 8cb9bd 7697->7702 7699 8cb9b0 7713 8cb776 7699->7713 7703 8cb9cd 7702->7703 7707 8cb9d4 7702->7707 7719 8cb7db GetLastError 7703->7719 7705 8cb9e2 7705->7699 7707->7705 7723 8cb7b2 7707->7723 7708 8cba09 7708->7705 7726 8cba4a IsProcessorFeaturePresent 7708->7726 7710 8cba39 7711 8cb986 ___std_exception_copy 41 API calls 7710->7711 7712 8cba46 7711->7712 7712->7699 7714 8cb782 7713->7714 7717 8cb799 7714->7717 7758 8cb821 7714->7758 7716 8cb821 ___std_exception_copy 41 API calls 7718 8cb7ac 7716->7718 7717->7716 7717->7718 7718->7689 7720 8cb7f4 7719->7720 7730 8cd442 7720->7730 7724 8cb7bd GetLastError SetLastError 7723->7724 7725 8cb7d6 7723->7725 7724->7708 7725->7708 7727 8cba56 7726->7727 7752 8cb83e 7727->7752 7731 8cd45b 7730->7731 7732 8cd455 7730->7732 7734 8ce941 _unexpected 6 API calls 7731->7734 7751 8cb80c SetLastError 7731->7751 7733 8ce902 _unexpected 6 API calls 7732->7733 7733->7731 7735 8cd475 7734->7735 7736 8cd6d2 _unexpected 14 API calls 7735->7736 7735->7751 7737 8cd485 7736->7737 7738 8cd48d 7737->7738 7739 8cd4a2 7737->7739 7741 8ce941 _unexpected 6 API calls 7738->7741 7740 8ce941 _unexpected 6 API calls 7739->7740 7742 8cd4ae 7740->7742 7743 8cd499 7741->7743 7744 8cd4c1 7742->7744 7745 8cd4b2 7742->7745 7748 8cd52b ___free_lconv_mon 14 API calls 7743->7748 7747 8cd06e _unexpected 14 API calls 7744->7747 7746 8ce941 _unexpected 6 API calls 7745->7746 7746->7743 7749 8cd4cc 7747->7749 7748->7751 7750 8cd52b ___free_lconv_mon 14 API calls 7749->7750 7750->7751 7751->7707 7753 8cb85a CallUnexpected 7752->7753 7754 8cb886 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7753->7754 7755 8cb957 CallUnexpected 7754->7755 7756 8c73ee __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 7755->7756 7757 8cb975 GetCurrentProcess TerminateProcess 7756->7757 7757->7710 7759 8cb82b 7758->7759 7760 8cb834 7758->7760 7761 8cb7db ___std_exception_copy 16 API calls 7759->7761 7760->7717 7762 8cb830 7761->7762 7762->7760 7765 8ccd36 7762->7765 7766 8ceeb2 CallUnexpected EnterCriticalSection LeaveCriticalSection 7765->7766 7767 8ccd3b 7766->7767 7768 8ceef7 CallUnexpected 40 API calls 7767->7768 7770 8ccd46 7767->7770 7768->7770 7769 8ccd50 IsProcessorFeaturePresent 7771 8ccd5c 7769->7771 7770->7769 7775 8ccd6f 7770->7775 7774 8cb83e CallUnexpected 8 API calls 7771->7774 7772 8cbfc9 CallUnexpected 23 API calls 7773 8ccd79 7772->7773 7774->7775 7775->7772 7777 8cb6d8 7776->7777 7778 8cb6e6 7776->7778 7777->7778 7780 8cb700 7777->7780 7779 8cbaf8 ___free_lconv_mon 14 API calls 7778->7779 7784 8cb6f0 7779->7784 7782 8c6b16 PathAppendW 7780->7782 7783 8cbaf8 ___free_lconv_mon 14 API calls 7780->7783 7781 8cba3a ___std_exception_copy 41 API calls 7781->7782 7782->7468 7782->7473 7783->7784 7784->7781 7786 8c6878 7785->7786 7787 8c6852 7785->7787 7789 8c73ee __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 7786->7789 7787->7786 7788 8c6859 GetFileAttributesExW 7787->7788 7788->7786 7790 8c6885 7789->7790 7790->7478 7790->7479 7792 8c6a2b 7791->7792 7794 8c6a1f 7791->7794 7793 8c6a43 SHQueryValueExW 7792->7793 7793->7794 7794->7486 7796 8c73f6 7795->7796 7797 8c73f7 IsProcessorFeaturePresent 7795->7797 7796->7476 7799 8c7acb 7797->7799 7802 8c7a8e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 7799->7802 7801 8c7bae 7801->7476 7802->7801 7804 8cbe5d 7803->7804 7805 8cbe6f 7803->7805 7807 8c7d04 CallUnexpected GetModuleHandleW 7804->7807 7815 8cbcd9 7805->7815 7808 8cbe62 7807->7808 7808->7805 7830 8cbf1a GetModuleHandleExW 7808->7830 7809 8c7a78 7809->7358 7814 8cbec1 7816 8cbce5 __FrameHandler3::FrameUnwindToState 7815->7816 7836 8cd642 EnterCriticalSection 7816->7836 7818 8cbcef 7837 8cbd45 7818->7837 7820 8cbcfc 7841 8cbd1a 7820->7841 7823 8cbec7 7866 8cbef8 7823->7866 7826 8cbee5 7828 8cbf1a CallUnexpected 3 API calls 7826->7828 7827 8cbed5 GetCurrentProcess TerminateProcess 7827->7826 7829 8cbeed ExitProcess 7828->7829 7831 8cbf59 GetProcAddress 7830->7831 7832 8cbf7a 7830->7832 7831->7832 7835 8cbf6d 7831->7835 7833 8cbe6e 7832->7833 7834 8cbf80 FreeLibrary 7832->7834 7833->7805 7834->7833 7835->7832 7836->7818 7839 8cbd51 __FrameHandler3::FrameUnwindToState 7837->7839 7838 8cbdb8 CallUnexpected 7838->7820 7839->7838 7844 8cc823 7839->7844 7865 8cd68a LeaveCriticalSection 7841->7865 7843 8cbd08 7843->7809 7843->7823 7845 8cc82f __EH_prolog3 7844->7845 7848 8cc57b 7845->7848 7847 8cc856 CallUnexpected 7847->7838 7849 8cc587 __FrameHandler3::FrameUnwindToState 7848->7849 7856 8cd642 EnterCriticalSection 7849->7856 7851 8cc595 7857 8cc733 7851->7857 7856->7851 7858 8cc752 7857->7858 7859 8cc5a2 7857->7859 7858->7859 7860 8cd52b ___free_lconv_mon 14 API calls 7858->7860 7861 8cc5ca 7859->7861 7860->7859 7864 8cd68a LeaveCriticalSection 7861->7864 7863 8cc5b3 7863->7847 7864->7863 7865->7843 7871 8cd6a1 GetPEB 7866->7871 7869 8cbed1 7869->7826 7869->7827 7870 8cbf02 GetPEB 7870->7869 7872 8cd6bb 7871->7872 7874 8cbefd 7871->7874 7875 8ce844 7872->7875 7874->7869 7874->7870 7878 8ce7c1 7875->7878 7879 8ce7ef 7878->7879 7880 8ce7eb 7878->7880 7879->7880 7885 8ce6f6 7879->7885 7880->7874 7883 8ce809 GetProcAddress 7883->7880 7884 8ce819 _unexpected 7883->7884 7884->7880 7891 8ce707 ___vcrt_FlsSetValue 7885->7891 7886 8ce79d 7886->7880 7886->7883 7887 8ce725 LoadLibraryExW 7888 8ce7a4 7887->7888 7889 8ce740 GetLastError 7887->7889 7888->7886 7890 8ce7b6 FreeLibrary 7888->7890 7889->7891 7890->7886 7891->7886 7891->7887 7892 8ce773 LoadLibraryExW 7891->7892 7892->7888 7892->7891 7894 8cd256 7893->7894 7895 8cd25c 7893->7895 7920 8ce902 7894->7920 7899 8cd260 SetLastError 7895->7899 7925 8ce941 7895->7925 7903 8cd2f5 7899->7903 7904 8cccac 7899->7904 7905 8ccd36 CallUnexpected 39 API calls 7903->7905 7904->7340 7909 8cd2fa 7905->7909 7906 8cd295 7910 8ce941 _unexpected 6 API calls 7906->7910 7907 8cd2a6 7908 8ce941 _unexpected 6 API calls 7907->7908 7911 8cd2b2 7908->7911 7912 8cd2a3 7910->7912 7913 8cd2cd 7911->7913 7914 8cd2b6 7911->7914 7916 8cd52b ___free_lconv_mon 14 API calls 7912->7916 7937 8cd06e 7913->7937 7915 8ce941 _unexpected 6 API calls 7914->7915 7915->7912 7916->7899 7919 8cd52b ___free_lconv_mon 14 API calls 7919->7899 7921 8ce7c1 _unexpected 5 API calls 7920->7921 7922 8ce91e 7921->7922 7923 8ce939 TlsGetValue 7922->7923 7924 8ce927 7922->7924 7924->7895 7926 8ce7c1 _unexpected 5 API calls 7925->7926 7927 8ce95d 7926->7927 7928 8ce97b TlsSetValue 7927->7928 7929 8cd278 7927->7929 7929->7899 7930 8cd6d2 7929->7930 7935 8cd6df _unexpected 7930->7935 7931 8cd71f 7933 8cbaf8 ___free_lconv_mon 13 API calls 7931->7933 7932 8cd70a RtlAllocateHeap 7934 8cd28d 7932->7934 7932->7935 7933->7934 7934->7906 7934->7907 7935->7931 7935->7932 7942 8ced5b 7935->7942 7956 8ccf02 7937->7956 7945 8ced88 7942->7945 7946 8ced94 __FrameHandler3::FrameUnwindToState 7945->7946 7951 8cd642 EnterCriticalSection 7946->7951 7948 8ced9f 7952 8ceddb 7948->7952 7951->7948 7955 8cd68a LeaveCriticalSection 7952->7955 7954 8ced66 7954->7935 7955->7954 7957 8ccf0e __FrameHandler3::FrameUnwindToState 7956->7957 7970 8cd642 EnterCriticalSection 7957->7970 7959 8ccf18 7971 8ccf48 7959->7971 7962 8cd014 7963 8cd020 __FrameHandler3::FrameUnwindToState 7962->7963 7975 8cd642 EnterCriticalSection 7963->7975 7965 8cd02a 7976 8cd1f5 7965->7976 7967 8cd042 7980 8cd062 7967->7980 7970->7959 7974 8cd68a LeaveCriticalSection 7971->7974 7973 8ccf36 7973->7962 7974->7973 7975->7965 7977 8cd204 _unexpected 7976->7977 7978 8cd22b _unexpected 7976->7978 7977->7978 7983 8cfd0a 7977->7983 7978->7967 8097 8cd68a LeaveCriticalSection 7980->8097 7982 8cd050 7982->7919 7984 8cfd8a 7983->7984 7988 8cfd20 7983->7988 7986 8cd52b ___free_lconv_mon 14 API calls 7984->7986 8010 8cfdd8 7984->8010 7989 8cfdac 7986->7989 7987 8cfde6 7995 8cfe46 7987->7995 8008 8cd52b 14 API calls ___free_lconv_mon 7987->8008 7988->7984 7991 8cd52b ___free_lconv_mon 14 API calls 7988->7991 7992 8cfd53 7988->7992 7990 8cd52b ___free_lconv_mon 14 API calls 7989->7990 7993 8cfdbf 7990->7993 7996 8cfd48 7991->7996 7997 8cd52b ___free_lconv_mon 14 API calls 7992->7997 8009 8cfd75 7992->8009 7998 8cd52b ___free_lconv_mon 14 API calls 7993->7998 7994 8cd52b ___free_lconv_mon 14 API calls 7999 8cfd7f 7994->7999 8001 8cd52b ___free_lconv_mon 14 API calls 7995->8001 8011 8cf858 7996->8011 8003 8cfd6a 7997->8003 8004 8cfdcd 7998->8004 8000 8cd52b ___free_lconv_mon 14 API calls 7999->8000 8000->7984 8005 8cfe4c 8001->8005 8039 8cf956 8003->8039 8007 8cd52b ___free_lconv_mon 14 API calls 8004->8007 8005->7978 8007->8010 8008->7987 8009->7994 8051 8cfe7b 8010->8051 8012 8cf869 8011->8012 8038 8cf952 8011->8038 8013 8cf87a 8012->8013 8014 8cd52b ___free_lconv_mon 14 API calls 8012->8014 8015 8cf88c 8013->8015 8016 8cd52b ___free_lconv_mon 14 API calls 8013->8016 8014->8013 8017 8cf89e 8015->8017 8018 8cd52b ___free_lconv_mon 14 API calls 8015->8018 8016->8015 8019 8cf8b0 8017->8019 8021 8cd52b ___free_lconv_mon 14 API calls 8017->8021 8018->8017 8020 8cf8c2 8019->8020 8022 8cd52b ___free_lconv_mon 14 API calls 8019->8022 8023 8cf8d4 8020->8023 8024 8cd52b ___free_lconv_mon 14 API calls 8020->8024 8021->8019 8022->8020 8025 8cf8e6 8023->8025 8026 8cd52b ___free_lconv_mon 14 API calls 8023->8026 8024->8023 8027 8cf8f8 8025->8027 8029 8cd52b ___free_lconv_mon 14 API calls 8025->8029 8026->8025 8028 8cf90a 8027->8028 8030 8cd52b ___free_lconv_mon 14 API calls 8027->8030 8031 8cf91c 8028->8031 8032 8cd52b ___free_lconv_mon 14 API calls 8028->8032 8029->8027 8030->8028 8033 8cd52b ___free_lconv_mon 14 API calls 8031->8033 8035 8cf92e 8031->8035 8032->8031 8033->8035 8034 8cf940 8037 8cd52b ___free_lconv_mon 14 API calls 8034->8037 8034->8038 8035->8034 8036 8cd52b ___free_lconv_mon 14 API calls 8035->8036 8036->8034 8037->8038 8038->7992 8040 8cf9bb 8039->8040 8041 8cf963 8039->8041 8040->8009 8042 8cf973 8041->8042 8043 8cd52b ___free_lconv_mon 14 API calls 8041->8043 8044 8cf985 8042->8044 8046 8cd52b ___free_lconv_mon 14 API calls 8042->8046 8043->8042 8045 8cf997 8044->8045 8047 8cd52b ___free_lconv_mon 14 API calls 8044->8047 8048 8cf9a9 8045->8048 8049 8cd52b ___free_lconv_mon 14 API calls 8045->8049 8046->8044 8047->8045 8048->8040 8050 8cd52b ___free_lconv_mon 14 API calls 8048->8050 8049->8048 8050->8040 8052 8cfe88 8051->8052 8053 8cfea7 8051->8053 8052->8053 8057 8cf9e4 8052->8057 8053->7987 8056 8cd52b ___free_lconv_mon 14 API calls 8056->8053 8058 8cfac2 8057->8058 8059 8cf9f5 8057->8059 8058->8056 8093 8cf9bf 8059->8093 8062 8cf9bf _unexpected 14 API calls 8063 8cfa08 8062->8063 8064 8cf9bf _unexpected 14 API calls 8063->8064 8065 8cfa13 8064->8065 8066 8cf9bf _unexpected 14 API calls 8065->8066 8067 8cfa1e 8066->8067 8068 8cf9bf _unexpected 14 API calls 8067->8068 8069 8cfa2c 8068->8069 8070 8cd52b ___free_lconv_mon 14 API calls 8069->8070 8071 8cfa37 8070->8071 8072 8cd52b ___free_lconv_mon 14 API calls 8071->8072 8073 8cfa42 8072->8073 8074 8cd52b ___free_lconv_mon 14 API calls 8073->8074 8075 8cfa4d 8074->8075 8076 8cf9bf _unexpected 14 API calls 8075->8076 8077 8cfa5b 8076->8077 8078 8cf9bf _unexpected 14 API calls 8077->8078 8079 8cfa69 8078->8079 8080 8cf9bf _unexpected 14 API calls 8079->8080 8081 8cfa7a 8080->8081 8082 8cf9bf _unexpected 14 API calls 8081->8082 8083 8cfa88 8082->8083 8084 8cf9bf _unexpected 14 API calls 8083->8084 8085 8cfa96 8084->8085 8086 8cd52b ___free_lconv_mon 14 API calls 8085->8086 8087 8cfaa1 8086->8087 8088 8cd52b ___free_lconv_mon 14 API calls 8087->8088 8089 8cfaac 8088->8089 8090 8cd52b ___free_lconv_mon 14 API calls 8089->8090 8091 8cfab7 8090->8091 8092 8cd52b ___free_lconv_mon 14 API calls 8091->8092 8092->8058 8094 8cf9d1 8093->8094 8095 8cf9e0 8094->8095 8096 8cd52b ___free_lconv_mon 14 API calls 8094->8096 8095->8062 8096->8094 8097->7982 8099 8cc9d5 8098->8099 8101 8cc9e7 ___scrt_uninitialize_crt 8098->8101 8100 8cc9e3 8099->8100 8103 8cf395 8099->8103 8100->7351 8101->7351 8106 8cf222 8103->8106 8109 8cf176 8106->8109 8110 8cf182 __FrameHandler3::FrameUnwindToState 8109->8110 8117 8cd642 EnterCriticalSection 8110->8117 8112 8cf1f8 8126 8cf216 8112->8126 8115 8cf18c ___scrt_uninitialize_crt 8115->8112 8118 8cf0ea 8115->8118 8117->8115 8119 8cf0f6 __FrameHandler3::FrameUnwindToState 8118->8119 8129 8cf4b2 EnterCriticalSection 8119->8129 8121 8cf14c 8143 8cf16a 8121->8143 8122 8cf100 ___scrt_uninitialize_crt 8122->8121 8130 8cf330 8122->8130 8245 8cd68a LeaveCriticalSection 8126->8245 8128 8cf204 8128->8100 8129->8122 8131 8cf345 ___std_exception_copy 8130->8131 8132 8cf34c 8131->8132 8133 8cf357 8131->8133 8134 8cf222 ___scrt_uninitialize_crt 70 API calls 8132->8134 8146 8cf2c7 8133->8146 8136 8cf352 8134->8136 8138 8cb776 ___std_exception_copy 41 API calls 8136->8138 8140 8cf38f 8138->8140 8140->8121 8141 8cf378 8159 8d0f24 8141->8159 8244 8cf4c6 LeaveCriticalSection 8143->8244 8145 8cf158 8145->8115 8147 8cf2e0 8146->8147 8151 8cf307 8146->8151 8148 8d065c ___scrt_uninitialize_crt 41 API calls 8147->8148 8147->8151 8149 8cf2fc 8148->8149 8170 8d174f 8149->8170 8151->8136 8152 8d065c 8151->8152 8153 8d067d 8152->8153 8154 8d0668 8152->8154 8153->8141 8155 8cbaf8 ___free_lconv_mon 14 API calls 8154->8155 8156 8d066d 8155->8156 8157 8cba3a ___std_exception_copy 41 API calls 8156->8157 8158 8d0678 8157->8158 8158->8141 8160 8d0f35 8159->8160 8161 8d0f42 8159->8161 8162 8cbaf8 ___free_lconv_mon 14 API calls 8160->8162 8163 8d0f8b 8161->8163 8165 8d0f69 8161->8165 8169 8d0f3a 8162->8169 8164 8cbaf8 ___free_lconv_mon 14 API calls 8163->8164 8166 8d0f90 8164->8166 8211 8d0e82 8165->8211 8168 8cba3a ___std_exception_copy 41 API calls 8166->8168 8168->8169 8169->8136 8173 8d175b __FrameHandler3::FrameUnwindToState 8170->8173 8171 8d1763 8171->8151 8172 8d181f 8174 8cb9bd ___std_exception_copy 41 API calls 8172->8174 8173->8171 8173->8172 8175 8d17b0 8173->8175 8174->8171 8181 8cf701 EnterCriticalSection 8175->8181 8177 8d17b6 8178 8d17d3 8177->8178 8182 8d1857 8177->8182 8208 8d1817 8178->8208 8181->8177 8183 8d187c 8182->8183 8207 8d189f ___scrt_uninitialize_crt 8182->8207 8184 8d1880 8183->8184 8186 8d18de 8183->8186 8185 8cb9bd ___std_exception_copy 41 API calls 8184->8185 8185->8207 8187 8d18f5 8186->8187 8188 8d1f2e ___scrt_uninitialize_crt 43 API calls 8186->8188 8189 8d13db ___scrt_uninitialize_crt 42 API calls 8187->8189 8188->8187 8190 8d18ff 8189->8190 8191 8d1945 8190->8191 8192 8d1905 8190->8192 8193 8d1959 8191->8193 8194 8d19a8 WriteFile 8191->8194 8195 8d190c 8192->8195 8196 8d192f 8192->8196 8199 8d1996 8193->8199 8200 8d1961 8193->8200 8197 8d19ca GetLastError 8194->8197 8194->8207 8201 8d1373 ___scrt_uninitialize_crt 6 API calls 8195->8201 8195->8207 8198 8d0fa1 ___scrt_uninitialize_crt 47 API calls 8196->8198 8197->8207 8198->8207 8202 8d1459 ___scrt_uninitialize_crt 7 API calls 8199->8202 8203 8d1984 8200->8203 8204 8d1966 8200->8204 8201->8207 8202->8207 8205 8d161d ___scrt_uninitialize_crt 8 API calls 8203->8205 8206 8d1534 ___scrt_uninitialize_crt 7 API calls 8204->8206 8204->8207 8205->8207 8206->8207 8207->8178 8209 8cf724 ___scrt_uninitialize_crt LeaveCriticalSection 8208->8209 8210 8d181d 8209->8210 8210->8171 8212 8d0e8e __FrameHandler3::FrameUnwindToState 8211->8212 8224 8cf701 EnterCriticalSection 8212->8224 8214 8d0e9d 8222 8d0ee2 8214->8222 8225 8cf7d8 8214->8225 8215 8cbaf8 ___free_lconv_mon 14 API calls 8217 8d0ee9 8215->8217 8241 8d0f18 8217->8241 8218 8d0ec9 FlushFileBuffers 8218->8217 8219 8d0ed5 GetLastError 8218->8219 8238 8cbae5 8219->8238 8222->8215 8224->8214 8226 8cf7fa 8225->8226 8227 8cf7e5 8225->8227 8230 8cbae5 ___scrt_uninitialize_crt 14 API calls 8226->8230 8233 8cf81f 8226->8233 8228 8cbae5 ___scrt_uninitialize_crt 14 API calls 8227->8228 8229 8cf7ea 8228->8229 8232 8cbaf8 ___free_lconv_mon 14 API calls 8229->8232 8231 8cf82a 8230->8231 8234 8cbaf8 ___free_lconv_mon 14 API calls 8231->8234 8235 8cf7f2 8232->8235 8233->8218 8236 8cf832 8234->8236 8235->8218 8237 8cba3a ___std_exception_copy 41 API calls 8236->8237 8237->8235 8239 8cd391 CallUnexpected 14 API calls 8238->8239 8240 8cbaea 8239->8240 8240->8222 8242 8cf724 ___scrt_uninitialize_crt LeaveCriticalSection 8241->8242 8243 8d0f01 8242->8243 8243->8169 8244->8145 8245->8128 9511 8cd107 9512 8cd112 9511->9512 9516 8cd122 9511->9516 9517 8cd128 9512->9517 9515 8cd52b ___free_lconv_mon 14 API calls 9515->9516 9518 8cd13d 9517->9518 9519 8cd143 9517->9519 9520 8cd52b ___free_lconv_mon 14 API calls 9518->9520 9521 8cd52b ___free_lconv_mon 14 API calls 9519->9521 9520->9519 9522 8cd14f 9521->9522 9523 8cd52b ___free_lconv_mon 14 API calls 9522->9523 9524 8cd15a 9523->9524 9525 8cd52b ___free_lconv_mon 14 API calls 9524->9525 9526 8cd165 9525->9526 9527 8cd52b ___free_lconv_mon 14 API calls 9526->9527 9528 8cd170 9527->9528 9529 8cd52b ___free_lconv_mon 14 API calls 9528->9529 9530 8cd17b 9529->9530 9531 8cd52b ___free_lconv_mon 14 API calls 9530->9531 9532 8cd186 9531->9532 9533 8cd52b ___free_lconv_mon 14 API calls 9532->9533 9534 8cd191 9533->9534 9535 8cd52b ___free_lconv_mon 14 API calls 9534->9535 9536 8cd19c 9535->9536 9537 8cd52b ___free_lconv_mon 14 API calls 9536->9537 9538 8cd1aa 9537->9538 9543 8ccf54 9538->9543 9544 8ccf60 __FrameHandler3::FrameUnwindToState 9543->9544 9559 8cd642 EnterCriticalSection 9544->9559 9548 8ccf6a 9549 8cd52b ___free_lconv_mon 14 API calls 9548->9549 9550 8ccf94 9548->9550 9549->9550 9560 8ccfb3 9550->9560 9551 8ccfbf 9552 8ccfcb __FrameHandler3::FrameUnwindToState 9551->9552 9564 8cd642 EnterCriticalSection 9552->9564 9554 8ccfd5 9555 8cd1f5 _unexpected 14 API calls 9554->9555 9556 8ccfe8 9555->9556 9565 8cd008 9556->9565 9559->9548 9563 8cd68a LeaveCriticalSection 9560->9563 9562 8ccfa1 9562->9551 9563->9562 9564->9554 9568 8cd68a LeaveCriticalSection 9565->9568 9567 8ccff6 9567->9515 9568->9567 8246 8cd391 GetLastError 8247 8cd3a7 8246->8247 8248 8cd3ad 8246->8248 8249 8ce902 _unexpected 6 API calls 8247->8249 8250 8ce941 _unexpected 6 API calls 8248->8250 8252 8cd3b1 SetLastError 8248->8252 8249->8248 8251 8cd3c9 8250->8251 8251->8252 8254 8cd6d2 _unexpected 12 API calls 8251->8254 8255 8cd3de 8254->8255 8256 8cd3e6 8255->8256 8257 8cd3f7 8255->8257 8258 8ce941 _unexpected 6 API calls 8256->8258 8259 8ce941 _unexpected 6 API calls 8257->8259 8260 8cd3f4 8258->8260 8261 8cd403 8259->8261 8266 8cd52b ___free_lconv_mon 12 API calls 8260->8266 8262 8cd41e 8261->8262 8263 8cd407 8261->8263 8264 8cd06e _unexpected 12 API calls 8262->8264 8265 8ce941 _unexpected 6 API calls 8263->8265 8267 8cd429 8264->8267 8265->8260 8266->8252 8268 8cd52b ___free_lconv_mon 12 API calls 8267->8268 8268->8252 8882 8cec27 8883 8cec33 __FrameHandler3::FrameUnwindToState 8882->8883 8894 8cd642 EnterCriticalSection 8883->8894 8885 8cec3a 8886 8cf663 42 API calls 8885->8886 8887 8cec49 8886->8887 8888 8cec58 8887->8888 8895 8ceac1 GetStartupInfoW 8887->8895 8906 8cec7e 8888->8906 8894->8885 8896 8ceade 8895->8896 8897 8ceb72 8895->8897 8896->8897 8898 8cf663 42 API calls 8896->8898 8901 8ceb77 8897->8901 8899 8ceb06 8898->8899 8899->8897 8900 8ceb36 GetFileType 8899->8900 8900->8899 8902 8ceb7e 8901->8902 8903 8cebc1 GetStdHandle 8902->8903 8904 8cec23 8902->8904 8905 8cebd4 GetFileType 8902->8905 8903->8902 8904->8888 8905->8902 8909 8cd68a LeaveCriticalSection 8906->8909 8908 8cec69 8909->8908 8652 8ceab8 GetStartupInfoW 8653 8ceade 8652->8653 8655 8ceb72 8652->8655 8653->8655 8658 8cf663 8653->8658 8656 8ceb06 8656->8655 8657 8ceb36 GetFileType 8656->8657 8657->8656 8659 8cf66f __FrameHandler3::FrameUnwindToState 8658->8659 8660 8cf678 8659->8660 8661 8cf699 8659->8661 8662 8cbaf8 ___free_lconv_mon 14 API calls 8660->8662 8671 8cd642 EnterCriticalSection 8661->8671 8664 8cf67d 8662->8664 8665 8cba3a ___std_exception_copy 41 API calls 8664->8665 8666 8cf687 8665->8666 8666->8656 8667 8cf6d1 8679 8cf6f8 8667->8679 8668 8cf6a5 8668->8667 8672 8cf5b3 8668->8672 8671->8668 8673 8cd6d2 _unexpected 14 API calls 8672->8673 8675 8cf5c5 8673->8675 8674 8cf5d2 8676 8cd52b ___free_lconv_mon 14 API calls 8674->8676 8675->8674 8682 8ce983 8675->8682 8678 8cf627 8676->8678 8678->8668 8687 8cd68a LeaveCriticalSection 8679->8687 8681 8cf6ff 8681->8666 8683 8ce7c1 _unexpected 5 API calls 8682->8683 8684 8ce99f 8683->8684 8685 8ce9bd InitializeCriticalSectionAndSpinCount 8684->8685 8686 8ce9a8 8684->8686 8685->8686 8686->8675 8687->8681 9158 8ccbd6 9161 8ccb5d 9158->9161 9162 8ccb69 __FrameHandler3::FrameUnwindToState 9161->9162 9169 8cd642 EnterCriticalSection 9162->9169 9164 8ccba1 9174 8ccbbf 9164->9174 9165 8ccb73 9165->9164 9170 8cffd7 9165->9170 9169->9165 9171 8cfff2 9170->9171 9172 8cffe5 _unexpected 9170->9172 9171->9165 9172->9171 9173 8cfd0a _unexpected 14 API calls 9172->9173 9173->9171 9177 8cd68a LeaveCriticalSection 9174->9177 9176 8ccbad 9177->9176 8705 8cbcd2 8706 8cbce5 __FrameHandler3::FrameUnwindToState 8705->8706 8713 8cd642 EnterCriticalSection 8706->8713 8708 8cbcef 8709 8cbd45 CallUnexpected 14 API calls 8708->8709 8710 8cbcfc 8709->8710 8711 8cbd1a CallUnexpected LeaveCriticalSection 8710->8711 8712 8cbd08 8711->8712 8713->8708 9011 8cf466 9012 8cf395 ___scrt_uninitialize_crt 70 API calls 9011->9012 9013 8cf46e 9012->9013 9021 8d1a57 9013->9021 9015 8cf473 9031 8d1b02 9015->9031 9018 8cf49d 9019 8cd52b ___free_lconv_mon 14 API calls 9018->9019 9020 8cf4a8 9019->9020 9022 8d1a63 __FrameHandler3::FrameUnwindToState 9021->9022 9035 8cd642 EnterCriticalSection 9022->9035 9024 8d1ada 9042 8d1af9 9024->9042 9026 8d1a6e 9026->9024 9027 8d1aae DeleteCriticalSection 9026->9027 9036 8d20a3 9026->9036 9030 8cd52b ___free_lconv_mon 14 API calls 9027->9030 9030->9026 9032 8d1b19 9031->9032 9034 8cf482 DeleteCriticalSection 9031->9034 9033 8cd52b ___free_lconv_mon 14 API calls 9032->9033 9032->9034 9033->9034 9034->9015 9034->9018 9035->9026 9037 8d20b6 ___std_exception_copy 9036->9037 9045 8d1f7e 9037->9045 9039 8d20c2 9040 8cb776 ___std_exception_copy 41 API calls 9039->9040 9041 8d20ce 9040->9041 9041->9026 9117 8cd68a LeaveCriticalSection 9042->9117 9044 8d1ae6 9044->9015 9046 8d1f8a __FrameHandler3::FrameUnwindToState 9045->9046 9047 8d1f94 9046->9047 9048 8d1fb7 9046->9048 9049 8cb9bd ___std_exception_copy 41 API calls 9047->9049 9055 8d1faf 9048->9055 9056 8cf4b2 EnterCriticalSection 9048->9056 9049->9055 9051 8d1fd5 9057 8d2015 9051->9057 9053 8d1fe2 9071 8d200d 9053->9071 9055->9039 9056->9051 9058 8d2045 9057->9058 9059 8d2022 9057->9059 9061 8d203d 9058->9061 9062 8cf2c7 ___scrt_uninitialize_crt 66 API calls 9058->9062 9060 8cb9bd ___std_exception_copy 41 API calls 9059->9060 9060->9061 9061->9053 9063 8d205d 9062->9063 9064 8d1b02 14 API calls 9063->9064 9065 8d2065 9064->9065 9066 8d065c ___scrt_uninitialize_crt 41 API calls 9065->9066 9067 8d2071 9066->9067 9074 8d289c 9067->9074 9070 8cd52b ___free_lconv_mon 14 API calls 9070->9061 9116 8cf4c6 LeaveCriticalSection 9071->9116 9073 8d2013 9073->9055 9076 8d2078 9074->9076 9077 8d28c5 9074->9077 9075 8d2914 9078 8cb9bd ___std_exception_copy 41 API calls 9075->9078 9076->9061 9076->9070 9077->9075 9079 8d28ec 9077->9079 9078->9076 9081 8d280b 9079->9081 9082 8d2817 __FrameHandler3::FrameUnwindToState 9081->9082 9089 8cf701 EnterCriticalSection 9082->9089 9084 8d2825 9085 8d2856 9084->9085 9090 8d293f 9084->9090 9103 8d2890 9085->9103 9089->9084 9091 8cf7d8 ___scrt_uninitialize_crt 41 API calls 9090->9091 9094 8d294f 9091->9094 9092 8d2955 9106 8cf747 9092->9106 9094->9092 9095 8d2987 9094->9095 9096 8cf7d8 ___scrt_uninitialize_crt 41 API calls 9094->9096 9095->9092 9097 8cf7d8 ___scrt_uninitialize_crt 41 API calls 9095->9097 9098 8d297e 9096->9098 9099 8d2993 CloseHandle 9097->9099 9100 8cf7d8 ___scrt_uninitialize_crt 41 API calls 9098->9100 9099->9092 9101 8d299f GetLastError 9099->9101 9100->9095 9101->9092 9102 8d29ad ___scrt_uninitialize_crt 9102->9085 9115 8cf724 LeaveCriticalSection 9103->9115 9105 8d2879 9105->9076 9107 8cf7bd 9106->9107 9108 8cf756 9106->9108 9109 8cbaf8 ___free_lconv_mon 14 API calls 9107->9109 9108->9107 9114 8cf780 9108->9114 9110 8cf7c2 9109->9110 9111 8cbae5 ___scrt_uninitialize_crt 14 API calls 9110->9111 9112 8cf7ad 9111->9112 9112->9102 9113 8cf7a7 SetStdHandle 9113->9112 9114->9112 9114->9113 9115->9105 9116->9073 9117->9044 9221 8d0df7 9224 8ce20d 9221->9224 9225 8ce216 9224->9225 9226 8ce248 9224->9226 9230 8cd2fb 9225->9230 9231 8cd306 9230->9231 9234 8cd30c 9230->9234 9232 8ce902 _unexpected 6 API calls 9231->9232 9232->9234 9233 8ce941 _unexpected 6 API calls 9235 8cd326 9233->9235 9234->9233 9236 8cd312 9234->9236 9235->9236 9239 8cd6d2 _unexpected 14 API calls 9235->9239 9237 8ccd36 CallUnexpected 41 API calls 9236->9237 9238 8cd317 9236->9238 9240 8cd390 9237->9240 9255 8ce018 9238->9255 9241 8cd336 9239->9241 9242 8cd33e 9241->9242 9243 8cd353 9241->9243 9245 8ce941 _unexpected 6 API calls 9242->9245 9244 8ce941 _unexpected 6 API calls 9243->9244 9247 8cd35f 9244->9247 9246 8cd34a 9245->9246 9250 8cd52b ___free_lconv_mon 14 API calls 9246->9250 9248 8cd372 9247->9248 9249 8cd363 9247->9249 9252 8cd06e _unexpected 14 API calls 9248->9252 9251 8ce941 _unexpected 6 API calls 9249->9251 9250->9236 9251->9246 9253 8cd37d 9252->9253 9254 8cd52b ___free_lconv_mon 14 API calls 9253->9254 9254->9238 9278 8ce16d 9255->9278 9260 8ce05b 9260->9226 9262 8ce06c 9263 8ce074 9262->9263 9264 8ce082 9262->9264 9266 8cd52b ___free_lconv_mon 14 API calls 9263->9266 9303 8ce268 9264->9303 9266->9260 9268 8ce0ba 9269 8cbaf8 ___free_lconv_mon 14 API calls 9268->9269 9270 8ce0bf 9269->9270 9273 8cd52b ___free_lconv_mon 14 API calls 9270->9273 9271 8ce101 9272 8ce14a 9271->9272 9314 8cdc8a 9271->9314 9276 8cd52b ___free_lconv_mon 14 API calls 9272->9276 9273->9260 9274 8ce0d5 9274->9271 9277 8cd52b ___free_lconv_mon 14 API calls 9274->9277 9276->9260 9277->9271 9279 8ce179 __FrameHandler3::FrameUnwindToState 9278->9279 9285 8ce193 9279->9285 9322 8cd642 EnterCriticalSection 9279->9322 9281 8ce1a3 9287 8cd52b ___free_lconv_mon 14 API calls 9281->9287 9288 8ce1cf 9281->9288 9283 8ccd36 CallUnexpected 41 API calls 9286 8ce20c 9283->9286 9284 8ce042 9289 8cdd98 9284->9289 9285->9283 9285->9284 9287->9288 9323 8ce1ec 9288->9323 9327 8cdb29 9289->9327 9292 8cddb9 GetOEMCP 9295 8cdde2 9292->9295 9293 8cddcb 9294 8cddd0 GetACP 9293->9294 9293->9295 9294->9295 9295->9260 9296 8cfac8 9295->9296 9297 8cfb06 9296->9297 9301 8cfad6 _unexpected 9296->9301 9298 8cbaf8 ___free_lconv_mon 14 API calls 9297->9298 9300 8cfb04 9298->9300 9299 8cfaf1 HeapAlloc 9299->9300 9299->9301 9300->9262 9301->9297 9301->9299 9302 8ced5b _unexpected 2 API calls 9301->9302 9302->9301 9304 8cdd98 43 API calls 9303->9304 9305 8ce288 9304->9305 9307 8ce2c5 IsValidCodePage 9305->9307 9311 8ce301 CallUnexpected 9305->9311 9306 8c73ee __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9308 8ce0af 9306->9308 9309 8ce2d7 9307->9309 9307->9311 9308->9268 9308->9274 9310 8ce306 GetCPInfo 9309->9310 9313 8ce2e0 CallUnexpected 9309->9313 9310->9311 9310->9313 9311->9306 9366 8cde6c 9313->9366 9315 8cdc96 __FrameHandler3::FrameUnwindToState 9314->9315 9450 8cd642 EnterCriticalSection 9315->9450 9317 8cdca0 9451 8cdcd7 9317->9451 9322->9281 9326 8cd68a LeaveCriticalSection 9323->9326 9325 8ce1f3 9325->9285 9326->9325 9328 8cdb47 9327->9328 9329 8cdb40 9327->9329 9328->9329 9330 8cd240 _unexpected 41 API calls 9328->9330 9329->9292 9329->9293 9331 8cdb68 9330->9331 9335 8d046d 9331->9335 9336 8cdb7e 9335->9336 9337 8d0480 9335->9337 9339 8d04cb 9336->9339 9337->9336 9343 8cff56 9337->9343 9340 8d04de 9339->9340 9341 8d04f3 9339->9341 9340->9341 9361 8ce255 9340->9361 9341->9329 9344 8cff62 __FrameHandler3::FrameUnwindToState 9343->9344 9345 8cd240 _unexpected 41 API calls 9344->9345 9346 8cff6b 9345->9346 9353 8cffb1 9346->9353 9356 8cd642 EnterCriticalSection 9346->9356 9348 8cff89 9349 8cffd7 ___scrt_uninitialize_crt 14 API calls 9348->9349 9350 8cff9a 9349->9350 9357 8cffb6 9350->9357 9353->9336 9354 8ccd36 CallUnexpected 41 API calls 9355 8cffd6 9354->9355 9356->9348 9360 8cd68a LeaveCriticalSection 9357->9360 9359 8cffad 9359->9353 9359->9354 9360->9359 9362 8cd240 _unexpected 41 API calls 9361->9362 9363 8ce25a 9362->9363 9364 8ce16d ___scrt_uninitialize_crt 41 API calls 9363->9364 9365 8ce265 9364->9365 9365->9341 9367 8cde94 GetCPInfo 9366->9367 9368 8cdf5d 9366->9368 9367->9368 9374 8cdeac 9367->9374 9369 8c73ee __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9368->9369 9371 8ce016 9369->9371 9371->9311 9377 8cfb64 9374->9377 9376 8d0dae 45 API calls 9376->9368 9378 8cdb29 41 API calls 9377->9378 9379 8cfb84 9378->9379 9397 8ce50a 9379->9397 9381 8cfc48 9384 8c73ee __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9381->9384 9382 8cfc40 9400 8cfc6d 9382->9400 9383 8cfbb1 9383->9381 9383->9382 9387 8cfac8 15 API calls 9383->9387 9388 8cfbd6 CallUnexpected __alloca_probe_16 9383->9388 9385 8cdf14 9384->9385 9392 8d0dae 9385->9392 9387->9388 9388->9382 9389 8ce50a ___scrt_uninitialize_crt MultiByteToWideChar 9388->9389 9390 8cfc21 9389->9390 9390->9382 9391 8cfc2c GetStringTypeW 9390->9391 9391->9382 9393 8cdb29 41 API calls 9392->9393 9394 8d0dc1 9393->9394 9404 8d0bc0 9394->9404 9398 8ce51b MultiByteToWideChar 9397->9398 9398->9383 9401 8cfc79 9400->9401 9402 8cfc8a 9400->9402 9401->9402 9403 8cd52b ___free_lconv_mon 14 API calls 9401->9403 9402->9381 9403->9402 9405 8d0bdb 9404->9405 9406 8ce50a ___scrt_uninitialize_crt MultiByteToWideChar 9405->9406 9410 8d0c21 9406->9410 9407 8d0d99 9408 8c73ee __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9407->9408 9411 8cdf35 9408->9411 9409 8d0ccd 9413 8cfc6d __freea 14 API calls 9409->9413 9410->9407 9410->9409 9412 8cfac8 15 API calls 9410->9412 9414 8d0c47 __alloca_probe_16 9410->9414 9411->9376 9412->9414 9413->9407 9414->9409 9415 8ce50a ___scrt_uninitialize_crt MultiByteToWideChar 9414->9415 9416 8d0c8c 9415->9416 9416->9409 9432 8ce9ce 9416->9432 9419 8d0cf6 9420 8d0d81 9419->9420 9424 8cfac8 15 API calls 9419->9424 9425 8d0d08 __alloca_probe_16 9419->9425 9422 8cfc6d __freea 14 API calls 9420->9422 9421 8d0cbe 9421->9409 9423 8ce9ce 6 API calls 9421->9423 9422->9409 9423->9409 9424->9425 9425->9420 9426 8ce9ce 6 API calls 9425->9426 9427 8d0d4b 9426->9427 9427->9420 9438 8ce586 9427->9438 9429 8d0d65 9429->9420 9430 8d0d6e 9429->9430 9431 8cfc6d __freea 14 API calls 9430->9431 9431->9409 9441 8ce6c2 9432->9441 9436 8cea1f LCMapStringW 9437 8ce9df 9436->9437 9437->9409 9437->9419 9437->9421 9440 8ce59d WideCharToMultiByte 9438->9440 9440->9429 9442 8ce7c1 _unexpected 5 API calls 9441->9442 9443 8ce6d8 9442->9443 9443->9437 9444 8cea2b 9443->9444 9447 8ce6dc 9444->9447 9446 8cea36 9446->9436 9448 8ce7c1 _unexpected 5 API calls 9447->9448 9449 8ce6f2 9448->9449 9449->9446 9450->9317 9461 8ce470 9451->9461 9453 8cdcf9 9454 8ce470 41 API calls 9453->9454 9455 8cdd18 9454->9455 9456 8cdcad 9455->9456 9457 8cd52b ___free_lconv_mon 14 API calls 9455->9457 9458 8cdccb 9456->9458 9457->9456 9475 8cd68a LeaveCriticalSection 9458->9475 9460 8cdcb9 9460->9272 9462 8ce481 9461->9462 9470 8ce47d __InternalCxxFrameHandler 9461->9470 9463 8ce488 9462->9463 9464 8ce49b CallUnexpected 9462->9464 9465 8cbaf8 ___free_lconv_mon 14 API calls 9463->9465 9468 8ce4c9 9464->9468 9469 8ce4d2 9464->9469 9464->9470 9466 8ce48d 9465->9466 9467 8cba3a ___std_exception_copy 41 API calls 9466->9467 9467->9470 9471 8cbaf8 ___free_lconv_mon 14 API calls 9468->9471 9469->9470 9473 8cbaf8 ___free_lconv_mon 14 API calls 9469->9473 9470->9453 9472 8ce4ce 9471->9472 9474 8cba3a ___std_exception_copy 41 API calls 9472->9474 9473->9472 9474->9470 9475->9460

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 008C6C2C
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 008C6C33
                                                                                                                                                                        • LoadLibraryExW.KERNELBASE(?,00000000,00000000), ref: 008C6C72
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DllEntry), ref: 008C6C8D
                                                                                                                                                                        • GetCommandLineW.KERNEL32(?), ref: 008C6C9C
                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000), ref: 008C6CAF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryProc$CommandFreeHandleLineLoadModule
                                                                                                                                                                        • String ID: DllEntry$SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                        • API String ID: 1042781669-3472957018
                                                                                                                                                                        • Opcode ID: 4749d2285a466a8098b422cfbdccb9028f52483a5269a762d3babc678d394e3b
                                                                                                                                                                        • Instruction ID: edd4470ada8ca773a1f7b217541908f0e37ce538681b187420f1e1e324648ae4
                                                                                                                                                                        • Opcode Fuzzy Hash: 4749d2285a466a8098b422cfbdccb9028f52483a5269a762d3babc678d394e3b
                                                                                                                                                                        • Instruction Fuzzy Hash: C611E532945616BBCB10ABA4DC09F6E3778FF44755B14413EF902E7290FA34DD1097A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 008C6AE1
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,00000104), ref: 008C6AFC
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,goopdate.dll,?,?,00000104), ref: 008C6B2B
                                                                                                                                                                          • Part of subcall function 008C6820: GetLastError.KERNEL32(008C6AF0,?,?,00000104), ref: 008C6820
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FilePath$AppendErrorLastModuleNameRemoveSpec
                                                                                                                                                                        • String ID: goopdate.dll
                                                                                                                                                                        • API String ID: 3739599460-235033069
                                                                                                                                                                        • Opcode ID: 7954e148ce4fddd052b57fe3c746b41ea9f7447ce7131897334f7b374a4f7620
                                                                                                                                                                        • Instruction ID: 505dee5eeec2a78648270cddcf96cbb4ae0fe158db1a1a4fab10d823df61a07d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7954e148ce4fddd052b57fe3c746b41ea9f7447ce7131897334f7b374a4f7620
                                                                                                                                                                        • Instruction Fuzzy Hash: CC4162B190122D96CF20EB64DC46FDA77BCFF44344F1086FAA505E3142FA34DE998A65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 67 8ce6f6-8ce702 68 8ce794-8ce797 67->68 69 8ce79d 68->69 70 8ce707-8ce718 68->70 71 8ce79f-8ce7a3 69->71 72 8ce71a-8ce71d 70->72 73 8ce725-8ce73e LoadLibraryExW 70->73 74 8ce7bd-8ce7bf 72->74 75 8ce723 72->75 76 8ce7a4-8ce7b4 73->76 77 8ce740-8ce749 GetLastError 73->77 74->71 79 8ce791 75->79 76->74 78 8ce7b6-8ce7b7 FreeLibrary 76->78 80 8ce74b-8ce75d call 8ccec8 77->80 81 8ce782-8ce78f 77->81 78->74 79->68 80->81 84 8ce75f-8ce771 call 8ccec8 80->84 81->79 84->81 87 8ce773-8ce780 LoadLibraryExW 84->87 87->76 87->81
                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,008CE803,008CC8BB,0000000C,?,00000000,00000000,?,008CE95D,00000021,FlsSetValue,008C2924,008C292C,?), ref: 008CE7B7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                        • Opcode ID: 3ff51db2530cc3d0d9badbc2bf9e1d953b357afcbd970512c71f3064d8c21945
                                                                                                                                                                        • Instruction ID: 0aeeb473bb7e16a142f78d9816984882b9c8e6f46c76ffbceba63b984c9b5ebe
                                                                                                                                                                        • Opcode Fuzzy Hash: 3ff51db2530cc3d0d9badbc2bf9e1d953b357afcbd970512c71f3064d8c21945
                                                                                                                                                                        • Instruction Fuzzy Hash: D521DF32A02255ABCB319B64EC84F6A3778FF42760F254229E915E72D1E734ED00C691
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 88 8c69ee-8c6a1d RegOpenKeyExW 89 8c6a1f 88->89 90 8c6a2b-8c6a63 call 8c6dfe SHQueryValueExW call 8c6d16 88->90 92 8c6a88-8c6a8b 89->92 93 8c6a21-8c6a29 89->93 96 8c6a68-8c6a6a 90->96 93->92 97 8c6a6c 96->97 98 8c6a7b-8c6a83 96->98 99 8c6a6e-8c6a71 97->99 100 8c6a77-8c6a79 97->100 98->92 99->100 100->92
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(?,Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019},00000000,00020019,?,?,?), ref: 008C6A15
                                                                                                                                                                        • SHQueryValueExW.SHLWAPI(?,008C5D10,00000000,?,00000000,?,00000032,?,?), ref: 008C6A58
                                                                                                                                                                        Strings
                                                                                                                                                                        • Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}, xrefs: 008C6A07
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenQueryValue
                                                                                                                                                                        • String ID: Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
                                                                                                                                                                        • API String ID: 4153817207-790910960
                                                                                                                                                                        • Opcode ID: 620e9581c9d873cf3205e7ab79dba828267669a62e32c5106f974bee578974c6
                                                                                                                                                                        • Instruction ID: 1ba6677f01207ebc327f8245bfef73acc53287762481ab22c760dee986167172
                                                                                                                                                                        • Opcode Fuzzy Hash: 620e9581c9d873cf3205e7ab79dba828267669a62e32c5106f974bee578974c6
                                                                                                                                                                        • Instruction Fuzzy Hash: 86118A71D40229AB8B109B699C05FBFBBB8FB44720F104279B815F6190E674DE50D7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,008CBEC1,?,008CB83D,?,?,43829D63,008CB83D,?), ref: 008CBED8
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,008CBEC1,?,008CB83D,?,?,43829D63,008CB83D,?), ref: 008CBEDF
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 008CBEF1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 624e4f62d8df41ab27f129c5f38c7526861d1fd3a53419ed440f7ed1e127832d
                                                                                                                                                                        • Instruction ID: 02696afb7862456034964feccb33821d2af91c6d449d02dd1f54edface23d26a
                                                                                                                                                                        • Opcode Fuzzy Hash: 624e4f62d8df41ab27f129c5f38c7526861d1fd3a53419ed440f7ed1e127832d
                                                                                                                                                                        • Instruction Fuzzy Hash: ADD09E32005944ABCF012F65DD0EE993F36FF44741F444119BA1986171EF31DE52DE91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104), ref: 008C68B9
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00000000,00000104,?,?,00000000), ref: 008C697C
                                                                                                                                                                          • Part of subcall function 008C6F7D: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,00000000,?,?,008C6912,-00000010), ref: 008C6FAE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFolderModuleNamePathResource
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2248019921-0
                                                                                                                                                                        • Opcode ID: 0014639eff895d0d061fe9fbfc2b75905c1dc7ecc803ae2d0497d946f548cab6
                                                                                                                                                                        • Instruction ID: f6ad2b2de6be4a7d90e4d70cfd5518712bf3fc5dec100e5f5a9524f91c261e52
                                                                                                                                                                        • Opcode Fuzzy Hash: 0014639eff895d0d061fe9fbfc2b75905c1dc7ecc803ae2d0497d946f548cab6
                                                                                                                                                                        • Instruction Fuzzy Hash: 91413C71D00119ABDB14EBA8C995EEEBBB9FF40310B50457DA912E7281FB30DE19CA51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 167 8cd391-8cd3a5 GetLastError 168 8cd3a7-8cd3af call 8ce902 167->168 169 8cd3c1-8cd3cb call 8ce941 167->169 176 8cd3bc 168->176 177 8cd3b1-8cd3ba 168->177 174 8cd3cd-8cd3cf 169->174 175 8cd3d1-8cd3d9 call 8cd6d2 169->175 178 8cd436-8cd441 SetLastError 174->178 180 8cd3de-8cd3e4 175->180 176->169 177->178 181 8cd3e6-8cd3f5 call 8ce941 180->181 182 8cd3f7-8cd405 call 8ce941 180->182 187 8cd416-8cd41c call 8cd52b 181->187 188 8cd41e-8cd433 call 8cd06e call 8cd52b 182->188 189 8cd407-8cd415 call 8ce941 182->189 196 8cd435 187->196 188->196 189->187 196->178
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,008CBAFD,008CD5CB,?,008CBB6F,00000000,008CC8BB,00000004,?,00000000,?,008CC6B5,?,00000004,00000004), ref: 008CD395
                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 008CD437
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                                                        • Opcode ID: 4129fab5f51d83aee2727bbd214a9f521c7eebbd86bd3374283107ce95081b35
                                                                                                                                                                        • Instruction ID: 2047c2fbb31b3a7957d79b10d0a286820ffda140df7db5ac6ccc4c4ef7243f03
                                                                                                                                                                        • Opcode Fuzzy Hash: 4129fab5f51d83aee2727bbd214a9f521c7eebbd86bd3374283107ce95081b35
                                                                                                                                                                        • Instruction Fuzzy Hash: 0511E532649B096BD7117BB9ACD6F2A2778FB013B9B54023EF511C5191EA70CC0952A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 199 8ce7c1-8ce7e9 200 8ce7ef-8ce7f1 199->200 201 8ce7eb-8ce7ed 199->201 203 8ce7f7-8ce7fe call 8ce6f6 200->203 204 8ce7f3-8ce7f5 200->204 202 8ce840-8ce843 201->202 206 8ce803-8ce807 203->206 204->202 207 8ce809-8ce817 GetProcAddress 206->207 208 8ce826-8ce83d 206->208 207->208 210 8ce819-8ce824 call 8cbd26 207->210 209 8ce83f 208->209 209->202 210->209
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 468df4d83a1598406c7b5695dff4e4e855cb7f450f8dc7d60f28217eeba7c1c1
                                                                                                                                                                        • Instruction ID: a96755d3680bc2c8ccae88324037699f4f91d28f6bcc31bae4444920e75e7ebc
                                                                                                                                                                        • Opcode Fuzzy Hash: 468df4d83a1598406c7b5695dff4e4e855cb7f450f8dc7d60f28217eeba7c1c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 9601B5377016259F9B258E6DEC41E5A33A6FB85364714823AF900CB595DA30DC0196D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 213 8cd6d2-8cd6dd 214 8cd6df-8cd6e9 213->214 215 8cd6eb-8cd6f1 213->215 214->215 216 8cd71f-8cd72a call 8cbaf8 214->216 217 8cd70a-8cd71b RtlAllocateHeap 215->217 218 8cd6f3-8cd6f4 215->218 222 8cd72c-8cd72e 216->222 219 8cd71d 217->219 220 8cd6f6-8cd6fd call 8ccc5f 217->220 218->217 219->222 220->216 226 8cd6ff-8cd708 call 8ced5b 220->226 226->216 226->217
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,?,008CD3DE,00000001,00000364,?,00000006,000000FF,?,008CBB6F,00000000,008CC8BB,00000004), ref: 008CD713
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: b68d8bd7089310de80e080f5b42ea9ea779516c61a0281dae3024c9664668aa0
                                                                                                                                                                        • Instruction ID: 717e522b6e3fcc74c4a18bb7c3d6cb604b3363717df84901e21b5cc2d6e4f286
                                                                                                                                                                        • Opcode Fuzzy Hash: b68d8bd7089310de80e080f5b42ea9ea779516c61a0281dae3024c9664668aa0
                                                                                                                                                                        • Instruction Fuzzy Hash: BEF0B432501728A79B217A7ADC45F5B77B8FB417A0F14423AF90CE6194DB30D80082E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008C7BBC
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 008C7C88
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008C7CA8
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 008C7CB2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                        • Opcode ID: 7dfd81194b93b2333753056c6771b2be51862a5a9b96a4a63a0e476ab79e79bd
                                                                                                                                                                        • Instruction ID: 7475785ad8938f37fa2e7478157ebfa4d4ef77d51294165accae3c3ccdee873f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7dfd81194b93b2333753056c6771b2be51862a5a9b96a4a63a0e476ab79e79bd
                                                                                                                                                                        • Instruction Fuzzy Hash: E7312575D09218DBDB11DFA4D989BCDBBB8FF08300F1041AAE40DAB290EB719A848F45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(008D592C,00000FA0,?,?,008C7401), ref: 008C742F
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,008C7401), ref: 008C743A
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,008C7401), ref: 008C744B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008C745D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008C746B
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,008C7401), ref: 008C748E
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(008D592C,00000007,?,?,008C7401), ref: 008C74AA
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,008C7401), ref: 008C74BA
                                                                                                                                                                        Strings
                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 008C7457
                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008C7435
                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 008C7463
                                                                                                                                                                        • kernel32.dll, xrefs: 008C7446
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 2565136772-3242537097
                                                                                                                                                                        • Opcode ID: 4b379671b4a74fcad65631be3733fa5d8e232a4faf87216f457d968937ec1637
                                                                                                                                                                        • Instruction ID: 66a373063a114e508388bc98c0b7011fd893a2aedc8201c4fa3bc0176e3b92e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b379671b4a74fcad65631be3733fa5d8e232a4faf87216f457d968937ec1637
                                                                                                                                                                        • Instruction Fuzzy Hash: 3201527168AB51BBDB211B75BC1DF1A3F78FB44B61B44021BF914D22D0EA74CC448A64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 008CA76D
                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 008CA78F
                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 008CA89E
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 008CA970
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 008CA9F4
                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 008CAA0F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 2123188842-393685449
                                                                                                                                                                        • Opcode ID: 931b57d6bd626b65a53287aed75f86a569efa0a8a6732e8abbca15dc1ad87238
                                                                                                                                                                        • Instruction ID: de9dc1faed0c20671c044275145156b55fbbf2c9f25ec644e4680fb61edeafe4
                                                                                                                                                                        • Opcode Fuzzy Hash: 931b57d6bd626b65a53287aed75f86a569efa0a8a6732e8abbca15dc1ad87238
                                                                                                                                                                        • Instruction Fuzzy Hash: 5BB1697180021DEFCF29DFA8D885EAEBBB5FF04318B15415EE851AB212D331DA51CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 008C97E7
                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 008C97EF
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 008C9878
                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 008C98A3
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 008C98F8
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                        • Opcode ID: b07b87d6f3b1ac696f3de6e4cd7c2ad0f49277e17652658cb1df6803e94d304a
                                                                                                                                                                        • Instruction ID: c222295218a592c1d777d491b3f839fba3f03e0fe3992ca33f0bee5285ceff91
                                                                                                                                                                        • Opcode Fuzzy Hash: b07b87d6f3b1ac696f3de6e4cd7c2ad0f49277e17652658cb1df6803e94d304a
                                                                                                                                                                        • Instruction Fuzzy Hash: DA414A34A00219DBCF109F68C888F9EBBB5FF46314F1481AAE955AB392D735DA05CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,008C9B29,008C9ABA,008C7D97), ref: 008C9B40
                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008C9B4E
                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008C9B67
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,008C9B29,008C9ABA,008C7D97), ref: 008C9BB9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                        • Opcode ID: 2ae7c8c0e092464da4772f7799b2b85b7b2c3316412104ecc8b53ff6826f60a9
                                                                                                                                                                        • Instruction ID: 131aedff1f619b5c95f70651572b521fb1b76008648c71adb4702f8464d9c2ed
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ae7c8c0e092464da4772f7799b2b85b7b2c3316412104ecc8b53ff6826f60a9
                                                                                                                                                                        • Instruction Fuzzy Hash: 6201753212EB216EE6242679BC9DF6A2774FB51BB6B2043AFF551C50E0EE31CC015191
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,008C9ED8,?,?,008D5CEC,00000000,?,008CA003,00000004,InitializeCriticalSectionEx,008C1C14,InitializeCriticalSectionEx,00000000), ref: 008C9EA7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                                                                        • Opcode ID: 2955fd2bbbf2bd9ddccda202cf6baa9d61f4351193c0badf950bb3af47f09596
                                                                                                                                                                        • Instruction ID: 88093461c11902391f7732685b6d171cc43f27e05652353806d9b46619ee2632
                                                                                                                                                                        • Opcode Fuzzy Hash: 2955fd2bbbf2bd9ddccda202cf6baa9d61f4351193c0badf950bb3af47f09596
                                                                                                                                                                        • Instruction Fuzzy Hash: D711E732A41624ABCF21CB68DC48F5933B4FF12770F110299E940E72C0E7B0EC008AD1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,43829D63,?,?,00000000,008D44E2,000000FF,?,008CBEED,?,?,008CBEC1,?), ref: 008CBF4F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008CBF61
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,008D44E2,000000FF,?,008CBEED,?,?,008CBEC1,?), ref: 008CBF83
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: eedc94ae0ca7470430cba8cce0cdbe52dd7b8e24fb75c207f3c1aecbd2189e49
                                                                                                                                                                        • Instruction ID: d070bf6de1981d61a0d29df5149f4f9dde2090c51f238b775e4fe0701617f448
                                                                                                                                                                        • Opcode Fuzzy Hash: eedc94ae0ca7470430cba8cce0cdbe52dd7b8e24fb75c207f3c1aecbd2189e49
                                                                                                                                                                        • Instruction Fuzzy Hash: 55014435515A56EBDB118F54DC09FAEB7B8FB04711F00462BE821E27D0DB78DD00CA90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 008D0C47
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 008D0D08
                                                                                                                                                                        • __freea.LIBCMT ref: 008D0D6F
                                                                                                                                                                          • Part of subcall function 008CFAC8: HeapAlloc.KERNEL32(00000000,00000000,008CC8BB,?,008CD5AD,?,00000000,?,008CBB6F,00000000,008CC8BB,00000004,?,00000000,?,008CC6B5), ref: 008CFAFA
                                                                                                                                                                        • __freea.LIBCMT ref: 008D0D84
                                                                                                                                                                        • __freea.LIBCMT ref: 008D0D94
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1096550386-0
                                                                                                                                                                        • Opcode ID: 3888befe0f1f713c9f8c435bc63bfab6d8e816d43c8d97832d4a1a478725d742
                                                                                                                                                                        • Instruction ID: 5c927cb6af55f4dfa27bbf7c6b9ba571beac51201383c9197c96c3fa946daab5
                                                                                                                                                                        • Opcode Fuzzy Hash: 3888befe0f1f713c9f8c435bc63bfab6d8e816d43c8d97832d4a1a478725d742
                                                                                                                                                                        • Instruction Fuzzy Hash: E051817260011AAFEB249EA4DC81FBB77AAFB44754F15032BBD08D6351E771DC109BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetConsoleOutputCP.KERNEL32(43829D63,?,00000000,?), ref: 008D1004
                                                                                                                                                                          • Part of subcall function 008CE586: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008D0D65,?,00000000,-00000008), ref: 008CE632
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008D125F
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008D12A7
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008D134A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2112829910-0
                                                                                                                                                                        • Opcode ID: 38416f011ea018ad2dbca08429b6dfe0fc86a813394159eb7a0eff15c46f051c
                                                                                                                                                                        • Instruction ID: b1109433070c0455ac30954c488899316efd2e40e9446629a3babd5dcc71d3ca
                                                                                                                                                                        • Opcode Fuzzy Hash: 38416f011ea018ad2dbca08429b6dfe0fc86a813394159eb7a0eff15c46f051c
                                                                                                                                                                        • Instruction Fuzzy Hash: 43D149B5E04258AFCF15CFE8D884AADBBB5FF09314F18422AE865E7351D734A941CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 89d2cc13001f05efe29a6dfbaab43842046f02c1ce67299781d1341a52874ae5
                                                                                                                                                                        • Instruction ID: 04fed593c0939695ef7e25bde8bf85d6247a7d421044c15132eca3643eb07b66
                                                                                                                                                                        • Opcode Fuzzy Hash: 89d2cc13001f05efe29a6dfbaab43842046f02c1ce67299781d1341a52874ae5
                                                                                                                                                                        • Instruction Fuzzy Hash: 8551BF72A0160A9FDB2D9F98D845F7A77B4FF44318F14812DE906C6291E771EC40CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,008D1F6A,?,00000001,?,?,?,008D139E,?,?,00000000), ref: 008D27CD
                                                                                                                                                                        • GetLastError.KERNEL32(?,008D1F6A,?,00000001,?,?,?,008D139E,?,?,00000000,?,?,?,008D1925,?), ref: 008D27D9
                                                                                                                                                                          • Part of subcall function 008D279F: CloseHandle.KERNEL32(FFFFFFFE,008D27E9,?,008D1F6A,?,00000001,?,?,?,008D139E,?,?,00000000,?,?), ref: 008D27AF
                                                                                                                                                                        • ___initconout.LIBCMT ref: 008D27E9
                                                                                                                                                                          • Part of subcall function 008D2761: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008D2790,008D1F57,?,?,008D139E,?,?,00000000,?), ref: 008D2774
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,008D1F6A,?,00000001,?,?,?,008D139E,?,?,00000000,?), ref: 008D27FE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                        • Opcode ID: e347133f4f569a258ac18ac91e4abbb1095c8ef2ab905ac97973bd269a1ee8d2
                                                                                                                                                                        • Instruction ID: d18d44f6219a65b19259076476e51c3239eb10162d2d767b76f0dac878003b0d
                                                                                                                                                                        • Opcode Fuzzy Hash: e347133f4f569a258ac18ac91e4abbb1095c8ef2ab905ac97973bd269a1ee8d2
                                                                                                                                                                        • Instruction Fuzzy Hash: B4F0AC36502564BBCF222F95DD09A9E3F66FB587B1F444262FE1995230D632C820EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,008C7530,00000064), ref: 008C75B6
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(008D592C,?,?,008C7530,00000064,?,008C6688,008D64A0,?,?,008C6DDF,?,008C6898), ref: 008C75C0
                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(?,00000000,?,008C7530,00000064,?,008C6688,008D64A0,?,?,008C6DDF,?,008C6898), ref: 008C75D1
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(008D592C,?,008C7530,00000064,?,008C6688,008D64A0,?,?,008C6DDF,?,008C6898), ref: 008C75D8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3269011525-0
                                                                                                                                                                        • Opcode ID: b21cfec3b375b57785adc44805933e63f7b07fcb866079cac438121a98b3f26b
                                                                                                                                                                        • Instruction ID: b2cded8fb9f7c3ca68d29e11f73b75e766b6d894c30b250aa0b702b95639d7ff
                                                                                                                                                                        • Opcode Fuzzy Hash: b21cfec3b375b57785adc44805933e63f7b07fcb866079cac438121a98b3f26b
                                                                                                                                                                        • Instruction Fuzzy Hash: 2BE09232687A28FBCB112F50FC18BAEBF39FB09731B844217F9099626097704C018BD0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008CAA3F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                        • Opcode ID: c885cc05195a8fd58511f506a26f45cfd3649e7cd2fd0f91026cdd8217a7bb69
                                                                                                                                                                        • Instruction ID: 8f7f09d7b08a2b9731c0fd89122d34801949adc9f63414f9f2dd5cf8203731b9
                                                                                                                                                                        • Opcode Fuzzy Hash: c885cc05195a8fd58511f506a26f45cfd3649e7cd2fd0f91026cdd8217a7bb69
                                                                                                                                                                        • Instruction Fuzzy Hash: CC41447190020DAFCF1ACF98D981EAEBBB6FF08318F188199F905A6221D335DD50DB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 008C6511: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 008C6516
                                                                                                                                                                          • Part of subcall function 008C6511: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 008C6520
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,008C648A), ref: 008C7309
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,008C648A), ref: 008C7318
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008C7313
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2172473890.00000000008C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2172457357.00000000008C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172495151.00000000008D5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2172512881.00000000008D7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_8c0000_BraveUpdate.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 450123788-631824599
                                                                                                                                                                        • Opcode ID: 0792b7aaf259691f2b0338c71909f5ed2e8cce65edf077bb99824ded8547f42d
                                                                                                                                                                        • Instruction ID: a7ac1e26e22d259e3f3682360ebc808d7d1b93ea6e722b30ec6da201d7fa97cd
                                                                                                                                                                        • Opcode Fuzzy Hash: 0792b7aaf259691f2b0338c71909f5ed2e8cce65edf077bb99824ded8547f42d
                                                                                                                                                                        • Instruction Fuzzy Hash: A1E06570205B918BD3609F78E904B027BF4FB04754F50495DE895C2782E7B4D4488F91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: PrivateProfile$CloseOpenQueryValue
                                                                                                                                                                        • String ID: AppendToFile$EnableLogging$IsEnabledLogToFile$LogToOutputDebug$LoggingLevel$LoggingSettings$ShowTime$Software\BraveSoftware\UpdateDev\
                                                                                                                                                                        • API String ID: 2210674228-3529394150
                                                                                                                                                                        • Opcode ID: c67d0b199afa614a42569769cdc2344d9aa1607615deae8bbc4545d499da46ac
                                                                                                                                                                        • Instruction ID: 20bc9f54fe8b388af160bfbc92b20996ffd9ac2b8c2159705f0f15e1d702d413
                                                                                                                                                                        • Opcode Fuzzy Hash: c67d0b199afa614a42569769cdc2344d9aa1607615deae8bbc4545d499da46ac
                                                                                                                                                                        • Instruction Fuzzy Hash: B161D423A28AC196E714AF39D6047E87760FB85BA8F844535DE1C03791EFBCE058C390
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNELBASE ref: 00007FF77FE13A25
                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00007FF77FE13A42
                                                                                                                                                                        • FreeLibrary.KERNELBASE ref: 00007FF77FE13A62
                                                                                                                                                                          • Part of subcall function 00007FF77FE139C0: GetLastError.KERNEL32(?,?,?,00007FF77FE13B80,?,?,?,00007FF77FE142C9,?,?,?,?,00007FF77FE11031), ref: 00007FF77FE139C6
                                                                                                                                                                          • Part of subcall function 00007FF77FE139C0: RaiseException.KERNEL32(?,?,?,00007FF77FE13B80,?,?,?,00007FF77FE142C9,?,?,?,?,00007FF77FE11031), ref: 00007FF77FE139FF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$AddressErrorExceptionFreeLastLoadProcRaise
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 386220097-0
                                                                                                                                                                        • Opcode ID: 55289a7fcf567d6fc37604f5a9609b51a8c42d30ea13611f0b10e3126723dc72
                                                                                                                                                                        • Instruction ID: 234f036aea1423d8f2040b219dc69e28b731bace06330b4a6914ebd370455844
                                                                                                                                                                        • Opcode Fuzzy Hash: 55289a7fcf567d6fc37604f5a9609b51a8c42d30ea13611f0b10e3126723dc72
                                                                                                                                                                        • Instruction Fuzzy Hash: 80F0C833A38BC285FE006B137A401B9D155AFC4BC0F585975D95E07304EE7CD44193A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                        • Opcode ID: 847e315448d33ec932bdacaf819cbf365cdad76815bf1637d6656b56f8522315
                                                                                                                                                                        • Instruction ID: 1c3e3b1a2d372e7f72f7659ffb0ab9db93aa479130303480fb41a9dee8c51ed1
                                                                                                                                                                        • Opcode Fuzzy Hash: 847e315448d33ec932bdacaf819cbf365cdad76815bf1637d6656b56f8522315
                                                                                                                                                                        • Instruction Fuzzy Hash: F141B663B35E8141FA15EB169E045E9A392BFC5BE0F848539DE0E47798FE7CE04582A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCommandHandleLineModuleProc
                                                                                                                                                                        • String ID: SetDefaultDllDirectories$kernel32.dll$unregister$user
                                                                                                                                                                        • API String ID: 147197560-815688805
                                                                                                                                                                        • Opcode ID: 5709c1a7cf0b43fb8a302db99dfee1deae5af6bda4fbedd289ff6e36927d3558
                                                                                                                                                                        • Instruction ID: 64084fca261a4684724ef910a6bea05a47f39905b4e7bee4aac4a6830024053d
                                                                                                                                                                        • Opcode Fuzzy Hash: 5709c1a7cf0b43fb8a302db99dfee1deae5af6bda4fbedd289ff6e36927d3558
                                                                                                                                                                        • Instruction Fuzzy Hash: EC21B723738E8282DE10BB25D9404EDA320FFC4BB4B845732E66D432E5EEACD548C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseOpenOverridePredef
                                                                                                                                                                        • String ID: Software\Classes
                                                                                                                                                                        • API String ID: 2630863477-1656466771
                                                                                                                                                                        • Opcode ID: c313f1374a35ba85ed93cb0d8f175837ed073ca8541d3e038ce952050618a241
                                                                                                                                                                        • Instruction ID: ed918aff83df11f5155f504e0b31b7ef6ed394a2ab37359c996e1f0bdf91e008
                                                                                                                                                                        • Opcode Fuzzy Hash: c313f1374a35ba85ed93cb0d8f175837ed073ca8541d3e038ce952050618a241
                                                                                                                                                                        • Instruction Fuzzy Hash: 27F0F923B3CA4241E7106B6A99807BAA2A0EF857A0FA00734DE6D416E4FF9CD004D374
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 87 7ff77fe14148-7ff77fe14193 call 7ff77fe118e4 call 7ff77fe11768 call 7ff77fe118e4 call 7ff77fe11e1c 96 7ff77fe14199-7ff77fe141ac lstrcmpiW 87->96 97 7ff77fe14224-7ff77fe1424c call 7ff77fe11230 call 7ff77fe1147c 87->97 99 7ff77fe141db-7ff77fe141ed 96->99 100 7ff77fe141ae-7ff77fe141d6 call 7ff77fe1b924 call 7ff77fe13cd4 * 2 96->100 113 7ff77fe143ef-7ff77fe14420 call 7ff77fe11230 97->113 114 7ff77fe14252-7ff77fe142a3 InitializeCriticalSection call 7ff77fe1147c 97->114 103 7ff77fe141f8-7ff77fe14203 99->103 104 7ff77fe141ef-7ff77fe141f2 99->104 100->99 107 7ff77fe14211-7ff77fe14223 103->107 108 7ff77fe14205-7ff77fe1420b 103->108 104->103 108->107 124 7ff77fe14422-7ff77fe1442c 113->124 122 7ff77fe142a9-7ff77fe142d2 call 7ff77fe13acc 114->122 123 7ff77fe143e4-7ff77fe143ee call 7ff77fe11230 114->123 136 7ff77fe14303-7ff77fe1432f call 7ff77fe11a28 122->136 137 7ff77fe142d4-7ff77fe142fe call 7ff77fe12f40 call 7ff77fe1b924 call 7ff77fe13cd4 122->137 123->113 126 7ff77fe1444d-7ff77fe144a4 call 7ff77fe11ac4 call 7ff77fe147b4 call 7ff77fe11ac4 124->126 127 7ff77fe1442e-7ff77fe1443c 124->127 131 7ff77fe14449-7ff77fe1444b 127->131 132 7ff77fe1443e-7ff77fe14441 127->132 131->124 132->131 146 7ff77fe1433a-7ff77fe1434e 136->146 147 7ff77fe14331-7ff77fe14334 136->147 137->136 150 7ff77fe14359-7ff77fe143ba call 7ff77fe16840 call 7ff77fe14148 call 7ff77fe12f40 146->150 151 7ff77fe14350-7ff77fe14353 146->151 147->146 161 7ff77fe143bc-7ff77fe143bf 150->161 162 7ff77fe143c5-7ff77fe143d3 call 7ff77fe144a8 150->162 151->150 161->162 164 7ff77fe143d8-7ff77fe143e3 162->164
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF77FE118E4: PathRemoveExtensionW.SHLWAPI(?,?,?,00007FF77FE14166,?,?,?,00007FF77FE14397,?,?,?,?,00007FF77FE11031), ref: 00007FF77FE11940
                                                                                                                                                                          • Part of subcall function 00007FF77FE11768: VirtualQuery.KERNEL32 ref: 00007FF77FE1178F
                                                                                                                                                                        • lstrcmpiW.KERNELBASE(?,?,?,00007FF77FE14397,?,?,?,?,00007FF77FE11031), ref: 00007FF77FE141A4
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,?,?,?,00007FF77FE11031), ref: 00007FF77FE14278
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalExtensionInitializePathQueryRemoveSectionVirtuallstrcmpi
                                                                                                                                                                        • String ID: BraveUpdate.ini$SystemDrive
                                                                                                                                                                        • API String ID: 4116145752-4063966519
                                                                                                                                                                        • Opcode ID: 585b218e4b01064a166878589254a93d65b6c1fbbbc0224284a16055a9a10c7f
                                                                                                                                                                        • Instruction ID: 7fa66b8a82352098196a15c7019acd22072753aba563ab4dceec22b0de1621d1
                                                                                                                                                                        • Opcode Fuzzy Hash: 585b218e4b01064a166878589254a93d65b6c1fbbbc0224284a16055a9a10c7f
                                                                                                                                                                        • Instruction Fuzzy Hash: DF717423A39E8281EB00FB2AD9441E8B3A0FFC4BA4F844635D65E477A5DFACD545C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2303962521-0
                                                                                                                                                                        • Opcode ID: 932f7c441bc12c5655ae164f97e963ba30f4104fa42af6b90cedcf4448ca8a13
                                                                                                                                                                        • Instruction ID: 67fbe34d0aaf2d4d39b2711d2e02e18c735e6dfae41e125a7e90de46cd2be734
                                                                                                                                                                        • Opcode Fuzzy Hash: 932f7c441bc12c5655ae164f97e963ba30f4104fa42af6b90cedcf4448ca8a13
                                                                                                                                                                        • Instruction Fuzzy Hash: 43315B13E3CA8245FA20BB6A96513F99292AFC5384FC418B4E54D4B2D7DFEDA444C2F1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,?,?,?,00007FF77FE11031), ref: 00007FF77FE14278
                                                                                                                                                                          • Part of subcall function 00007FF77FE1147C: GetProcessHeap.KERNEL32 ref: 00007FF77FE114F2
                                                                                                                                                                          • Part of subcall function 00007FF77FE1147C: _Init_thread_footer.LIBCMT ref: 00007FF77FE11527
                                                                                                                                                                          • Part of subcall function 00007FF77FE1147C: _Init_thread_footer.LIBCMT ref: 00007FF77FE11590
                                                                                                                                                                          • Part of subcall function 00007FF77FE13ACC: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF77FE142C9,?,?,?,?,00007FF77FE11031), ref: 00007FF77FE13B0E
                                                                                                                                                                          • Part of subcall function 00007FF77FE13ACC: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF77FE142C9,?,?,?,?,00007FF77FE11031), ref: 00007FF77FE13B46
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentInit_thread_footerVariable$CriticalHeapInitializeProcessSection
                                                                                                                                                                        • String ID: BraveUpdate.ini$SystemDrive
                                                                                                                                                                        • API String ID: 3489650459-4063966519
                                                                                                                                                                        • Opcode ID: 782f436498ff015fde4b1bd4292e48b90e57d713d0d7b6be53d8b12ac70cae73
                                                                                                                                                                        • Instruction ID: 63bc47ffe05122b6d869c88ca979a2faaa0c99026b45d7b7ef3e7e4dea82a05e
                                                                                                                                                                        • Opcode Fuzzy Hash: 782f436498ff015fde4b1bd4292e48b90e57d713d0d7b6be53d8b12ac70cae73
                                                                                                                                                                        • Instruction Fuzzy Hash: DF616323A39AC681EA04FB29D9442E8B3A0FFC1B54F804635D65E077E5DFACE555C3A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 56bc4b33e30ecd438373de69222ac63f6b51fdce199bb6f9000f6194c878a1e3
                                                                                                                                                                        • Instruction ID: b684fed6e843b93c7ed7d10272ee2c55751d8de12891e86783c8eb8e444dd6fd
                                                                                                                                                                        • Opcode Fuzzy Hash: 56bc4b33e30ecd438373de69222ac63f6b51fdce199bb6f9000f6194c878a1e3
                                                                                                                                                                        • Instruction Fuzzy Hash: A8D06712B38A8642EA543B766E591FD92116FC8B01F80287DC85A56392DEACA44993A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 297 7ff77fe12568-7ff77fe125a0 call 7ff77fe11aec call 7ff77fe12be4 302 7ff77fe125e2-7ff77fe125fa CommandLineToArgvW 297->302 303 7ff77fe125a2-7ff77fe125ce call 7ff77fe117a8 call 7ff77fe12f40 297->303 304 7ff77fe12608-7ff77fe1260e 302->304 305 7ff77fe125fc-7ff77fe12603 call 7ff77fe139c0 302->305 321 7ff77fe125d9-7ff77fe125dd call 7ff77fe13f80 303->321 322 7ff77fe125d0-7ff77fe125d3 303->322 308 7ff77fe12614-7ff77fe12666 call 7ff77fe132f4 * 2 304->308 309 7ff77fe12856 304->309 315 7ff77fe12864-7ff77fe12879 305->315 325 7ff77fe12668-7ff77fe1266a 308->325 326 7ff77fe1266f-7ff77fe1267a call 7ff77fe1147c 308->326 313 7ff77fe1285b-7ff77fe1285e LocalFree 309->313 313->315 319 7ff77fe1287b-7ff77fe1287e 315->319 320 7ff77fe12884-7ff77fe1289d 315->320 319->320 321->302 322->321 325->313 329 7ff77fe1289e-7ff77fe128ab call 7ff77fe11230 326->329 330 7ff77fe12680-7ff77fe12695 326->330 334 7ff77fe1269b 330->334 335 7ff77fe127d2-7ff77fe127e7 330->335 336 7ff77fe126a0-7ff77fe126c5 call 7ff77fe11aec call 7ff77fe12be4 call 7ff77fe128ac 334->336 335->325 337 7ff77fe127ed-7ff77fe127f6 335->337 345 7ff77fe126c7-7ff77fe126d4 call 7ff77fe12998 336->345 346 7ff77fe126f8-7ff77fe126ff call 7ff77fe12904 336->346 337->325 353 7ff77fe126da-7ff77fe126ea call 7ff77fe12208 345->353 354 7ff77fe127fb 345->354 351 7ff77fe12780-7ff77fe1279e call 7ff77fe122e8 346->351 352 7ff77fe12701-7ff77fe1270c call 7ff77fe12904 346->352 366 7ff77fe12848-7ff77fe12854 351->366 367 7ff77fe127a4-7ff77fe127b7 351->367 368 7ff77fe12841-7ff77fe12846 352->368 369 7ff77fe12712-7ff77fe12751 call 7ff77fe12b4c call 7ff77fe12998 352->369 353->354 363 7ff77fe126f0-7ff77fe126f3 353->363 355 7ff77fe127ff-7ff77fe12803 354->355 360 7ff77fe12807-7ff77fe12814 355->360 364 7ff77fe1281f-7ff77fe12834 360->364 365 7ff77fe12816-7ff77fe12819 360->365 363->367 364->313 370 7ff77fe12836-7ff77fe1283f 364->370 365->364 366->360 371 7ff77fe127b9-7ff77fe127bc 367->371 372 7ff77fe127c2-7ff77fe127c8 367->372 368->354 379 7ff77fe1275c-7ff77fe1275e 369->379 380 7ff77fe12753-7ff77fe12756 369->380 370->313 371->372 372->336 375 7ff77fe127ce 372->375 375->335 379->355 381 7ff77fe12764-7ff77fe12775 call 7ff77fe12208 379->381 380->379 381->355 384 7ff77fe1277b-7ff77fe1277e 381->384 384->367
                                                                                                                                                                        APIs
                                                                                                                                                                        • CommandLineToArgvW.SHELL32 ref: 00007FF77FE125EE
                                                                                                                                                                          • Part of subcall function 00007FF77FE117A8: GetModuleFileNameW.KERNEL32(?,?,?,00007FF77FE118AF,?,?,?,00007FF77FE11900,?,?,?,00007FF77FE14166,?,?,?,00007FF77FE14397), ref: 00007FF77FE1181F
                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00007FF77FE1285E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ArgvCommandFileFreeLineLocalModuleName
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 871553864-0
                                                                                                                                                                        • Opcode ID: 68d2023c3308c72c8f942df7f976dc653d2697b746f26bdb1623dfaa2d38b52a
                                                                                                                                                                        • Instruction ID: 9db2ab0ee2b89c15820a3fba5101332253ef7b1b2d1e35ecdc15472d33550ca9
                                                                                                                                                                        • Opcode Fuzzy Hash: 68d2023c3308c72c8f942df7f976dc653d2697b746f26bdb1623dfaa2d38b52a
                                                                                                                                                                        • Instruction Fuzzy Hash: DFA1B563B25E82C2EB00AF6ACD402EDA761FB84BB4B804631DA2D577D5DFB8D445C390
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                        • Opcode ID: ab5672b8206b1259b8ff5942ab4e8ee7d0982f89718f223ccbdc1d18da8d6cb8
                                                                                                                                                                        • Instruction ID: 8b7dcc69303d83c616efa978979763cac7732e686d8e789019ff7613a3df6ad3
                                                                                                                                                                        • Opcode Fuzzy Hash: ab5672b8206b1259b8ff5942ab4e8ee7d0982f89718f223ccbdc1d18da8d6cb8
                                                                                                                                                                        • Instruction Fuzzy Hash: 4B218072B34A8589EB64AF69C4802EC77B0EB84718F841A35D61D46AC5DF78D486C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 03759c3ce407c5307847b7b93929e8982ebd359f1e2c61a00043aec005732ce4
                                                                                                                                                                        • Instruction ID: 94818e791fb2967f252d47d827dc28fee18c260eea00e54701b1dc2d15e6de08
                                                                                                                                                                        • Opcode Fuzzy Hash: 03759c3ce407c5307847b7b93929e8982ebd359f1e2c61a00043aec005732ce4
                                                                                                                                                                        • Instruction Fuzzy Hash: 82116333938AC686F210AB15DA401B9F3A4FFC4740F850539D69D47791EFBCE8109BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF77FE2065E,?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000), ref: 00007FF77FE20D15
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 3759019bf3abfeebbe8fbdaa3811d609cf2ed7db6f0fb0c2878c2b7c67cbfc2f
                                                                                                                                                                        • Instruction ID: d546954e188cf6ddea7ef8b59fbcb7c371fe1ac2298749733eba655b91267fff
                                                                                                                                                                        • Opcode Fuzzy Hash: 3759019bf3abfeebbe8fbdaa3811d609cf2ed7db6f0fb0c2878c2b7c67cbfc2f
                                                                                                                                                                        • Instruction Fuzzy Hash: 23F0AF46F3AA8A41FE64B6665E013F482811FC4B40F8C1438CA0E463C2ED9CE48181B0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 467 7ff77fe14a6c-7ff77fe14a83 RegOverridePredefKey 468 7ff77fe14a94 467->468 469 7ff77fe14a85-7ff77fe14a92 467->469 470 7ff77fe14a96-7ff77fe14a9a 468->470 469->470
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OverridePredef
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 898253552-0
                                                                                                                                                                        • Opcode ID: a54fe31a83ffca700cab3f2df1340a5a0451b92f8e500fe702df7ff68e3a2b60
                                                                                                                                                                        • Instruction ID: 6c97b0c159b977d94de9e9b79236598df09c3c901e9accfc42b5088199beed81
                                                                                                                                                                        • Opcode Fuzzy Hash: a54fe31a83ffca700cab3f2df1340a5a0451b92f8e500fe702df7ff68e3a2b60
                                                                                                                                                                        • Instruction Fuzzy Hash: F7D09221B3E99381EB48A2374E503BA91C26FC4671FA04A78D96EC03E4FD8CD445A269
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlocklstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2633044538-0
                                                                                                                                                                        • Opcode ID: 6352fce9b027cbcad951bd88884d2899684f12d3dcad91e103972fcb2fd759b9
                                                                                                                                                                        • Instruction ID: ec4ee08c60b1c22fdf2f19d799e6b0f4d70142726dcacd7414780b21adf18ec1
                                                                                                                                                                        • Opcode Fuzzy Hash: 6352fce9b027cbcad951bd88884d2899684f12d3dcad91e103972fcb2fd759b9
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D015222B39A8242FA046B52BE481BDA395AFC9FC1F845438D90E07798EE6CD444D3A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                        • Opcode ID: 856f282e32df8d73fe04972479197951aa21ac118391512de7235e9480e850fc
                                                                                                                                                                        • Instruction ID: 2a8f69aeef3f7f9f370e170c9c320fa54128be56adb4a806850534abe3ac3eaf
                                                                                                                                                                        • Opcode Fuzzy Hash: 856f282e32df8d73fe04972479197951aa21ac118391512de7235e9480e850fc
                                                                                                                                                                        • Instruction Fuzzy Hash: 25310A63629FC18AEB60AF65E8403EDB364FB84744F844439DA4D47A94EF78D548C760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                        • Opcode ID: 6dbf2d4e52e93027aaca7cf5313114e00885297a862569c248cde5624a2a885f
                                                                                                                                                                        • Instruction ID: 1dfab52abe097b7dbaf1f5a05eaa251487342d32e6c9a24001dddf347fc32c9b
                                                                                                                                                                        • Opcode Fuzzy Hash: 6dbf2d4e52e93027aaca7cf5313114e00885297a862569c248cde5624a2a885f
                                                                                                                                                                        • Instruction Fuzzy Hash: F0315F33628FC186EB609B25E9402EEB3A4FBC8754F900539EA9D43B65EF78C145CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF77FE14D6B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 450123788-631824599
                                                                                                                                                                        • Opcode ID: 6d4ae9a61894bf9dc68d31e19d5d557322089d6c62bf4dfdcca0423adfd2fa08
                                                                                                                                                                        • Instruction ID: 6bdf6423f6ac42abbf051b53fc60145a8a0dd25a3c7d43d8044377cfe5865b46
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d4ae9a61894bf9dc68d31e19d5d557322089d6c62bf4dfdcca0423adfd2fa08
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C113033A38F8296E744AB22DA543F972A5FF84355F805539C64D82650EFBCE164C7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 2565136772-3242537097
                                                                                                                                                                        • Opcode ID: d0932d7c438688d582f413cb499b0fb58ae1f7555594c2062416a4d41a1e6a08
                                                                                                                                                                        • Instruction ID: bf64b7eeff1aa4658fa422be942752efeeff524cdc3383eba528eada712aeeaa
                                                                                                                                                                        • Opcode Fuzzy Hash: d0932d7c438688d582f413cb499b0fb58ae1f7555594c2062416a4d41a1e6a08
                                                                                                                                                                        • Instruction Fuzzy Hash: E221FF22A39F8781FB15BB15AE545FCA2A1AFC4B40FD41479C80E036A4EFECE444D7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 3606184308-393685449
                                                                                                                                                                        • Opcode ID: 5938e31c2149abbec4c5cfa09968dd6a3a4af182ad2785b0433422f5d76a9126
                                                                                                                                                                        • Instruction ID: 54d302b934119869be410edeba18dbec097f48a08f1a9d157b09c1356dcfe2e1
                                                                                                                                                                        • Opcode Fuzzy Hash: 5938e31c2149abbec4c5cfa09968dd6a3a4af182ad2785b0433422f5d76a9126
                                                                                                                                                                        • Instruction Fuzzy Hash: 33D1C473A38B8586EB20AF26D5402EDBBA0FB85B88F400975DE4D47755CF78E580C792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF77FE1B26E,?,?,?,00007FF77FE17F1C,?,?,?,?,00007FF77FE16CE5), ref: 00007FF77FE1B041
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF77FE1B26E,?,?,?,00007FF77FE17F1C,?,?,?,?,00007FF77FE16CE5), ref: 00007FF77FE1B04F
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF77FE1B26E,?,?,?,00007FF77FE17F1C,?,?,?,?,00007FF77FE16CE5), ref: 00007FF77FE1B079
                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF77FE1B26E,?,?,?,00007FF77FE17F1C,?,?,?,?,00007FF77FE16CE5), ref: 00007FF77FE1B0BF
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF77FE1B26E,?,?,?,00007FF77FE17F1C,?,?,?,?,00007FF77FE16CE5), ref: 00007FF77FE1B0CB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                        • Opcode ID: f8e1ab219166680134276f99460196be67dd5d4fd441d943d03bdf1987045396
                                                                                                                                                                        • Instruction ID: 4d3f633ca6a8ac2946582139b3d4a8508ff5477f0748bdffb755d71996f46249
                                                                                                                                                                        • Opcode Fuzzy Hash: f8e1ab219166680134276f99460196be67dd5d4fd441d943d03bdf1987045396
                                                                                                                                                                        • Instruction Fuzzy Hash: D931E723B39E81C1EE11EB079A005F9A395BF88BA0F954975DD6D47784EFBCE04083A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitMessageProcesswsprintf
                                                                                                                                                                        • String ID: Exception$Exception %x in %s %s %u%hs:%d$base\logging.cc
                                                                                                                                                                        • API String ID: 1070390611-1730742759
                                                                                                                                                                        • Opcode ID: 7bc731f639765bbc45b412fa4d5d969e96db5bb59056e3641ba6b012cfbdfdd4
                                                                                                                                                                        • Instruction ID: 918d153e24826454c2f103f5b9471d98a157cde2f89828487154d97d47fef7cb
                                                                                                                                                                        • Opcode Fuzzy Hash: 7bc731f639765bbc45b412fa4d5d969e96db5bb59056e3641ba6b012cfbdfdd4
                                                                                                                                                                        • Instruction Fuzzy Hash: 9731D533A38EC681E710AB25E5402A9B360FFC4764F904636E95D437A8DFBCC445CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                        • Opcode ID: 337752e74d537d3fb1c8ed90e055371beaa0f34e4c906e10c9e35874f69b4d59
                                                                                                                                                                        • Instruction ID: 58baf58bef7681de8f4e7ad17d68a58f27ff8676d7ca3450c12739f26d1c5925
                                                                                                                                                                        • Opcode Fuzzy Hash: 337752e74d537d3fb1c8ed90e055371beaa0f34e4c906e10c9e35874f69b4d59
                                                                                                                                                                        • Instruction Fuzzy Hash: 87213D23A39AC642F96473215F491FDE1426FC87B0FD4473DDA6E066C6FEACA40186A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                        • Opcode ID: 6744946ae0f340affcf5deff357b5612c7dd714733c0c5371dfc196223539289
                                                                                                                                                                        • Instruction ID: 29d6e15c3b5819839d9f6d61e81cbdd9e920f194e5b56ff64f048d3e5f686d54
                                                                                                                                                                        • Opcode Fuzzy Hash: 6744946ae0f340affcf5deff357b5612c7dd714733c0c5371dfc196223539289
                                                                                                                                                                        • Instruction Fuzzy Hash: 64118432A38E8186E750AB16E9587A9B2A0FBC8FE4F440238DA5D47794DFBCD4448794
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 3523768491-393685449
                                                                                                                                                                        • Opcode ID: 26591c802a4259b13b1d66d889a493b927fbcf5d2857e053d389529106b2bb99
                                                                                                                                                                        • Instruction ID: f2e1fe83b1d4f5622eb022566b6019a0378b2d53cae8a66565f321e5911de641
                                                                                                                                                                        • Opcode Fuzzy Hash: 26591c802a4259b13b1d66d889a493b927fbcf5d2857e053d389529106b2bb99
                                                                                                                                                                        • Instruction Fuzzy Hash: 24E1E233A38AC18AE710AF26D5802FDBBA1FB85B48F940575DA4C07795CF78E581C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000,00007FF77FE1BF83,?,?,?), ref: 00007FF77FE2060B
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000,00007FF77FE1BF83,?,?,?), ref: 00007FF77FE20641
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000,00007FF77FE1BF83,?,?,?), ref: 00007FF77FE2066E
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000,00007FF77FE1BF83,?,?,?), ref: 00007FF77FE2067F
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000,00007FF77FE1BF83,?,?,?), ref: 00007FF77FE20690
                                                                                                                                                                        • SetLastError.KERNEL32(?,?,00000004,00007FF77FE1B90D,?,?,?,?,00007FF77FE2148A,?,?,00000000,00007FF77FE1BF83,?,?,?), ref: 00007FF77FE206AB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                        • Opcode ID: 5712cc44fb3870e7da7360faa01941ab53d3bfd94e8f330285dac57dd783fb5b
                                                                                                                                                                        • Instruction ID: 8727734a8de82f92b46c7193d8c881b2a34ad41a173b4d40b9cc86c6f00cf426
                                                                                                                                                                        • Opcode Fuzzy Hash: 5712cc44fb3870e7da7360faa01941ab53d3bfd94e8f330285dac57dd783fb5b
                                                                                                                                                                        • Instruction Fuzzy Hash: D9116F23B39AC642F95473215F550FDE1426FC87B0F94073DDA6E06AD6FEACA40186A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: 8fa0014bd8cc9ad319b709363effa9625d4e159ced705655add725fefc1abf70
                                                                                                                                                                        • Instruction ID: 2d270fee0f7c4a477dfd664c6116c3a084762422f3cea38472ec662180af940a
                                                                                                                                                                        • Opcode Fuzzy Hash: 8fa0014bd8cc9ad319b709363effa9625d4e159ced705655add725fefc1abf70
                                                                                                                                                                        • Instruction Fuzzy Hash: C9F0A463A38E8681EA10AB25AD443FAA320AFC8760FD01639C56E461E4DFACD044C3A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 4da5706cdb9565c04f999259001dba51b02a0139d752611930c9d8ada5766754
                                                                                                                                                                        • Instruction ID: 177fa5c989ffcd449e20386d74230df5203a253dc9818ae738a2dbb92855e781
                                                                                                                                                                        • Opcode Fuzzy Hash: 4da5706cdb9565c04f999259001dba51b02a0139d752611930c9d8ada5766754
                                                                                                                                                                        • Instruction Fuzzy Hash: 11B1A523A39EC281EB65BA1696401B9E290FFC4B84F8D4CB6DE4D07785DEBCD541C3A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                        • Opcode ID: 873ddd27d6e11e6a5cebdd6bc92ecbbe564fd9246daab4c3561fdf3265e0169f
                                                                                                                                                                        • Instruction ID: b6dd3f4fec5c11a6169a6f4b0b651220b66ef8935ee87ec629ec4e035f505148
                                                                                                                                                                        • Opcode Fuzzy Hash: 873ddd27d6e11e6a5cebdd6bc92ecbbe564fd9246daab4c3561fdf3265e0169f
                                                                                                                                                                        • Instruction Fuzzy Hash: 53119823DBCE8385F7643124DE513F990516FD4374F884B7CE96E162DBAE9CA94141A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF77FE1B457,?,?,00000000,00007FF77FE1B6F2,?,?,?,?,?,00007FF77FE1B67E), ref: 00007FF77FE206E3
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF77FE1B457,?,?,00000000,00007FF77FE1B6F2,?,?,?,?,?,00007FF77FE1B67E), ref: 00007FF77FE20702
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF77FE1B457,?,?,00000000,00007FF77FE1B6F2,?,?,?,?,?,00007FF77FE1B67E), ref: 00007FF77FE2072A
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF77FE1B457,?,?,00000000,00007FF77FE1B6F2,?,?,?,?,?,00007FF77FE1B67E), ref: 00007FF77FE2073B
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF77FE1B457,?,?,00000000,00007FF77FE1B6F2,?,?,?,?,?,00007FF77FE1B67E), ref: 00007FF77FE2074C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                        • Opcode ID: 3669e3dd6e8265979d328106abaed9e5f17b47101b1df01aae37e84564e7dc0f
                                                                                                                                                                        • Instruction ID: cfbb9057bf72e97dea8d1152fad56b7184b22d5096abaef91aff5af23ce00d73
                                                                                                                                                                        • Opcode Fuzzy Hash: 3669e3dd6e8265979d328106abaed9e5f17b47101b1df01aae37e84564e7dc0f
                                                                                                                                                                        • Instruction Fuzzy Hash: D7117223B3AAC202F95473215F451F9E2426FC47B0FD44339DA7E066D6FEACA4018AA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                        • Opcode ID: 4f6461fc046f75d7c704ca68a7f15aa9e848f7d45c219bc67483a711a6206271
                                                                                                                                                                        • Instruction ID: 2a4165b79df48565dda92129c2a03eebbde49a72adf78bcd362e5a88cf339246
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f6461fc046f75d7c704ca68a7f15aa9e848f7d45c219bc67483a711a6206271
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E111C63A79AC703F968B2254E154F991416FC8730FD8073DDA7E0A2D2FEBCB44186A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalEnterSectionTick$Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1544504822-0
                                                                                                                                                                        • Opcode ID: d7e02f4f289bb2db9ce91d24be9f87c42b2c0c2816f87d5be78a77ea46c855c7
                                                                                                                                                                        • Instruction ID: b28de98c5bd28c4ffd54127b9311915f20547ebb16a8caaf21f3231dca57a575
                                                                                                                                                                        • Opcode Fuzzy Hash: d7e02f4f289bb2db9ce91d24be9f87c42b2c0c2816f87d5be78a77ea46c855c7
                                                                                                                                                                        • Instruction Fuzzy Hash: ECF09623A3CED282EB10AF32BA441BDA360EFC5B84B856478D94E53754EF6CD445D3A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                        • Opcode ID: b6fc49948377dbb17c79eb66b37f6f8a3153f90d6d985a9f30fed9b3837e03c0
                                                                                                                                                                        • Instruction ID: 9fd1758ed41d7cf9dbf3becad68299da5470addf9ada33551a964a8413475d6b
                                                                                                                                                                        • Opcode Fuzzy Hash: b6fc49948377dbb17c79eb66b37f6f8a3153f90d6d985a9f30fed9b3837e03c0
                                                                                                                                                                        • Instruction Fuzzy Hash: 84910F73A28B818AE700EB66E9802ECBBB1FB84788F504539EE4C17755DF78D191CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                        • Opcode ID: 0ba2e5d5ee8c16ecea0c98da0d86f313a25d7fe570d73a396aa5ff547c76d6c9
                                                                                                                                                                        • Instruction ID: 0c3af4b9a89cd5c521fa44484476357b4fa2e613aecfac838de2ee1393b35c78
                                                                                                                                                                        • Opcode Fuzzy Hash: 0ba2e5d5ee8c16ecea0c98da0d86f313a25d7fe570d73a396aa5ff547c76d6c9
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F517933A28A858AE710EF66D1803EDB7A1F784B88F444565EF4D13B98CFB8E455C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                        • Opcode ID: 3712c0d4f12c1149fd05604199ca1cc57295d877ee970cbb819e1eb600357671
                                                                                                                                                                        • Instruction ID: bcbf64c1f99efbacda50b8decf84701a31f55a7a6143a88342ccb0ea5e1477d8
                                                                                                                                                                        • Opcode Fuzzy Hash: 3712c0d4f12c1149fd05604199ca1cc57295d877ee970cbb819e1eb600357671
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D51E433938AC586EB34AF1296402ACB6A1FBC0B84F944575DA9C47BD1CFBCE450C755
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                        • Opcode ID: 558573b1c91571b686ab66984aeb02d817c8bfb1d7119360fd03e322ea697503
                                                                                                                                                                        • Instruction ID: e629b338394aa830158bd53c9e4d10fede1d4d2c0e1f428aebc92cbf6da1e4cd
                                                                                                                                                                        • Opcode Fuzzy Hash: 558573b1c91571b686ab66984aeb02d817c8bfb1d7119360fd03e322ea697503
                                                                                                                                                                        • Instruction Fuzzy Hash: 6ED10133B28B8189E710DF79DA402EC77B1FB84798B50423ACE4D97B99EA78D006C750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF77FE260B0), ref: 00007FF77FE26233
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF77FE260B0), ref: 00007FF77FE262BD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                        • Opcode ID: 039988a083969568b42bf290a041371ef1dd6a4258fc4d1a49b43e5c6b676dc4
                                                                                                                                                                        • Instruction ID: c3842546aaabbf2cdadcdf80eb64cae218304452f8f4567799e8016b5d64f45b
                                                                                                                                                                        • Opcode Fuzzy Hash: 039988a083969568b42bf290a041371ef1dd6a4258fc4d1a49b43e5c6b676dc4
                                                                                                                                                                        • Instruction Fuzzy Hash: 5091E923E38A92C5F750AB659E402FDA7A0BBC4788F800239DE4E17695EFB8D445C760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00007FF77FE11324,?,?,?,00007FF77FE11B30,?,?,?,00007FF77FE13E07), ref: 00007FF77FE14DE2
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00007FF77FE11324,?,?,?,00007FF77FE11B30,?,?,?,00007FF77FE13E07), ref: 00007FF77FE14E00
                                                                                                                                                                        • _set_fmode.LIBCMT ref: 00007FF77FE14E53
                                                                                                                                                                        • _RTC_Initialize.LIBCMT ref: 00007FF77FE14E74
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInitializeLeave_set_fmode
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2803588085-0
                                                                                                                                                                        • Opcode ID: 034e50919c5ab0792a7cba575e5add851db26900540ec2dfc135d57f6124a83b
                                                                                                                                                                        • Instruction ID: a182076f32af195f9ccf51bf2d5e113b06d4ffc4d3a4ad452c338326faf73a5f
                                                                                                                                                                        • Opcode Fuzzy Hash: 034e50919c5ab0792a7cba575e5add851db26900540ec2dfc135d57f6124a83b
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B312F13E3CAC241FA2477A7AA411F992619FC4750F840CB5E65D4A693DFACF44183B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __except_validate_context_record
                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                        • API String ID: 1467352782-3733052814
                                                                                                                                                                        • Opcode ID: 376617b287ec064cc8087895f8245221c5592c5f98e766c62e2617e735b440cd
                                                                                                                                                                        • Instruction ID: 363ae8b1fcefd3fce0dea24664c7819a8d7acea2333be81cfbeaa5dc12a8abad
                                                                                                                                                                        • Opcode Fuzzy Hash: 376617b287ec064cc8087895f8245221c5592c5f98e766c62e2617e735b440cd
                                                                                                                                                                        • Instruction Fuzzy Hash: BD71C273638AC186D760AB22D5802BDBBE2FB81F84F848575DA8D07B85CB7CD590C791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 2558813199-1018135373
                                                                                                                                                                        • Opcode ID: e0e163a061f5fd86d3b0bc4f115189f4d0de6791220c887537f2f0b5cbdb6146
                                                                                                                                                                        • Instruction ID: d3a1bf6708de8f92177270bcab2c7c8e0d49744a22fdf4dd7931a1f591b588ef
                                                                                                                                                                        • Opcode Fuzzy Hash: e0e163a061f5fd86d3b0bc4f115189f4d0de6791220c887537f2f0b5cbdb6146
                                                                                                                                                                        • Instruction Fuzzy Hash: 8B517D73638B8586D620BB16E5402BEB7B4FB89B90F500674EB8D07B55CF78E460CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                        • String ID: U
                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                        • Opcode ID: 61e99a1328edc6c7ec8fa9f7610307a0d0c7835356aade33a271f142cd54f7cf
                                                                                                                                                                        • Instruction ID: ec4a2a334d9542b8dc5c1379bf3b6ce6a571ed995d2e496536285fdc5014fb53
                                                                                                                                                                        • Opcode Fuzzy Hash: 61e99a1328edc6c7ec8fa9f7610307a0d0c7835356aade33a271f142cd54f7cf
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41A223A38B8186EB20AF25EA443E9B761FB98794F844035EE4D87758EF7CD541C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • __C_specific_handler.LIBVCRUNTIME ref: 00007FF77FE278F8
                                                                                                                                                                          • Part of subcall function 00007FF77FE16AA8: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF77FE16AD3
                                                                                                                                                                          • Part of subcall function 00007FF77FE16AA8: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF77FE16B68
                                                                                                                                                                          • Part of subcall function 00007FF77FE16AA8: RtlUnwindEx.KERNEL32 ref: 00007FF77FE16BB7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: C_specific_handlerCurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                        • String ID: csm$f
                                                                                                                                                                        • API String ID: 3112662972-629598281
                                                                                                                                                                        • Opcode ID: 75fe812e090a62ea16aaf9a07a0bae683ccfdb612d7947684b0b506522d6098b
                                                                                                                                                                        • Instruction ID: 73b39cb09fb694d463fe0c04349a0605c4e8cb1802dc447457a679f8dde563b9
                                                                                                                                                                        • Opcode Fuzzy Hash: 75fe812e090a62ea16aaf9a07a0bae683ccfdb612d7947684b0b506522d6098b
                                                                                                                                                                        • Instruction Fuzzy Hash: DEF0AE13838BC680D6107B21A6402FCAA60BF86740F598974DA5C07346DE7CD8604264
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77FE160BE), ref: 00007FF77FE17C40
                                                                                                                                                                        • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77FE160BE), ref: 00007FF77FE17C86
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000005.00000002.2176325580.00007FF77FE11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF77FE10000, based on PE: true
                                                                                                                                                                        • Associated: 00000005.00000002.2176307415.00007FF77FE10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176352024.00007FF77FE29000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176373334.00007FF77FE39000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        • Associated: 00000005.00000002.2176392762.00007FF77FE3D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_5_2_7ff77fe10000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                        • Opcode ID: 03777b1816255e2506ae4b714f773a70b19ae6a9c3f00a805364dd9ab622737b
                                                                                                                                                                        • Instruction ID: 263afb533132cd1768707abfd33374acc726c7b9ae22f05d8a6ee976341c2670
                                                                                                                                                                        • Opcode Fuzzy Hash: 03777b1816255e2506ae4b714f773a70b19ae6a9c3f00a805364dd9ab622737b
                                                                                                                                                                        • Instruction Fuzzy Hash: 60116D32638B8182EB109F16E5402A9B7E1FB88B84F984234DE8C07754DF7CD951CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00B75113
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000090,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00B7513D
                                                                                                                                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,00000001,00000000,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00B75150
                                                                                                                                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,00000001,00000000,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00B7515F
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00010000,Function_00015476,00000000,00000000,?), ref: 00B75186
                                                                                                                                                                        • LoadLibraryW.KERNELBASE(dbghelp.dll,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00B75197
                                                                                                                                                                        • GetProcAddress.KERNELBASE(00000000,MiniDumpWriteDump), ref: 00B751B0
                                                                                                                                                                        • LoadLibraryW.KERNEL32(rpcrt4.dll,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 00B751BA
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,UuidCreate), ref: 00B751CD
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00BA1E3C,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B75217
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BA1E3C,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B7521E
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00B7556F,?,00000001,?,?,00000000), ref: 00B75268
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BA1E3C,?,?,00000000), ref: 00B75295
                                                                                                                                                                          • Part of subcall function 00B75E61: SetNamedPipeHandleState.KERNEL32(00000000,00000000,00000000,00000000,?,00B75102,00000000,?,?,?,00000000), ref: 00B75E8D
                                                                                                                                                                          • Part of subcall function 00B75E61: CloseHandle.KERNEL32(00000000,?,00B75102,00000000,?,?,?,00000000), ref: 00B75E98
                                                                                                                                                                          • Part of subcall function 00B75EFA: GetCurrentProcessId.KERNEL32(00000000,?,00000000), ref: 00B75F0B
                                                                                                                                                                          • Part of subcall function 00B75EFA: TransactNamedPipe.KERNEL32(00000000,?,0000002C,?,0000002C,00000000,00000000,00000000,00000000,?,?,00000000,?,?), ref: 00B75F57
                                                                                                                                                                          • Part of subcall function 00B75EFA: WriteFile.KERNEL32(00000000,?,0000002C,00000000,00000000,?,0000002C,00000000,00000000,00000000,00000000,?,?,00000000,?,?), ref: 00B75F97
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CreateHandle$AddressCloseInitializeLibraryLoadNamedPipeProcSemaphore$CurrentEnterExceptionFileFilterLeaveProcessStateThreadTransactUnhandledWrite
                                                                                                                                                                        • String ID: MiniDumpWriteDump$UuidCreate$dbghelp.dll$rpcrt4.dll
                                                                                                                                                                        • API String ID: 3460926157-801898421
                                                                                                                                                                        • Opcode ID: ddd6e5175c1597e781861346f3f65743d7499f2c6a09efccc42f1440b2261ad2
                                                                                                                                                                        • Instruction ID: 0968f6cbda198631efb4081f9a4eb50e4c2eb94c31c4be04e328ea3c0644e4e5
                                                                                                                                                                        • Opcode Fuzzy Hash: ddd6e5175c1597e781861346f3f65743d7499f2c6a09efccc42f1440b2261ad2
                                                                                                                                                                        • Instruction Fuzzy Hash: CB813DB1A047049FDB14EF649885AAA7BF8EF48700F1484BEE829DB356DB709941CF64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,00000000,000000C8,?,?,00B70907,?,00000000,00000000,00B6B051,00000000,00000000,00000000,?,00000000), ref: 00B752DC
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,000000C8,?,?,00B70907,?,00000000,00000000,00B6B051,00000000,00000000,00000000,?,00000000), ref: 00B752E7
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BA1E3C,?,00000000,000000C8,?,?,00B70907,?,00000000,00000000,00B6B051,00000000,00000000,00000000,?), ref: 00B752F8
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?,?,00B70907,?,00000000,00000000,00B6B051,00000000,00000000,00000000,?), ref: 00B75308
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BA1E3C,?,00B70907,?,00000000,00000000,00B6B051,00000000,00000000,00000000,?), ref: 00B753C6
                                                                                                                                                                        • ReleaseSemaphore.KERNEL32(000000C8,00000001,00000000,?,00000000,000000C8,?,?,00B70907,?,00000000,00000000), ref: 00B753EB
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,00B70907,?,00000000,00000000), ref: 00B753FC
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,00B70907,?,00000000,00000000), ref: 00B7540E
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00000000,?,00B70907,?,00000000,00000000), ref: 00B7541E
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00B70907,?,00000000,00000000), ref: 00B75426
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00B70907,?,00000000,00000000), ref: 00B7542E
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00BA1E3C,?,00000000,000000C8,?,?,00B70907,?,00000000,00000000,00B6B051,00000000,00000000,00000000,?), ref: 00B75445
                                                                                                                                                                        Strings
                                                                                                                                                                        • warning: removing Breakpad handler out of order, xrefs: 00B75349
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Close$DeleteFreeHandleLibrary$ChangeEnterExceptionFilterFindLeaveNotificationObjectReleaseSemaphoreSingleUnhandledWait
                                                                                                                                                                        • String ID: warning: removing Breakpad handler out of order
                                                                                                                                                                        • API String ID: 209165198-3173292377
                                                                                                                                                                        • Opcode ID: a4ae77110c778fe5e2e79aca169517495e3e8f8e669af69b1ec31e5387327375
                                                                                                                                                                        • Instruction ID: de081c6e81759c3ac89d2b1c18a4d21f42de9e9d81a1cdafc8386ed5ad1b4652
                                                                                                                                                                        • Opcode Fuzzy Hash: a4ae77110c778fe5e2e79aca169517495e3e8f8e669af69b1ec31e5387327375
                                                                                                                                                                        • Instruction Fuzzy Hash: F351BF31600A01EFDB15AB24DC86B58BBE4FF01360F148595E469A71B1DFB0FC55DB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 262 b65d70-b65d7b call b659ca 264 b65d80-b65d9e call b667f1 262->264 267 b65da0-b65df9 GetPrivateProfileIntW * 4 264->267 268 b65dfb-b65e05 264->268 269 b65e09-b65e10 267->269 268->269 270 b65e16-b65e24 269->270 271 b65e12 269->271 272 b65e27-b65e3b 270->272 271->270 273 b65e82-b65e8b 272->273 274 b65e3d-b65e40 272->274 273->272 276 b65e8d-b65ead call b65885 call b61622 273->276 274->273 275 b65e42-b65e54 call b667f1 274->275 281 b65e56-b65e63 GetPrivateProfileIntW 275->281 282 b65e65-b65e67 275->282 284 b65e68-b65e7f call b61622 281->284 282->284 284->273
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B659CA: RegOpenKeyExW.KERNELBASE(80000002,Software\BraveSoftware\UpdateDev\,00000000,00020019,00000000,?,00B65D80,?,?,00000000,00B71FC3,?,00000001,00000000), ref: 00B659EA
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingSettings,EnableLogging,00000001,00000000), ref: 00B65DAD
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingSettings,ShowTime,00000001,00000000), ref: 00B65DC4
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingSettings,LogToOutputDebug,00000000,00000000), ref: 00B65DDB
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingSettings,AppendToFile,00000001,00000000), ref: 00B65DF2
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingLevel,00000001,00000001,00000000), ref: 00B65E61
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: PrivateProfile$Open
                                                                                                                                                                        • String ID: AppendToFile$EnableLogging$LogToOutputDebug$LoggingLevel$LoggingSettings$ShowTime
                                                                                                                                                                        • API String ID: 2464959735-501848500
                                                                                                                                                                        • Opcode ID: 2d14deab90a01f181798a83c75e1f40f7991ac5c213ffecb1abe262abaef4ddc
                                                                                                                                                                        • Instruction ID: aa95490c7986d5a9e523f1157dfda7fc607d72e1c7bd981ac63bb2f7f34b9aec
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d14deab90a01f181798a83c75e1f40f7991ac5c213ffecb1abe262abaef4ddc
                                                                                                                                                                        • Instruction Fuzzy Hash: AC41A530A05344AADF10DFB88889B9E7FE4EF41744F1880F9E8509B393D6B99954C7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00B6157B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B61582
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                        • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                        • API String ID: 1646373207-2102062458
                                                                                                                                                                        • Opcode ID: 1b9369d1a276f9e91a17a5b496a703b389a72c262f2dc7a011cde8c23f8d0824
                                                                                                                                                                        • Instruction ID: e41a4570d48b515a545922e8ca46323e53e9fdf607c35434ca05034b6e08ee41
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b9369d1a276f9e91a17a5b496a703b389a72c262f2dc7a011cde8c23f8d0824
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F0184716083019BCB04FB78DC5696A77D8AF94710F044DADF956831E1EF78EA08CB62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 b723d2-b72412 call b718b1 call b63e44 5 b72414-b7241d 0->5 6 b7241f-b72433 0->6 7 b7245c-b72461 call b6864a 5->7 6->7 8 b72435-b72444 call b663c2 6->8 12 b72466-b72468 7->12 11 b72449-b7245b call b63100 8->11 11->7 14 b7246a-b72481 12->14 15 b724b9-b724df call b6818a 12->15 18 b72487-b724b4 call b663c2 call b63100 14->18 19 b72924-b72948 call b71f8f call b71987 call b7617b 14->19 24 b724f2-b7251a call b681d1 15->24 25 b724e1-b724e8 15->25 18->19 37 b72526-b725e3 call b72cd8 call b71a68 call b72cd8 * 5 call b71a68 * 3 call b681d1 24->37 38 b7251c-b72523 24->38 29 b724eb-b724ed 25->29 30 b724ea 25->30 34 b72903-b7290e 29->34 30->29 34->19 39 b72910-b7291d RegCloseKey 34->39 63 b725e5-b725e8 37->63 64 b725ee-b7260b call b681d1 37->64 38->37 39->19 63->64 67 b72616-b72628 call b68b2f 64->67 68 b7260d-b72610 64->68 71 b72901 67->71 72 b7262e-b7264d call b61692 call b68b54 67->72 68->67 71->34 77 b7264f-b72655 72->77 78 b7265a-b7266a call b640f4 72->78 79 b728e9-b728f5 call b61622 77->79 78->77 83 b7266c-b72692 call b6438c 78->83 79->72 86 b728fb 79->86 88 b728db 83->88 89 b72698-b726a5 IIDFromString 83->89 86->71 90 b728de-b728e6 call b61622 88->90 89->88 91 b726ab-b726c0 call b8aa4e 89->91 90->79 91->88 96 b726c6-b726dc call b64060 91->96 99 b726e2-b726e5 96->99 100 b72808-b7281f call b61692 call b68496 96->100 102 b726e7-b726f8 99->102 103 b72728-b7273b call b683c6 99->103 119 b72825-b72833 lstrcmpiW 100->119 120 b728c0-b728c6 call b61622 100->120 104 b726fe-b72723 call b663c2 102->104 105 b728cb-b728d9 call b61622 102->105 103->105 114 b72741-b7274f lstrcmpiW 103->114 116 b727fa-b72803 call b63100 104->116 105->90 117 b72751-b72765 call b72b47 114->117 118 b7276a-b72778 lstrcmpiW 114->118 116->105 117->105 124 b72794-b727a2 lstrcmpiW 118->124 125 b7277a-b7278f call b72b47 118->125 126 b72835-b7284c call b72b47 119->126 127 b7284e-b7285c lstrcmpiW 119->127 120->105 134 b727a4-b727b9 call b72b47 124->134 135 b727be-b727cf 124->135 125->105 143 b72875-b7287d call b6163a 126->143 129 b7287f-b72890 127->129 130 b7285e-b72872 call b72b47 127->130 129->120 140 b72892-b728bd call b663c2 call b63100 129->140 130->143 134->105 135->105 138 b727d5-b727f5 call b663c2 135->138 138->116 140->120 143->120
                                                                                                                                                                        APIs
                                                                                                                                                                        • IIDFromString.OLE32(?,?,?,00000000,?,0000007B,00000000,00000000,?,00000000), ref: 00B7269D
                                                                                                                                                                          • Part of subcall function 00B683C6: SHQueryValueExW.SHLWAPI(00B6802D,00000000,00000000,00000000,?,00000000,00B99D8C,00B99D8C,?,00B682CF,IsEnrolledToDomain,00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\), ref: 00B683E9
                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,Install,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B72747
                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,Update,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00B72770
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 00B72913
                                                                                                                                                                        Strings
                                                                                                                                                                        • UpdatesSuppressedStartMin, xrefs: 00B7257C
                                                                                                                                                                        • [ConfigManager::LoadGroupPolicies][Machine is not Enterprise Managed], xrefs: 00B7244F
                                                                                                                                                                        • RollbackToTargetVersion, xrefs: 00B72794
                                                                                                                                                                        • PackageCacheSizeLimit, xrefs: 00B7254C
                                                                                                                                                                        • PackageCacheLifeLimit, xrefs: 00B7255C
                                                                                                                                                                        • ProxyPacUrl, xrefs: 00B725BC
                                                                                                                                                                        • DownloadPreference, xrefs: 00B7253C
                                                                                                                                                                        • [ConfigManager::LoadGroupPolicies][Unexpected Type for policy prefix encountered][%s][%d], xrefs: 00B7271E
                                                                                                                                                                        • UpdatesSuppressedStartHour, xrefs: 00B7256C
                                                                                                                                                                        • HKLM\Software\Policies\BraveSoftware\Update\, xrefs: 00B7245C, 00B7249B, 00B724C5, 00B72507
                                                                                                                                                                        • InstallDefault, xrefs: 00B725D2
                                                                                                                                                                        • Update, xrefs: 00B7276A
                                                                                                                                                                        • ProxyServer, xrefs: 00B725AC
                                                                                                                                                                        • AutoUpdateCheckPeriodMinutes, xrefs: 00B7252C
                                                                                                                                                                        • Install, xrefs: 00B72741
                                                                                                                                                                        • [ConfigManager::LoadGroupPolicies][Unexpected DWORD policy prefix encountered][%s][%d], xrefs: 00B727F5
                                                                                                                                                                        • UpdatesSuppressedDurationMin, xrefs: 00B7258C
                                                                                                                                                                        • UpdateDefault, xrefs: 00B725FA
                                                                                                                                                                        • TargetVersionPrefix, xrefs: 00B7284E
                                                                                                                                                                        • CloudPolicyOverridesPlatformPolicy, xrefs: 00B72501
                                                                                                                                                                        • [ConfigManager::LoadGroupPolicies][No Group Policies found under key][%s], xrefs: 00B724A6
                                                                                                                                                                        • [ConfigManager::LoadGroupPolicies][Unexpected String policy prefix encountered][%s][%s], xrefs: 00B728B2
                                                                                                                                                                        • TargetChannel, xrefs: 00B72825
                                                                                                                                                                        • ProxyMode, xrefs: 00B7259C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$CloseFromQueryStringValue
                                                                                                                                                                        • String ID: AutoUpdateCheckPeriodMinutes$CloudPolicyOverridesPlatformPolicy$DownloadPreference$HKLM\Software\Policies\BraveSoftware\Update\$Install$InstallDefault$PackageCacheLifeLimit$PackageCacheSizeLimit$ProxyMode$ProxyPacUrl$ProxyServer$RollbackToTargetVersion$TargetChannel$TargetVersionPrefix$Update$UpdateDefault$UpdatesSuppressedDurationMin$UpdatesSuppressedStartHour$UpdatesSuppressedStartMin$[ConfigManager::LoadGroupPolicies][Machine is not Enterprise Managed]$[ConfigManager::LoadGroupPolicies][No Group Policies found under key][%s]$[ConfigManager::LoadGroupPolicies][Unexpected DWORD policy prefix encountered][%s][%d]$[ConfigManager::LoadGroupPolicies][Unexpected String policy prefix encountered][%s][%s]$[ConfigManager::LoadGroupPolicies][Unexpected Type for policy prefix encountered][%s][%d]
                                                                                                                                                                        • API String ID: 1282796498-3835949105
                                                                                                                                                                        • Opcode ID: fc3b64750bd0265b7b841c373552712cedc419480204de45ad3d3b00b7f50b19
                                                                                                                                                                        • Instruction ID: f62f81defe85dcf7e4a20c0941b33f6140e0229d5f79f4785b26b464507a2727
                                                                                                                                                                        • Opcode Fuzzy Hash: fc3b64750bd0265b7b841c373552712cedc419480204de45ad3d3b00b7f50b19
                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF16E71E002199BDF14DFA4CC92BEEBBF8EF05304F1085A9E629B7291DB345A45CB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 288 b63d94-b63da0 289 b63e36-b63e43 288->289 290 b63da6-b63dc2 call b63ed2 288->290 293 b63dc4-b63dd2 GetProcAddress 290->293 294 b63df5 290->294 295 b63dd4-b63dd8 293->295 296 b63df2-b63df3 FreeLibrary 293->296 297 b63dfa-b63e08 294->297 301 b63ddb-b63de8 FreeLibrary 295->301 296->294 298 b63e33-b63e35 297->298 299 b63e0a-b63e1b call b63ed2 297->299 298->289 299->298 304 b63e1d-b63e2b GetProcAddress 299->304 301->297 303 b63dea-b63ded 301->303 303->297 305 b63def-b63df0 303->305 306 b63e30-b63e31 FreeLibrary 304->306 307 b63e2d 304->307 305->297 306->298 307->306
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcAddress.KERNELBASE(00000000,NetGetAadJoinInformation), ref: 00B63DCA
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00B63EC7,?,00000000,00000000,?,00000000,00000000), ref: 00B63DDF
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00B63EC7,?,00000000,00000000,?,00000000,00000000), ref: 00B63DF3
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetFreeAadJoinInformation), ref: 00B63E23
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00B63EC7,?,00000000,00000000,?,00000000,00000000), ref: 00B63E31
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary$AddressProc
                                                                                                                                                                        • String ID: NetApi32.dll$NetFreeAadJoinInformation$NetGetAadJoinInformation
                                                                                                                                                                        • API String ID: 1309337288-2909723663
                                                                                                                                                                        • Opcode ID: 14b544e8476c274380dffe7a9c00bb7838b893bc985e641cc6d501675654e842
                                                                                                                                                                        • Instruction ID: cbf8b3b2926def6001400be34538c90e7f549b5e74a9352e63f91899468532cf
                                                                                                                                                                        • Opcode Fuzzy Hash: 14b544e8476c274380dffe7a9c00bb7838b893bc985e641cc6d501675654e842
                                                                                                                                                                        • Instruction Fuzzy Hash: ED119431B01625AB5B1167799C85DAE72E8EF81F50B1002ECE416E7290DF39DE0287B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 308 b80c3a-b80c46 309 b80cd8-b80cdb 308->309 310 b80c4b-b80c5c 309->310 311 b80ce1 309->311 313 b80c69-b80c82 LoadLibraryExW 310->313 314 b80c5e-b80c61 310->314 312 b80ce3-b80ce7 311->312 317 b80ce8-b80cf8 313->317 318 b80c84-b80c8d GetLastError 313->318 315 b80d01-b80d03 314->315 316 b80c67 314->316 315->312 320 b80cd5 316->320 317->315 319 b80cfa-b80cfb FreeLibrary 317->319 321 b80c8f-b80ca1 call b7f3a8 318->321 322 b80cc6-b80cd3 318->322 319->315 320->309 321->322 325 b80ca3-b80cb5 call b7f3a8 321->325 322->320 325->322 328 b80cb7-b80cc4 LoadLibraryExW 325->328 328->317 328->322
                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00B80D47,00B7A3DB,0000000C,?,00000000,00000000,?,00B80EA1,00000021,FlsSetValue,00B8FEFC,00B8FF04,?), ref: 00B80CFB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                        • Opcode ID: 57c89a135fc38210ec00e265389813cca8ade926a5c503c8a34eb8bdf088e492
                                                                                                                                                                        • Instruction ID: 83fd742d3990d6fef611bd94fbf2f205b36d37774f1b81ddf72f9fbf9d7bcfbd
                                                                                                                                                                        • Opcode Fuzzy Hash: 57c89a135fc38210ec00e265389813cca8ade926a5c503c8a34eb8bdf088e492
                                                                                                                                                                        • Instruction Fuzzy Hash: B2210531A12215ABD761BF25DC45A6E77A8EF523E0F2102A0EC16A72B0DA30ED04CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 329 b73e31-b73e3d 330 b73e3f-b73e46 call b68e96 329->330 331 b73e4c-b73e70 call b73688 329->331 330->331 338 b73f16-b73f19 330->338 336 b73e72-b73e77 331->336 337 b73e79 331->337 340 b73e7b-b73e99 call b720c1 336->340 337->340 343 b73ea0-b73eb0 call b6818a 340->343 344 b73e9b 340->344 347 b73ed6-b73ee1 343->347 348 b73eb2-b73ed1 call b67ffd * 2 call b67fcd 343->348 344->343 349 b73ef7-b73f0b 347->349 350 b73ee3-b73ef0 RegCloseKey 347->350 348->347 349->338 356 b73f0d-b73f10 CloseHandle 349->356 350->349 356->338
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegCloseKey.KERNELBASE(00000000,HKLM\Software\BraveSoftware\Update\,000F003F,?,?), ref: 00B73EE6
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?), ref: 00B73F10
                                                                                                                                                                          • Part of subcall function 00B68E96: AllocateAndInitializeSid.ADVAPI32(00B73E44,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00B73E44), ref: 00B68ECC
                                                                                                                                                                          • Part of subcall function 00B68E96: CheckTokenMembership.ADVAPI32(00000000,?,?,?,?,?,00B73E44), ref: 00B68EE1
                                                                                                                                                                          • Part of subcall function 00B68E96: FreeSid.ADVAPI32(?,?,?,?,00B73E44), ref: 00B68EF1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$AllocateCheckFreeHandleInitializeMembershipToken
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$old-uid$uid
                                                                                                                                                                        • API String ID: 3938284221-524266813
                                                                                                                                                                        • Opcode ID: 2c9cecb362b7b338575d625e558b59093fd26795659b2b84c1a8621be01a73e7
                                                                                                                                                                        • Instruction ID: 645a38ff973d32d8fad0d2a8d983262d1876b9573572e3f41faf878b21a78bbd
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c9cecb362b7b338575d625e558b59093fd26795659b2b84c1a8621be01a73e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 64217F31944209EBCF00EBA4C959AEEBBF4EF11715F1081E4E425771A1DBB54B08DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 358 b631cf-b631e5 359 b631e7 358->359 360 b63208-b6321c call b76298 358->360 361 b631ea-b63207 LoadLibraryExW 359->361 364 b6321e-b63241 GetModuleHandleW GetProcAddress call b7624e 360->364 365 b631e9 360->365 364->365 365->361
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,00000000,00B63F0E,kernel32.dll,?,00000000,00000000,?,00000000,?,00B69EDB,00000000,?,00000000), ref: 00B63200
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,AddDllDirectory,kernel32.dll,00000000,00B63F0E,kernel32.dll,?,00000000,00000000,?,00000000,?,00B69EDB,00000000,?,00000000), ref: 00B63228
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B6322F
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00B6323B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressHandleInit_thread_footerLibraryLoadModuleProc
                                                                                                                                                                        • String ID: AddDllDirectory$kernel32.dll
                                                                                                                                                                        • API String ID: 636144039-3973626626
                                                                                                                                                                        • Opcode ID: 3ce16018fc4c44edc621cc8b5daceefa0b0ac4a534867fa7ceaeb346e1595788
                                                                                                                                                                        • Instruction ID: cd61416b901ec92a8eba50e4cf8af44c3a06528fb4d5d980276f035c502570ab
                                                                                                                                                                        • Opcode Fuzzy Hash: 3ce16018fc4c44edc621cc8b5daceefa0b0ac4a534867fa7ceaeb346e1595788
                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF09672540501EBC700AB2CEC4AE5577E8EB56F21B1446AAF125E35B0DF7DA8418710
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 368 b681d1-b681f7 call b64186 call b6895d 373 b68340-b6834e call b61622 368->373 374 b681fd-b68224 call b68125 368->374 379 b6822a-b68230 374->379 380 b6832b 374->380 382 b68236-b6823a 379->382 383 b682ea-b682f1 call b683ff 379->383 381 b6832e-b68337 380->381 381->373 384 b68339-b6833a RegCloseKey 381->384 385 b68240-b68243 382->385 386 b682d1-b682e8 call b6834f 382->386 391 b682f6 383->391 384->373 389 b68245-b68248 385->389 390 b682c3-b682ca call b683c6 385->390 386->391 394 b6828c-b682b0 call b6834f 389->394 395 b6824a-b6824d 389->395 400 b682cf 390->400 396 b682f8-b682ff 391->396 394->396 408 b682b2-b682c1 call b68555 394->408 401 b6824f-b68254 395->401 402 b68259-b6827f SHQueryValueExW 395->402 397 b68323-b68325 396->397 398 b68301-b6830c RegCloseKey 396->398 397->381 406 b68327-b68329 397->406 403 b68317-b68320 398->403 404 b6830e-b68311 398->404 400->391 401->396 402->396 407 b68281-b6828a 402->407 403->397 404->403 406->381 407->396 408->391
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKLM,00000000,?,?,00000000,?,00000000,80070003,?,IsEnrolledToDomain,?), ref: 00B68A00
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE), ref: 00B68A0C
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKCU), ref: 00B68A18
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_CURRENT_USER), ref: 00B68A28
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKU), ref: 00B68A34
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_USERS), ref: 00B68A40
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKCR), ref: 00B68A4C
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_CLASSES_ROOT), ref: 00B68A58
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKLM[64]), ref: 00B68A64
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE[64]), ref: 00B68A70
                                                                                                                                                                          • Part of subcall function 00B68125: RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000,80070003,00000000,00B63E8C,?,00B68220,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?), ref: 00B6815E
                                                                                                                                                                        • SHQueryValueExW.SHLWAPI(00000000,IsEnrolledToDomain,00000000,00000000,00000000,00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?,00000000), ref: 00B68275
                                                                                                                                                                        • RegCloseKey.KERNELBASE(00000000,IsEnrolledToDomain,00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?,00000000), ref: 00B68302
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?,00000000), ref: 00B6833A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$Close$OpenQueryValue
                                                                                                                                                                        • String ID: HKLM\Software\BraveSoftware\UpdateDev\$IsEnrolledToDomain
                                                                                                                                                                        • API String ID: 645971292-1068114416
                                                                                                                                                                        • Opcode ID: 5ce6dcae15fa7bff32580bd7269082ef05712c7e198329607ee612e50a9a9db2
                                                                                                                                                                        • Instruction ID: dc88a89f8028476813cf28667c9cf8d00a5448e164713c5ddab87576f98c51fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 5ce6dcae15fa7bff32580bd7269082ef05712c7e198329607ee612e50a9a9db2
                                                                                                                                                                        • Instruction Fuzzy Hash: B341817690010AEBDF01DFA9C8A5AFEBBF9EB44310F104299B515E7241DF38DA04CB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 411 b7294b-b72965 call b686d2 414 b72967-b72969 411->414 415 b7296e-b72977 411->415 416 b72a12-b72a16 414->416 417 b7297e-b729a1 call b6818a 415->417 418 b72979 415->418 421 b729a3-b729b1 call b68bde 417->421 422 b729fa-b72a05 417->422 418->417 421->422 427 b729b3-b729ca call b61692 call b68c03 421->427 424 b72a07-b72a0a RegCloseKey 422->424 425 b72a10 422->425 424->425 425->416 432 b729cc-b729d2 call b7492e 427->432 433 b729db-b729e9 call b61622 427->433 436 b729d7-b729d9 432->436 433->427 439 b729eb 433->439 436->433 438 b729ed-b729f8 call b61622 436->438 438->422 439->422
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B686D2: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,HKLM\Software\BraveSoftware\UpdateDev\,00000000), ref: 00B68728
                                                                                                                                                                          • Part of subcall function 00B686D2: RegCloseKey.ADVAPI32(00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,00000000), ref: 00B6873E
                                                                                                                                                                          • Part of subcall function 00B686D2: RegCloseKey.ADVAPI32(00000000,00000000,?,?,HKLM\Software\BraveSoftware\UpdateDev\,00000000), ref: 00B68761
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,HKLM\Software\BraveSoftware\Update\ClientState\,00020019,?,00000000), ref: 00B72A0A
                                                                                                                                                                        Strings
                                                                                                                                                                        • UsageStats, xrefs: 00B72951
                                                                                                                                                                        • HKLM\Software\BraveSoftware\UpdateDev\, xrefs: 00B72956
                                                                                                                                                                        • HKLM\Software\BraveSoftware\Update\ClientState\, xrefs: 00B72972
                                                                                                                                                                        • HKCU\Software\BraveSoftware\Update\ClientState\, xrefs: 00B72979, 00B7298C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$QueryValue
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\ClientState\$HKLM\Software\BraveSoftware\UpdateDev\$HKLM\Software\BraveSoftware\Update\ClientState\$UsageStats
                                                                                                                                                                        • API String ID: 2393043351-725874505
                                                                                                                                                                        • Opcode ID: ae34359a14a69d59b7abbc80b84204684bac04ac0159d7f93059249fdea8d27d
                                                                                                                                                                        • Instruction ID: 5822e5f48b16b69859f4429eda38e772eb680200ab3e33709e4b7ce5441a0a77
                                                                                                                                                                        • Opcode Fuzzy Hash: ae34359a14a69d59b7abbc80b84204684bac04ac0159d7f93059249fdea8d27d
                                                                                                                                                                        • Instruction Fuzzy Hash: 8E21D535900118ABCF10EFA8C9916EEB7F4EF51344F1885F8D96A77282DB315A05D750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 442 b72a19-b72a66 call b76ee0 GetComputerNameExW 445 b72a82-b72aa1 NetWkstaGetInfo 442->445 446 b72a68-b72a7c call b6509d 442->446 447 b72aa3-b72aa6 445->447 448 b72abd-b72ac6 NetApiBufferFree 445->448 446->445 453 b72a7e-b72a80 446->453 447->448 450 b72aa8-b72ab9 call b85624 447->450 451 b72ac7-b72ad3 call b7617b 448->451 450->448 458 b72abb 450->458 453->451 458->448
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetComputerNameExW.KERNEL32(00000003,?,00000100,?,?,?), ref: 00B72A5E
                                                                                                                                                                        • NetWkstaGetInfo.NETAPI32(00000000,00000064,?), ref: 00B72A93
                                                                                                                                                                        • NetApiBufferFree.NETAPI32(?,?,?,?), ref: 00B72ABE
                                                                                                                                                                          • Part of subcall function 00B6509D: lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,00B72A79,?,?,?,?), ref: 00B650B7
                                                                                                                                                                          • Part of subcall function 00B6509D: lstrlenW.KERNEL32(.brave.com,?,00B72A79,?,?,?,?), ref: 00B650BF
                                                                                                                                                                          • Part of subcall function 00B6509D: CharLowerW.USER32(74C08459,?,00B72A79,?,?,?,?), ref: 00B650E1
                                                                                                                                                                          • Part of subcall function 00B6509D: CharLowerW.USER32(7622E0B0,?,00B72A79,?,?,?,?), ref: 00B650EB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CharLowerlstrlen$BufferComputerFreeInfoNameWksta
                                                                                                                                                                        • String ID: .brave.com$brave
                                                                                                                                                                        • API String ID: 723138920-1739565110
                                                                                                                                                                        • Opcode ID: 7d12d7cc4109b30d849bab2ff7f84cca3683c3607762d24d880f75af9f1a1261
                                                                                                                                                                        • Instruction ID: 910ca7ba0d70fe093e4d60e6b5ef15153395e76fbdc038cfa4c60fab0b0a4b82
                                                                                                                                                                        • Opcode Fuzzy Hash: 7d12d7cc4109b30d849bab2ff7f84cca3683c3607762d24d880f75af9f1a1261
                                                                                                                                                                        • Instruction Fuzzy Hash: ED119475500319ABDB30DF50DC89AAA73FCDB15304F1080EAE569A7192EB309E84CF64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 459 b659ca-b659f2 RegOpenKeyExW 460 b659f4-b659f6 459->460 461 b659f8-b65a2e RegQueryValueExW RegCloseKey 459->461 462 b65a40-b65a42 460->462 463 b65a30-b65a33 461->463 464 b65a3c-b65a3f 461->464 463->464 465 b65a35-b65a38 463->465 464->462 465->464 466 b65a3a 465->466 466->464
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000002,Software\BraveSoftware\UpdateDev\,00000000,00020019,00000000,?,00B65D80,?,?,00000000,00B71FC3,?,00000001,00000000), ref: 00B659EA
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,IsEnabledLogToFile,00000000,?,?,00B65D80,?,?,?,00B65D80,?,?,00000000,00B71FC3,?,00000001), ref: 00B65A1B
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,00B65D80,?,?,00000000,00B71FC3,?,00000001,00000000), ref: 00B65A26
                                                                                                                                                                        Strings
                                                                                                                                                                        • IsEnabledLogToFile, xrefs: 00B65A13
                                                                                                                                                                        • Software\BraveSoftware\UpdateDev\, xrefs: 00B659DD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                        • String ID: IsEnabledLogToFile$Software\BraveSoftware\UpdateDev\
                                                                                                                                                                        • API String ID: 3677997916-2014861767
                                                                                                                                                                        • Opcode ID: e1e3b08b94bf4c2eea63ef600644b7cc8e8c9524c5309554d56fc65b76e1b8be
                                                                                                                                                                        • Instruction ID: cc82e49d0f741315c3a72a10cf0371e95b0b6b833a3035bd266f4d9ad7cf7f8b
                                                                                                                                                                        • Opcode Fuzzy Hash: e1e3b08b94bf4c2eea63ef600644b7cc8e8c9524c5309554d56fc65b76e1b8be
                                                                                                                                                                        • Instruction Fuzzy Hash: 89015AB2D40228FFDF219FD59C85AEEBBBCEF40354F1045A6E911A7150D6749A10DAA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 467 b75e61-b75e6f 468 b75e73-b75e7a 467->468 469 b75e71 467->469 470 b75ea7 468->470 471 b75e7c 468->471 469->468 473 b75eaa-b75ec5 CreateFileW 470->473 472 b75e7f-b75e95 SetNamedPipeHandleState 471->472 474 b75e97-b75e9e CloseHandle 472->474 475 b75ea0 472->475 476 b75ec7-b75ed2 GetLastError 473->476 477 b75ef2-b75ef4 473->477 474->475 478 b75ea2-b75ea6 475->478 479 b75ef6-b75ef8 476->479 480 b75ed4-b75ee2 WaitNamedPipeW 476->480 477->472 477->479 479->478 480->479 481 b75ee4-b75eee 480->481 481->473 482 b75ef0 481->482 482->479
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetNamedPipeHandleState.KERNEL32(00000000,00000000,00000000,00000000,?,00B75102,00000000,?,?,?,00000000), ref: 00B75E8D
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00B75102,00000000,?,?,?,00000000), ref: 00B75E98
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,00000103,00000000,00000000,00000003,00110000,00000000,?,?,00000000,?,?,?,00B75102,00000000,?), ref: 00B75EBA
                                                                                                                                                                        • GetLastError.KERNEL32(?,00B75102,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00B75EC7
                                                                                                                                                                        • WaitNamedPipeW.KERNEL32(?,000007D0,?,00B75102,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,?,?), ref: 00B75EDA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleNamedPipe$CloseCreateErrorFileLastStateWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1846735221-0
                                                                                                                                                                        • Opcode ID: 3cd39d506f5877d9cde5c7d8efe9e48a06c98405be72c2fe7d1218c531bd6220
                                                                                                                                                                        • Instruction ID: 7d4ec7747aa492e6fd010911f6754c5caeeb43cdd69845931ef693dc11e24ad3
                                                                                                                                                                        • Opcode Fuzzy Hash: 3cd39d506f5877d9cde5c7d8efe9e48a06c98405be72c2fe7d1218c531bd6220
                                                                                                                                                                        • Instruction Fuzzy Hash: 6911C271A01650FBD7308F259C49F5B7AECDB85B65F208598F829F72A0CAB0DF41C6A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 483 b691ca-b691e5 GetFileVersionInfoSizeW 484 b69257 483->484 485 b691e7-b69200 call b8a8a1 GetFileVersionInfoW 483->485 487 b69259-b6925c 484->487 489 b69202-b6920b call b7693a 485->489 490 b6920d-b6922c VerQueryValueW 485->490 497 b69251-b69256 489->497 492 b6922e-b69231 490->492 493 b6924a-b6924c call b7693a 490->493 492->493 495 b69233-b69248 492->495 493->497 495->487 497->484
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileVersionInfoSizeW.KERNELBASE(00000000,?,?,00000000), ref: 00B691DB
                                                                                                                                                                        • GetFileVersionInfoW.KERNELBASE(00000000,?,00000000,00000000,?,00000000), ref: 00B691F8
                                                                                                                                                                        • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,00000000,?,?,00000000), ref: 00B69224
                                                                                                                                                                        Strings
                                                                                                                                                                        • \VarFileInfo\Translation, xrefs: 00B6921A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                                                                        • String ID: \VarFileInfo\Translation
                                                                                                                                                                        • API String ID: 2179348866-675650646
                                                                                                                                                                        • Opcode ID: 8e4473e7d2e6ce0ee72f2169d0e9a34eba54be91278b7d70352cf63668645cfd
                                                                                                                                                                        • Instruction ID: 2055f9c2721fcdb341447d178a206fc802d7e36b44381bcef668f02ba103ae7d
                                                                                                                                                                        • Opcode Fuzzy Hash: 8e4473e7d2e6ce0ee72f2169d0e9a34eba54be91278b7d70352cf63668645cfd
                                                                                                                                                                        • Instruction Fuzzy Hash: 23115E75500204FFDB219F66C85486EBBFDEFC475072084AAE995D3160EB35CA41DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 498 b686d2-b686f5 call b64186 call b6895d 503 b68767-b68774 call b61622 498->503 504 b686f7-b68715 call b68125 498->504 507 b6871a-b6871c 504->507 509 b68752 507->509 510 b6871e-b6873b RegQueryValueExW 507->510 511 b68755-b6875e 509->511 510->511 512 b6873d-b68750 RegCloseKey 510->512 511->503 513 b68760-b68761 RegCloseKey 511->513 512->511 513->503
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKLM,00000000,?,?,00000000,?,00000000,80070003,?,IsEnrolledToDomain,?), ref: 00B68A00
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE), ref: 00B68A0C
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKCU), ref: 00B68A18
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_CURRENT_USER), ref: 00B68A28
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKU), ref: 00B68A34
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_USERS), ref: 00B68A40
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKCR), ref: 00B68A4C
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_CLASSES_ROOT), ref: 00B68A58
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKLM[64]), ref: 00B68A64
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE[64]), ref: 00B68A70
                                                                                                                                                                          • Part of subcall function 00B68125: RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000,80070003,00000000,00B63E8C,?,00B68220,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?), ref: 00B6815E
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,HKLM\Software\BraveSoftware\UpdateDev\,00000000), ref: 00B68728
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,00000000), ref: 00B6873E
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,?,?,HKLM\Software\BraveSoftware\UpdateDev\,00000000), ref: 00B68761
                                                                                                                                                                        Strings
                                                                                                                                                                        • HKLM\Software\BraveSoftware\UpdateDev\, xrefs: 00B686DA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$Close$OpenQueryValue
                                                                                                                                                                        • String ID: HKLM\Software\BraveSoftware\UpdateDev\
                                                                                                                                                                        • API String ID: 645971292-1470595806
                                                                                                                                                                        • Opcode ID: a376096f5c496aa9fe0a9b5aa39f6dbfc478389ae82f6f1aa84f8590beef0d8d
                                                                                                                                                                        • Instruction ID: f505007321f882bb002ffe471f6ff5b8a945f3d79ec7356219bf0ebeac83d376
                                                                                                                                                                        • Opcode Fuzzy Hash: a376096f5c496aa9fe0a9b5aa39f6dbfc478389ae82f6f1aa84f8590beef0d8d
                                                                                                                                                                        • Instruction Fuzzy Hash: B411607091121AAEEF04DBA5DD95ABF7BB8EF04300F1046A8A421A7151DF744E04CB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsDeviceRegisteredWithManagement), ref: 00B63168
                                                                                                                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,00B63EBE,?,00000000,00000000,?,00000000,00000000), ref: 00B63187
                                                                                                                                                                        Strings
                                                                                                                                                                        • MDMRegistration.dll, xrefs: 00B6314B
                                                                                                                                                                        • IsDeviceRegisteredWithManagement, xrefs: 00B63162
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                        • String ID: IsDeviceRegisteredWithManagement$MDMRegistration.dll
                                                                                                                                                                        • API String ID: 3013587201-129496282
                                                                                                                                                                        • Opcode ID: f93ed11678726e21485e32fa02e34ac9643c226771bf2d090e462f18d1a42fcc
                                                                                                                                                                        • Instruction ID: a8a7bbdb6222cc88c246e5be97a1ab17f5ed3888348f874d8f3affd5a2d684b2
                                                                                                                                                                        • Opcode Fuzzy Hash: f93ed11678726e21485e32fa02e34ac9643c226771bf2d090e462f18d1a42fcc
                                                                                                                                                                        • Instruction Fuzzy Hash: E9E0483774662173D63212192C48B6A10D98FC6F60F1A01BDFA05FB290DE7CCE0346B9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000,00000000,00000000,00B99D68,00000000), ref: 00B64798
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B6479E
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000,00000000), ref: 00B647F0
                                                                                                                                                                          • Part of subcall function 00B619D7: __alloca_probe_16.LIBCMT ref: 00B619FA
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B647C6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken__alloca_probe_16$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 434645856-0
                                                                                                                                                                        • Opcode ID: efbb5539d9e60c033d958d4dde82e189142f10f0a3fffaa64f096f90d4a45b8e
                                                                                                                                                                        • Instruction ID: 8a86c481a18c7aa8ae18716416d6d2b4cb8f80527acc9f97f0b2c5423f72abcb
                                                                                                                                                                        • Opcode Fuzzy Hash: efbb5539d9e60c033d958d4dde82e189142f10f0a3fffaa64f096f90d4a45b8e
                                                                                                                                                                        • Instruction Fuzzy Hash: B6216231900509EFDF14EF64C886AAFBBF9EF05754F1584A9E411A7251DB38AD01DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,0000001C,00000000,00000000,?,00000000,0000001C,00000000), ref: 00B639F6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FolderPath
                                                                                                                                                                        • String ID: LocalAppData$ProgramFiles
                                                                                                                                                                        • API String ID: 1514166925-2363656367
                                                                                                                                                                        • Opcode ID: 7c862e143d8f82e216d3158c36806921961f4547e4681c81f2b8c6aeb885241c
                                                                                                                                                                        • Instruction ID: 8420d8b1e31443d7a7f78d9c36d01f40612da76dde31cd7a7035241a1004c19b
                                                                                                                                                                        • Opcode Fuzzy Hash: 7c862e143d8f82e216d3158c36806921961f4547e4681c81f2b8c6aeb885241c
                                                                                                                                                                        • Instruction Fuzzy Hash: A8212775A0011897CB24E7A8DC99DBF73ECDB94B00F1045EDF456D7282DA388F44DA50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B69E62
                                                                                                                                                                          • Part of subcall function 00B63CB8: GetEnvironmentVariableW.KERNEL32(CrashHandlerLaunchedForMinidump,00000000,00000000,00000000,?,00000000,00B69E7E), ref: 00B63CC9
                                                                                                                                                                          • Part of subcall function 00B63CB8: GetEnvironmentVariableW.KERNEL32(CrashHandlerLaunchedForMinidump,00000000,00000000,00000000,?,00000000,00B69E7E), ref: 00B63CE0
                                                                                                                                                                        Strings
                                                                                                                                                                        • CommandLineMode, xrefs: 00B69EC0
                                                                                                                                                                        • CrashHandlerLaunchedForMinidump, xrefs: 00B69E6E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentVariable$CurrentThread
                                                                                                                                                                        • String ID: CommandLineMode$CrashHandlerLaunchedForMinidump
                                                                                                                                                                        • API String ID: 469354831-2890723410
                                                                                                                                                                        • Opcode ID: 3af8fd9f7d51220aeed23c15e433c385d6fd93fca11729b0aa4ce2f09f04b728
                                                                                                                                                                        • Instruction ID: 92c0d766e373813323844867c8684cdf4aaba5a70eee32f4de17b3ac2aefae96
                                                                                                                                                                        • Opcode Fuzzy Hash: 3af8fd9f7d51220aeed23c15e433c385d6fd93fca11729b0aa4ce2f09f04b728
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A21D476500109ABCB04FB74D8A2CEEB7E8AF00314B4445A9F916A72D1DF38AA49CBD1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKLM,00000000,?,?,00000000,?,00000000,80070003,?,IsEnrolledToDomain,?), ref: 00B68A00
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE), ref: 00B68A0C
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKCU), ref: 00B68A18
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_CURRENT_USER), ref: 00B68A28
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKU), ref: 00B68A34
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_USERS), ref: 00B68A40
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKCR), ref: 00B68A4C
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_CLASSES_ROOT), ref: 00B68A58
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKLM[64]), ref: 00B68A64
                                                                                                                                                                          • Part of subcall function 00B6895D: lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE[64]), ref: 00B68A70
                                                                                                                                                                          • Part of subcall function 00B68125: RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000,80070003,00000000,00B63E8C,?,00B68220,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?), ref: 00B6815E
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,HKLM\Software\Policies\BraveSoftware\Update\,?,00000001), ref: 00B68697
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,HKLM\Software\Policies\BraveSoftware\Update\,?,00000001), ref: 00B686BA
                                                                                                                                                                        Strings
                                                                                                                                                                        • HKLM\Software\Policies\BraveSoftware\Update\, xrefs: 00B68652
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$Close$Open
                                                                                                                                                                        • String ID: HKLM\Software\Policies\BraveSoftware\Update\
                                                                                                                                                                        • API String ID: 1041768801-3675634299
                                                                                                                                                                        • Opcode ID: ded36003157ac02e3469cbe61b4d709fee99ab8fa9ee8fa66c1b6795c06327df
                                                                                                                                                                        • Instruction ID: 293820829755e2b6beb676cc27bb980930e533cb00297975c740d0de7ff3e562
                                                                                                                                                                        • Opcode Fuzzy Hash: ded36003157ac02e3469cbe61b4d709fee99ab8fa9ee8fa66c1b6795c06327df
                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01B570910209AAEF14EFA9C8956FEBBF8FF11304F0005AD902167191CFB88A04CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B681D1: RegCloseKey.KERNELBASE(00000000,IsEnrolledToDomain,00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?,00000000), ref: 00B68302
                                                                                                                                                                          • Part of subcall function 00B681D1: RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?,00000000), ref: 00B6833A
                                                                                                                                                                          • Part of subcall function 00B65885: GetSystemTimeAsFileTime.KERNEL32(?,00000001,00000001,?,00B65E92,00000000,?,?,00000000,00B71FC3,?,00000001,00000000), ref: 00B658A5
                                                                                                                                                                        • __aulldiv.LIBCMT ref: 00B7488F
                                                                                                                                                                        Strings
                                                                                                                                                                        • HKLM\Software\BraveSoftware\Update\, xrefs: 00B74870
                                                                                                                                                                        • OemInstallTime, xrefs: 00B7486B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseTime$FileSystem__aulldiv
                                                                                                                                                                        • String ID: HKLM\Software\BraveSoftware\Update\$OemInstallTime
                                                                                                                                                                        • API String ID: 3399056632-168765645
                                                                                                                                                                        • Opcode ID: d649db04423d86b11e03ced2b77c411ea6452809c8aac772da6d48e9bb7a2d7a
                                                                                                                                                                        • Instruction ID: 1c4e69cb203b0923bf732c699a22837da02f0ce17b96257cd65c66f427b19559
                                                                                                                                                                        • Opcode Fuzzy Hash: d649db04423d86b11e03ced2b77c411ea6452809c8aac772da6d48e9bb7a2d7a
                                                                                                                                                                        • Instruction Fuzzy Hash: B7F0EC92B1030477EE00A7A49C03F9B37DCC74079DF2046E1F601E7181E6B4E9044225
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00B799E2,?,00B7934B,?,?,5B862952,00B7934B,?), ref: 00B799F9
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00B799E2,?,00B7934B,?,?,5B862952,00B7934B,?), ref: 00B79A00
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00B79A12
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 767e926b105376000df7cad985b83fef4504c629883ef1d5da6e0e0af06bd4e8
                                                                                                                                                                        • Instruction ID: cca06915a0a7571f2a3caab97b587553d0fc3d621ab8b9d7c4e54b5bf882eb97
                                                                                                                                                                        • Opcode Fuzzy Hash: 767e926b105376000df7cad985b83fef4504c629883ef1d5da6e0e0af06bd4e8
                                                                                                                                                                        • Instruction Fuzzy Hash: 6CD09271401208BBCF117FA5EC0E8693F6AEF40785B058460F9296A171DF71D952DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 00B71142
                                                                                                                                                                          • Part of subcall function 00B719BF: PathAppendW.SHLWAPI(?,00000000,00000000,00000000,0000001C,?,00B721EC,BraveSoftware\Update,00000000,00000000,00000000,00000068,00000000,00000068,00BA1F68,00961790), ref: 00B71A0E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AppendDirectoryPathRemove
                                                                                                                                                                        • String ID: BraveSoftware\CrashReports
                                                                                                                                                                        • API String ID: 3196498805-4112335201
                                                                                                                                                                        • Opcode ID: 2f66821199570051386f46d0943624521ae6c954e4068ae722f087c66c22041a
                                                                                                                                                                        • Instruction ID: c904701524655e42d5104acccfa4d5a3701f23df162324abeb4020f799ae4fc8
                                                                                                                                                                        • Opcode Fuzzy Hash: 2f66821199570051386f46d0943624521ae6c954e4068ae722f087c66c22041a
                                                                                                                                                                        • Instruction Fuzzy Hash: AC411B31A001099BDF14EBACD8529FDB3F4FF50304F6888A9E525BB191EB746E45CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B65AD1: lstrcmpiW.KERNELBASE(00000000,00000000,?,00000001,00000000), ref: 00B65B24
                                                                                                                                                                          • Part of subcall function 00B69366: wvsprintfW.USER32(00BA2830,00000000,00000001), ref: 00B693F8
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000,00B9E0B8,00000010,00B66277,00000000,00000000,?,?,?,?,00B663D0,?,?,00000000,?), ref: 00B6618B
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down , xrefs: 00B6617E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputStringlstrcmpiwvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down
                                                                                                                                                                        • API String ID: 2972341841-1171486310
                                                                                                                                                                        • Opcode ID: 9480fa4a2bc6815ee08510f3e7dacaeff00b55e2269687f973f2feec7370fe56
                                                                                                                                                                        • Instruction ID: 6a2d14a64c7c3b9437b12235c748ee6daf4fdbc52b7e729ba14d83dae3c5fe1f
                                                                                                                                                                        • Opcode Fuzzy Hash: 9480fa4a2bc6815ee08510f3e7dacaeff00b55e2269687f973f2feec7370fe56
                                                                                                                                                                        • Instruction Fuzzy Hash: 5611E570908B909EEF31DB7485053AD7BE0AB52324F2006DDD0A2162E2C7BD5545C715
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B65AD1: lstrcmpiW.KERNELBASE(00000000,00000000,?,00000001,00000000), ref: 00B65B24
                                                                                                                                                                          • Part of subcall function 00B69366: wvsprintfW.USER32(00BA2830,00000000,00000001), ref: 00B693F8
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000,?,?,?,?,00B663D0,?,?,00000000,?,?,00B71FC3,?,00000001,00000000,?), ref: 00B66244
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down , xrefs: 00B66237
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputStringlstrcmpiwvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down
                                                                                                                                                                        • API String ID: 2972341841-1171486310
                                                                                                                                                                        • Opcode ID: 8897bdf24ae264fcc9c7fefbc10c1ab0bf975c0269557abac416c89a0e3c847d
                                                                                                                                                                        • Instruction ID: 0599209f58cc8a05a593a1aefd133e11453b81ab12af55a48f465e0e0520cea3
                                                                                                                                                                        • Opcode Fuzzy Hash: 8897bdf24ae264fcc9c7fefbc10c1ab0bf975c0269557abac416c89a0e3c847d
                                                                                                                                                                        • Instruction Fuzzy Hash: 07F0C8B1904240AFDB14EBA4CC969E9B7ECEF12314F1006DDE00257261DFB9EE48D751
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NetGetJoinInformation.NETAPI32(00000000,?,00B63EA0,?,?,?,00B63EA0,?,00000000,00000000,?,00000000,00000000), ref: 00B63D14
                                                                                                                                                                        • NetApiBufferFree.NETAPI32(?,?,?,?,00B63EA0,?,00000000,00000000,?,00000000,00000000), ref: 00B63D26
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BufferFreeInformationJoin
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3807213042-0
                                                                                                                                                                        • Opcode ID: 972b2aba47c49540f41db907c9d3cd730e0ad24d34e250fc73c201ee471f71b9
                                                                                                                                                                        • Instruction ID: d112c967defe559988f406f4a7958528264ece82fb303c2037017f8704639bbd
                                                                                                                                                                        • Opcode Fuzzy Hash: 972b2aba47c49540f41db907c9d3cd730e0ad24d34e250fc73c201ee471f71b9
                                                                                                                                                                        • Instruction Fuzzy Hash: ACF05E31521205EBDB098B64EC46AA9B7E4EB06B65F5087ACE132931E0DB70DE41DB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B67DF8: GetModuleHandleW.KERNEL32(kernel32.dll,?,00B67E59,?,00000000,?,00B736B8,00000000,?,?,?,?,00B73E61,00000000,?,?), ref: 00B67E1D
                                                                                                                                                                          • Part of subcall function 00B67DF8: GetProcAddress.KERNEL32(00000000,CreateMutexExW), ref: 00B67E2F
                                                                                                                                                                          • Part of subcall function 00B67DF8: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00B67E40
                                                                                                                                                                        • CreateMutexExW.KERNELBASE(?,?,00000000,00100001,?,00000000,?,00B736B8,00000000,?,?,?,?,00B73E61,00000000), ref: 00B67E6B
                                                                                                                                                                        • CreateMutexW.KERNEL32(?,00000000,?,?,00000000,?,00B736B8,00000000,?,?,?,?,00B73E61,00000000,?,?), ref: 00B67E73
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCreateMutexProc$HandleModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 56544078-0
                                                                                                                                                                        • Opcode ID: c38c2f93b4426142184019408d1c047bd9717549a4d4504324b7924864609df3
                                                                                                                                                                        • Instruction ID: 272c7aae6d8b6f76d10ad2c30d1471e2a902e996d3e00e052c45d5b1f7cb8af6
                                                                                                                                                                        • Opcode Fuzzy Hash: c38c2f93b4426142184019408d1c047bd9717549a4d4504324b7924864609df3
                                                                                                                                                                        • Instruction Fuzzy Hash: 48D05E7138522176D634572B9C4AF9B669CCFC6BA1F2404A9B115E21A0DF999C0182B5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?,00000000,00B63CA7,00000000), ref: 00B62FEE
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00B63CA7,00000000), ref: 00B63001
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseFindNotificationProfileUnloadUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 122385185-0
                                                                                                                                                                        • Opcode ID: cf5984ca1d945e6897936269767850a61dbe274adad8c430ba31dda8be355d4b
                                                                                                                                                                        • Instruction ID: b443382192642d84c2b078c2f676dad2ff1fe42b9977fd8582f3858e266b1a71
                                                                                                                                                                        • Opcode Fuzzy Hash: cf5984ca1d945e6897936269767850a61dbe274adad8c430ba31dda8be355d4b
                                                                                                                                                                        • Instruction Fuzzy Hash: D6F04532015B119FE7365B15E91A752B7F1EB00726F14C85DE1AA158F0CBB9A894DB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B61D39: GetSidLengthRequired.ADVAPI32(00000000,00000000,00000000,00B99D68,?,?,?,?,?,?,?,00B63C70,?,00B99B0C,00000001,00000012), ref: 00B61D8F
                                                                                                                                                                          • Part of subcall function 00B61D39: InitializeSid.ADVAPI32(?,?,00000000,?,?,?,?,?,?,?,00B63C70,?,00B99B0C,00000001,00000012,?), ref: 00B61DA2
                                                                                                                                                                          • Part of subcall function 00B61D39: GetSidSubAuthority.ADVAPI32(?,00000000,?,?,?,?,?,?,?,00B63C70,?,00B99B0C,00000001,00000012,?), ref: 00B61DC3
                                                                                                                                                                        • SetNamedSecurityInfoW.ADVAPI32(?,00000001,80000004,00000000,00000000,00000000,00000000,?,10000000,00000003,?,00000000,00000010,00000000), ref: 00B71020
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AuthorityInfoInitializeLengthNamedRequiredSecurity
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1879106642-0
                                                                                                                                                                        • Opcode ID: 840a99516466d6cb2acfa4d8727f677a36d486f5cc2021b3a32c56b7361ed5c3
                                                                                                                                                                        • Instruction ID: fc055405db86ceb4a4461961625e6df297790d6326eca42767ce4af8f5b1d5ae
                                                                                                                                                                        • Opcode Fuzzy Hash: 840a99516466d6cb2acfa4d8727f677a36d486f5cc2021b3a32c56b7361ed5c3
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E41EB31900218AAEB34EBA8CC8AFE9B7E8DF05714F0444D5F9197B2C2DB795E84CA50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,00000000,00000000,00000000,0000001C,?,00B721EC,BraveSoftware\Update,00000000,00000000,00000000,00000068,00000000,00000068,00BA1F68,00961790), ref: 00B71A0E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AppendPath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3286331749-0
                                                                                                                                                                        • Opcode ID: d160f21f65987e679772eb8c7ec2819d7f935f32d5fa5b52acc6dfa2e6be92e2
                                                                                                                                                                        • Instruction ID: fa60769c40e295e1c6b8b83a28b49c86a0695609bb9720c02de8a5c73eddaeb8
                                                                                                                                                                        • Opcode Fuzzy Hash: d160f21f65987e679772eb8c7ec2819d7f935f32d5fa5b52acc6dfa2e6be92e2
                                                                                                                                                                        • Instruction Fuzzy Hash: 78112636E01010ABCB05EBACC9449ADB3F5DF85320B2586D8E93977291DE349F00C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00B63C14
                                                                                                                                                                          • Part of subcall function 00B62F9C: GetCurrentProcess.KERNEL32(00000000,?,00B63C28,00000008,00000000), ref: 00B62FA9
                                                                                                                                                                          • Part of subcall function 00B62F9C: OpenProcessToken.ADVAPI32(?,?,?,00000000,?,00B63C28,00000008,00000000), ref: 00B62FB7
                                                                                                                                                                          • Part of subcall function 00B69179: GetLastError.KERNEL32(00000000,00B63C57,?,?,?,00000008,00000000), ref: 00B6917A
                                                                                                                                                                          • Part of subcall function 00B69179: RaiseException.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000008,00000000), ref: 00B691AC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$Current$ErrorExceptionLastOpenRaiseToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2658821620-0
                                                                                                                                                                        • Opcode ID: 0a17de0dbe1ef32e07118d7518c1edacbc36e2429c6dbfcaa7dfd15c47af67e3
                                                                                                                                                                        • Instruction ID: 4d6e6fa210e6fb9b8b4c1dfff26b962122105e983839d6282ea2a3df5529ce77
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a17de0dbe1ef32e07118d7518c1edacbc36e2429c6dbfcaa7dfd15c47af67e3
                                                                                                                                                                        • Instruction Fuzzy Hash: 27214F7190021DAADB14EBA4DC92BDDB7F8EF14700F4045EAE50AB7192DF745E89CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f6153dbd6d811e217403a0d628e454a1a0c6966f992e45444ea0c4f25722e9e0
                                                                                                                                                                        • Instruction ID: f842c063a386f58d23646c627e4d6fe9efa1778673161b920cebef16c6acab99
                                                                                                                                                                        • Opcode Fuzzy Hash: f6153dbd6d811e217403a0d628e454a1a0c6966f992e45444ea0c4f25722e9e0
                                                                                                                                                                        • Instruction Fuzzy Hash: 96012833724115AFAB26BFADEC8195A33D6EBC53A07258570FD15CB1A4DE30E805CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegEnumKeyExW.KERNELBASE(00B6802D,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B68C3F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Enum
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2928410991-0
                                                                                                                                                                        • Opcode ID: e04c33ddf57867f4cca85717bfd4898e770a9973a4e473e76e11203c66500ac1
                                                                                                                                                                        • Instruction ID: 128bd5d782232e2072c01c5ed946bf134a5c5fce12e1ba2d8caada49482257a1
                                                                                                                                                                        • Opcode Fuzzy Hash: e04c33ddf57867f4cca85717bfd4898e770a9973a4e473e76e11203c66500ac1
                                                                                                                                                                        • Instruction Fuzzy Hash: 950144B6900118ABDB21EB54CD49DBBB7FCEB04310F5042A6B955E7151DE35DE448BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000,80070003,00000000,00B63E8C,?,00B68220,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\,?,?), ref: 00B6815E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                        • Opcode ID: 060a659ed84789c4320c83f0a9fdb86a23a8f75281f7bc88ec014678dc3b801f
                                                                                                                                                                        • Instruction ID: 5aeccd62675deb88c89dc6d8223c66e83ed0a361ac80e3dfc76eb9935e508199
                                                                                                                                                                        • Opcode Fuzzy Hash: 060a659ed84789c4320c83f0a9fdb86a23a8f75281f7bc88ec014678dc3b801f
                                                                                                                                                                        • Instruction Fuzzy Hash: 57F0C272A00114ABDB148F18DC00BB9B7E8EB49360F118269FD59E7290DB74ED10C794
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,?,00B7F8F8,00000001,00000364,?,00000006,000000FF,?,00B796AF,00000000,00B7A3DB,00B985D0), ref: 00B7FBF3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 7d652a26c3f00d6d7b6bc93e2aac0e0a31316603af51edcf50bd4b4a4fab269c
                                                                                                                                                                        • Instruction ID: 56d5ad46db8c541f46c98b2957fd46fab84a1b723812d2c2c5b29fcdc15dc81f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7d652a26c3f00d6d7b6bc93e2aac0e0a31316603af51edcf50bd4b4a4fab269c
                                                                                                                                                                        • Instruction Fuzzy Hash: 01F0B431505126AA9B215A2ACC21E7B37CDEB41760B24C1F2A83DD6290CE20E80182A4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SHQueryValueExW.SHLWAPI(00B6802D,00000000,00000000,00000000,?,00000000,00B99D8C,00B99D8C,?,00B682CF,IsEnrolledToDomain,00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\), ref: 00B683E9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                        • Opcode ID: e683c3007d0ffcc2b7572b112ea6f9f12f7ad9c96944327a1d6af41091d357ff
                                                                                                                                                                        • Instruction ID: 4d7ed522ed9f782487db62c0f6e8be8869c964d6c57cce6b36af6986cad3b999
                                                                                                                                                                        • Opcode Fuzzy Hash: e683c3007d0ffcc2b7572b112ea6f9f12f7ad9c96944327a1d6af41091d357ff
                                                                                                                                                                        • Instruction Fuzzy Hash: E7E04FB0010208BBEB00CF40CC46FEE7BBCEB00718F108054B544D5160D779DA04DBB8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegDeleteValueW.KERNELBASE(00B6802D,000F003F,?,00B73EC0,uid,HKLM\Software\BraveSoftware\Update\,000F003F,?,?), ref: 00B68006
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1108222502-0
                                                                                                                                                                        • Opcode ID: c313a086010ee2e1b6c76c6b24dfc643e110da72f6f2a2e553d2a6f7030962f5
                                                                                                                                                                        • Instruction ID: 84f0a007ceebcab5b79e5ae4f8255f81c9472836ccde306753e5665f9b51f290
                                                                                                                                                                        • Opcode Fuzzy Hash: c313a086010ee2e1b6c76c6b24dfc643e110da72f6f2a2e553d2a6f7030962f5
                                                                                                                                                                        • Instruction Fuzzy Hash: C4D0A731490005A6CB1219719C0273539C8E701220F20CE69E14DCD131CD6FC46493E5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(00B6802D,000F003F), ref: 00B67FD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Delete
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1035893169-0
                                                                                                                                                                        • Opcode ID: 86efdaa2c521c97ef2b8801b438a7e9220534d838c27ff42b7568868136f5c2e
                                                                                                                                                                        • Instruction ID: 663a7594061b23e27e77f7084d8c5a4f80621689427c39f2305abc4b2f42fde1
                                                                                                                                                                        • Opcode Fuzzy Hash: 86efdaa2c521c97ef2b8801b438a7e9220534d838c27ff42b7568868136f5c2e
                                                                                                                                                                        • Instruction Fuzzy Hash: 35D0A7310D8046AACB1159759C02F3A39C8D701224F20C469F00DC9131DD1FC86093E5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B68FFC: PathRemoveExtensionW.SHLWAPI(00000000,?,00000000,?,?,00000000,?,00B65AEE,?,00000001,00000000), ref: 00B6901D
                                                                                                                                                                          • Part of subcall function 00B64B55: VirtualQuery.KERNEL32(00B64B7D,00000000,0000001C,00000000,00000000,00000068,00000000,00000068,00BA1F68,00961790,?,00000024), ref: 00B64B71
                                                                                                                                                                        • lstrcmpiW.KERNELBASE(00000000,00000000,?,00000001,00000000), ref: 00B65B24
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExtensionPathQueryRemoveVirtuallstrcmpi
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1218796822-0
                                                                                                                                                                        • Opcode ID: 67a670f4217ae8389a9f77c1fe91af88aae981e800885f5da7fac1b88fd17313
                                                                                                                                                                        • Instruction ID: ca9d990336d33aa29ed250864a89c2f672f791bb6ea294bc4ca237bfc419bd6e
                                                                                                                                                                        • Opcode Fuzzy Hash: 67a670f4217ae8389a9f77c1fe91af88aae981e800885f5da7fac1b88fd17313
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D115131A00009ABCF08FFA8C8659EDB7F9EF50308F1844EDA012672A1DF349E05DB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowStationW.USER32(00000000,00000000,0000037F,00000000), ref: 00B6B9CD
                                                                                                                                                                        • GetProcessWindowStation.USER32(?,?,?,?,?,?,00B6B916), ref: 00B6B9E4
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B6B9EC
                                                                                                                                                                        • GetThreadDesktop.USER32(00000000,?,?,?,?,?,?,00B6B916), ref: 00B6B9F3
                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,00B6B916), ref: 00B6BA01
                                                                                                                                                                        • CreateDesktopW.USER32(BraveCrashHandlerWorkerDesktop,00000000,00000000,00000000,10000000,00000000), ref: 00B6BA19
                                                                                                                                                                        • SetThreadDesktop.USER32(00000000,?,?,?,?,?,?,00B6B916), ref: 00B6BA27
                                                                                                                                                                        • CloseDesktop.USER32(?,?,?,?,?,?,?,00B6B916), ref: 00B6BA4A
                                                                                                                                                                        • CloseDesktop.USER32(00B6B916,?,?,?,?,?,?,00B6B916), ref: 00B6BA5F
                                                                                                                                                                        • CloseWindowStation.USER32(00000000,?,?,?,?,?,?,00B6B916), ref: 00B6BA6A
                                                                                                                                                                        • CloseWindowStation.USER32(00000000,?,?,?,?,?,?,00B6B916), ref: 00B6BA71
                                                                                                                                                                        Strings
                                                                                                                                                                        • BraveCrashHandlerWorkerDesktop, xrefs: 00B6BA14
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DesktopStationWindow$Close$Thread$CreateProcess$Current
                                                                                                                                                                        • String ID: BraveCrashHandlerWorkerDesktop
                                                                                                                                                                        • API String ID: 1718853756-1419757557
                                                                                                                                                                        • Opcode ID: 311bc5ea36a196e754d8a6b45284a986401539abfeabcbbb9edd33ceb9a295ba
                                                                                                                                                                        • Instruction ID: 63291af2b9b463a06f15641af10b4c0cf0efd68583021d2540f6aa32ac30f0b0
                                                                                                                                                                        • Opcode Fuzzy Hash: 311bc5ea36a196e754d8a6b45284a986401539abfeabcbbb9edd33ceb9a295ba
                                                                                                                                                                        • Instruction Fuzzy Hash: 0F11ECB6604215BBAB129BA49D8CE7A3AFCEB45745B140168F915E3220EF38CD40CB65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards,00020019,HKLM\Software\BraveSoftware\Update\), ref: 00B73676
                                                                                                                                                                          • Part of subcall function 00B68BDE: RegQueryInfoKeyW.ADVAPI32(00B6802D,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00B99D8C,?,00B729AB,HKLM\Software\BraveSoftware\Update\ClientState\), ref: 00B68BF8
                                                                                                                                                                          • Part of subcall function 00B68C03: RegEnumKeyExW.KERNELBASE(00B6802D,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B68C3F
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,ServiceName,?,00000000,?,00020019,00000000,?,00000000,HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards,00020019,HKLM\Software\BraveSoftware\Update\), ref: 00B734B6
                                                                                                                                                                        Strings
                                                                                                                                                                        • HKLM\Software\BraveSoftware\Update\, xrefs: 00B733CB
                                                                                                                                                                        • HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 00B733DD
                                                                                                                                                                        • \\.\%s, xrefs: 00B73505
                                                                                                                                                                        • ServiceName, xrefs: 00B734D5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$EnumInfoQuery
                                                                                                                                                                        • String ID: HKLM\Software\BraveSoftware\Update\$HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName$\\.\%s
                                                                                                                                                                        • API String ID: 1723547527-2312996507
                                                                                                                                                                        • Opcode ID: be2538d9a34582e6f92cc29b7b8c1d12755844beab618d4c792485126af5bcdd
                                                                                                                                                                        • Instruction ID: 3564243d7659276cfb306b74c1c7ab185086c2b781066e0dfdd1e3a7c0e5b8d4
                                                                                                                                                                        • Opcode Fuzzy Hash: be2538d9a34582e6f92cc29b7b8c1d12755844beab618d4c792485126af5bcdd
                                                                                                                                                                        • Instruction Fuzzy Hash: C4718971901229AACF24EB64DC9ABEDB7F4EF14704F1081E9E51DA6291DB349F85CF80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • DebugActiveProcess.KERNEL32(?,00000000,?), ref: 00B6C2FA
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00B6C315
                                                                                                                                                                        • WaitForDebugEvent.KERNEL32(?,00000000), ref: 00B6C327
                                                                                                                                                                        • Sleep.KERNEL32(00000032), ref: 00B6C333
                                                                                                                                                                          • Part of subcall function 00B63AD2: GetTickCount.KERNEL32 ref: 00B63AD5
                                                                                                                                                                        • DebugActiveProcessStop.KERNEL32(?), ref: 00B6C34F
                                                                                                                                                                        • GetThreadContext.KERNEL32(?,?), ref: 00B6C3AC
                                                                                                                                                                        • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 00B6C435
                                                                                                                                                                        • ContinueDebugEvent.KERNEL32(?,?,00010002), ref: 00B6C4A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Debug$ActiveCountEventProcessTick$ContextContinueQuerySleepStopThreadVirtualWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2528955646-0
                                                                                                                                                                        • Opcode ID: 88f420caa91d6b90763f229da4dfd6cead0994f85034f0c632a12204c9fc1926
                                                                                                                                                                        • Instruction ID: ae02323ff5c6697b8360d6eb59f40b3bba8d4b836cc78d47f6db89e0a42141c9
                                                                                                                                                                        • Opcode Fuzzy Hash: 88f420caa91d6b90763f229da4dfd6cead0994f85034f0c632a12204c9fc1926
                                                                                                                                                                        • Instruction Fuzzy Hash: 6A514871A006189BDF22DF64CC45BAEBBB9EB44710F0441E9E919BB250DB71AF84CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00B6951C), ref: 00B69B6D
                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00B69B77
                                                                                                                                                                        • EmptyClipboard.USER32 ref: 00B69B82
                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000000,?,?,00B6951C), ref: 00B69B95
                                                                                                                                                                        • GlobalLock.KERNEL32(00000000,?,?,00B6951C), ref: 00B69B9E
                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00B6951C), ref: 00B69BB4
                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00B69BBD
                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00B69BC8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Global$Clipboard$AllocDataEmptyFreeLockOpenUnlocklstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3280322382-0
                                                                                                                                                                        • Opcode ID: d2e4011388b94c6cfa63e563ffbb0e295e0ca86e669c66bff1f14e97828c173f
                                                                                                                                                                        • Instruction ID: 870dbaed0a8f9c61ac937b47591bc748b1828fdc70bed4d8b71ccbd17f4d58f4
                                                                                                                                                                        • Opcode Fuzzy Hash: d2e4011388b94c6cfa63e563ffbb0e295e0ca86e669c66bff1f14e97828c173f
                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF0F971201615EFEA112BA1BC8DFAA3AACEB86756F040069F525D3170DF78CD05CB75
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexW.KERNEL32(00000000,00000001,00000000,?,?,00000000,00B6A52E,00000000,?), ref: 00B6EC68
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00B6EC79
                                                                                                                                                                        • RegisterWaitForSingleObject.KERNEL32(?,00000000,00B6F406,?,000000FF,00000004), ref: 00B6EC98
                                                                                                                                                                        • CreateNamedPipeW.KERNEL32(?,40080003,00000006,00000001,00000040,00000040,00000000,?), ref: 00B6ECBE
                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00B6ECD2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$Event$MutexNamedObjectPipeRegisterSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 503818757-0
                                                                                                                                                                        • Opcode ID: e1d81773c1c2d77a60aef525860eb6454563157cbcf043e3ae01f3c6f9219ef0
                                                                                                                                                                        • Instruction ID: 67c945f50a9ea5d49f7d2df30dce0575c4a6444ac1365769799f9bbebf97d5b6
                                                                                                                                                                        • Opcode Fuzzy Hash: e1d81773c1c2d77a60aef525860eb6454563157cbcf043e3ae01f3c6f9219ef0
                                                                                                                                                                        • Instruction Fuzzy Hash: 8F1136B5500702ABE7314F369D89F677AECFB82764F104969B2A6D31A0DA74E811DB20
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3213747228-0
                                                                                                                                                                        • Opcode ID: 67d95a39b1e2e28deefc7d1396a5abf30c47f38df740a43e98b5eb39c1e75b28
                                                                                                                                                                        • Instruction ID: 4566ca1eca17d91105ef62789482a96874d1929dab08e440b7467e0d03380f45
                                                                                                                                                                        • Opcode Fuzzy Hash: 67d95a39b1e2e28deefc7d1396a5abf30c47f38df740a43e98b5eb39c1e75b28
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BB16B32A042559FDB11EF68C8817FEBBE5EF55F10F1881EAE805AB351D6399E01C760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00B8BB90
                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00B8BBA4
                                                                                                                                                                        • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,0000001C), ref: 00B8BBF4
                                                                                                                                                                        • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00B8BC09
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3562403962-0
                                                                                                                                                                        • Opcode ID: 23c9f5bcd07c01ed07393b9079b9a7c4cbb3932a0945cdc1e4be9c77a8d6b282
                                                                                                                                                                        • Instruction ID: 72a1f552528dd809867027ab58b1f85d3b4002a58c4649d5a9657662f135c911
                                                                                                                                                                        • Opcode Fuzzy Hash: 23c9f5bcd07c01ed07393b9079b9a7c4cbb3932a0945cdc1e4be9c77a8d6b282
                                                                                                                                                                        • Instruction Fuzzy Hash: BA215E72A00228ABDB20EFB5CC89EEEBBF8EF44754F054465A915E7151EB34D944CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B7694B
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00B76A17
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B76A37
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00B76A41
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                        • Opcode ID: 6ed41f43d165286bfa72b887d75a3583b68267447a5fb67120b5ddfc772508a4
                                                                                                                                                                        • Instruction ID: 9ea0b9797973a12650a3351930bd99dacb45a5e3c257ad9993fc805964cd5ec8
                                                                                                                                                                        • Opcode Fuzzy Hash: 6ed41f43d165286bfa72b887d75a3583b68267447a5fb67120b5ddfc772508a4
                                                                                                                                                                        • Instruction Fuzzy Hash: C7311A75D012189BDB10DF64D98ABCCBBF8EF08300F1081EAE41CAB250EB719A85CF05
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00B73E44,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00B73E44), ref: 00B68ECC
                                                                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?,?,?,?,00B73E44), ref: 00B68EE1
                                                                                                                                                                        • FreeSid.ADVAPI32(?,?,?,?,00B73E44), ref: 00B68EF1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3429775523-0
                                                                                                                                                                        • Opcode ID: 9de8e9c6b36a47f9c370902def5b500ab7bb5548ac3afa2299914b054400969e
                                                                                                                                                                        • Instruction ID: fbfb1d717578cc8ff28c678cd274676da3b95d1da82bc2e5b95823b03a502850
                                                                                                                                                                        • Opcode Fuzzy Hash: 9de8e9c6b36a47f9c370902def5b500ab7bb5548ac3afa2299914b054400969e
                                                                                                                                                                        • Instruction Fuzzy Hash: 2301EC70A0020DAFDB00DFA4DD8AABEB7B9FB08704F514869A511E3291DB74DA04CB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00B6771C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Version
                                                                                                                                                                        • String ID: x64
                                                                                                                                                                        • API String ID: 1889659487-218858810
                                                                                                                                                                        • Opcode ID: 8003a3cf1e52dd749c0931f0ca4a0702ce55dffea5962feb9f979d84f6990aaf
                                                                                                                                                                        • Instruction ID: 1d613f30954b092c8f0cd5b726fba49ae19cc1ff106759b4061ff9886ca86411
                                                                                                                                                                        • Opcode Fuzzy Hash: 8003a3cf1e52dd749c0931f0ca4a0702ce55dffea5962feb9f979d84f6990aaf
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D41B0719DC10A8AEB399E39C99DABD77E4EB0A30CF2405E9D505D3160EE3CDE84CA50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,00000000,00B636CD,00B636CD,?,00000220,?,00B636CD), ref: 00B62B57
                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,00B636CD,?,00000220,?,00B636CD), ref: 00B62BCC
                                                                                                                                                                          • Part of subcall function 00B62C07: GetSecurityDescriptorControl.ADVAPI32(00000000,?,?,00000000,00000000), ref: 00B62C2B
                                                                                                                                                                          • Part of subcall function 00B62C07: MakeAbsoluteSD.ADVAPI32(00000000,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?), ref: 00B62C71
                                                                                                                                                                          • Part of subcall function 00B62C07: GetLastError.KERNEL32 ref: 00B62C77
                                                                                                                                                                          • Part of subcall function 00B62E64: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00B99B0C,00000000,00B629E8,00B99B0C,00000000,00000000,00000000,?,00B636CD,?,00000220,?,10000000,00000000), ref: 00B62E7A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$Dacl$AbsoluteControlErrorInitializeLastMake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1496159268-0
                                                                                                                                                                        • Opcode ID: 3b1951dab93abe3d0a5b64fe26e39ac691f56341d1c6e12f20dcb1dca6a3c256
                                                                                                                                                                        • Instruction ID: dc89abcb7dd1f06e91e0f1c3ff250e2f7b774f0ef4cf06d4217c711a035bac71
                                                                                                                                                                        • Opcode Fuzzy Hash: 3b1951dab93abe3d0a5b64fe26e39ac691f56341d1c6e12f20dcb1dca6a3c256
                                                                                                                                                                        • Instruction Fuzzy Hash: F421B032600600AAFB15AF75C946B6E7BE8EF90350F2884E9F4569B281EE78D940D760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 00B6C161
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                        • Opcode ID: 480376eb0486707cb9a77871d15a43d6048fd40adcfc1ed75fce6aae1923d85f
                                                                                                                                                                        • Instruction ID: 16073817fd7cdf96c16da22efd5dd66524c896923aea7a3401cca3badd7d650a
                                                                                                                                                                        • Opcode Fuzzy Hash: 480376eb0486707cb9a77871d15a43d6048fd40adcfc1ed75fce6aae1923d85f
                                                                                                                                                                        • Instruction Fuzzy Hash: F611C072E00218AFDF20DFA4C890AEEBBB9FF45314F00486AE55277141D774BA08C7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKLM,00000000,?,?,00000000,?,00000000,80070003,?,IsEnrolledToDomain,?), ref: 00B68A00
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE), ref: 00B68A0C
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKCU), ref: 00B68A18
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKEY_CURRENT_USER), ref: 00B68A28
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKU), ref: 00B68A34
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKEY_USERS), ref: 00B68A40
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKCR), ref: 00B68A4C
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKEY_CLASSES_ROOT), ref: 00B68A58
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKLM[64]), ref: 00B68A64
                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000000,HKEY_LOCAL_MACHINE[64]), ref: 00B68A70
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                                        • String ID: HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_LOCAL_MACHINE[64]$HKEY_USERS$HKLM$HKLM[64]$HKU$IsEnrolledToDomain
                                                                                                                                                                        • API String ID: 1586166983-4218959534
                                                                                                                                                                        • Opcode ID: ad28d0e19f96cbe73f79cca0dcab6e99b391152da3dc68e78d01f1f06f50fdd3
                                                                                                                                                                        • Instruction ID: 6cd1f3eb5f8f31f2e824032112a1acb8b0777b7a05ce922f02ead78280e30193
                                                                                                                                                                        • Opcode Fuzzy Hash: ad28d0e19f96cbe73f79cca0dcab6e99b391152da3dc68e78d01f1f06f50fdd3
                                                                                                                                                                        • Instruction Fuzzy Hash: F731D27570021667DF10FAA8CC51DBE62ECEF40744F1842EAF901A71D1DF2C9E02C6A6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,?,00000001,00000080,00000000), ref: 00B6A77A
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,?,00000001,00000080,00000000), ref: 00B6A79F
                                                                                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6A7F3
                                                                                                                                                                        • CloseHandle.KERNEL32(00B974D8,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6A87E
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6A88A
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6A893
                                                                                                                                                                        • DeleteFileW.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6AA65
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6AAC6
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6AACD
                                                                                                                                                                        • CloseHandle.KERNEL32(00B974D8,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?,00000002,00000080,00000000), ref: 00B6AAD8
                                                                                                                                                                        Strings
                                                                                                                                                                        • -full.dmp, xrefs: 00B6A734, 00B6A739, 00B6A741
                                                                                                                                                                        • [CrashHandler][Upload deferred][Crash ID %d], xrefs: 00B6A9B4
                                                                                                                                                                        • [OpenCustomInfoFile failed][0x%08x], xrefs: 00B6A84F
                                                                                                                                                                        • [CrashHandler][Dump handled][%d-bit][is_system %d], xrefs: 00B6AAAA
                                                                                                                                                                        • [CrashHandler minidump generation failed], xrefs: 00B6A8D7
                                                                                                                                                                        • [StartCrashUploader() failed][0x%08x], xrefs: 00B6AA40
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$File$Create$Delete
                                                                                                                                                                        • String ID: -full.dmp$[CrashHandler minidump generation failed]$[CrashHandler][Dump handled][%d-bit][is_system %d]$[CrashHandler][Upload deferred][Crash ID %d]$[OpenCustomInfoFile failed][0x%08x]$[StartCrashUploader() failed][0x%08x]
                                                                                                                                                                        • API String ID: 1329748375-3865667126
                                                                                                                                                                        • Opcode ID: 216ccd41ab5d6331afa6428cb2906eb2543e08236d072a76ef4afffbeb43a4c4
                                                                                                                                                                        • Instruction ID: 125b1ba6162f5942eb162ff80abff33a9b18da180d7c7b6ad5b4c38785167285
                                                                                                                                                                        • Opcode Fuzzy Hash: 216ccd41ab5d6331afa6428cb2906eb2543e08236d072a76ef4afffbeb43a4c4
                                                                                                                                                                        • Instruction Fuzzy Hash: 39C1BF71508301AFDB04DF28D891E6AB7E8FF85304F1449ADF596A7291EB38D904CF62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00B66B44
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,?,?,00000000), ref: 00B66B82
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(00000000,?,?,?,00000000), ref: 00B66BA0
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,?,?,?,00000000), ref: 00B66BBA
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,?,?,?,?,00000000), ref: 00B66BD8
                                                                                                                                                                        • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,?,?,?,00000000), ref: 00B66BFC
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,?,?,00000000), ref: 00B66C3A
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(00000000,?,?,?,00000000), ref: 00B66C58
                                                                                                                                                                          • Part of subcall function 00B62F34: GetSecurityDescriptorLength.ADVAPI32(00B636CD,00000000,00000000,?,?,?,8007000E,00B99B0C,00000000,00B629E8,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62EB6
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,?,?,?,00000000), ref: 00B66C72
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,?,?,?,?,00000000), ref: 00B66C90
                                                                                                                                                                        • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,?,?,?,00000000), ref: 00B66CB4
                                                                                                                                                                        Strings
                                                                                                                                                                        • _BraveSoftware_Update_logging_mutex_, xrefs: 00B66ABB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl$ErrorLastLength
                                                                                                                                                                        • String ID: _BraveSoftware_Update_logging_mutex_
                                                                                                                                                                        • API String ID: 1088860402-2672253955
                                                                                                                                                                        • Opcode ID: 4bc8123477fddcdf9adf271136407dfc12b047dc2adbd715480ef8edc93659d2
                                                                                                                                                                        • Instruction ID: a897cdd4226b4da6eb0f0a2472eb3f9a2bd94b54b775404d222b2f36415fe0bd
                                                                                                                                                                        • Opcode Fuzzy Hash: 4bc8123477fddcdf9adf271136407dfc12b047dc2adbd715480ef8edc93659d2
                                                                                                                                                                        • Instruction Fuzzy Hash: 0761BA7280010DEBDF05EF94DD45EEEB7F9EF08314F2481AAE121B2061DB759A58DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(00BA0D84,00000FA0,?,?,00B7618E), ref: 00B761BC
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00B7618E), ref: 00B761C7
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00B7618E), ref: 00B761D8
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00B761EA
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00B761F8
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00B7618E), ref: 00B7621B
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00BA0D84,00000007,?,?,00B7618E), ref: 00B76237
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00B7618E), ref: 00B76247
                                                                                                                                                                        Strings
                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00B761C2
                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00B761E4
                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00B761F0
                                                                                                                                                                        • kernel32.dll, xrefs: 00B761D3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 2565136772-3242537097
                                                                                                                                                                        • Opcode ID: 1d3db2528eaeb8cbd5d5f3cee6a661af399d7a662ec5bdf68b44383bed6a17d8
                                                                                                                                                                        • Instruction ID: 204d3aca031c25856e2c39aa2192b54e9a5525061cd90ffcf46e3ddc190c20ac
                                                                                                                                                                        • Opcode Fuzzy Hash: 1d3db2528eaeb8cbd5d5f3cee6a661af399d7a662ec5bdf68b44383bed6a17d8
                                                                                                                                                                        • Instruction Fuzzy Hash: B601B571644612AFDB512BB4AC0EA163AE8EB41B41F0544A1FC28D31B0EFB0DC00C761
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00B78624
                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 00B78646
                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 00B78755
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00B78827
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00B788AB
                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 00B788C6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 2123188842-393685449
                                                                                                                                                                        • Opcode ID: 2a3db070b8bd0400054b5452831ecc98d3f7c3aa23a45e3614d02ddd93b42db7
                                                                                                                                                                        • Instruction ID: 2b129691f20a276300c99a4bc857a12236a6ad25b86171c93a034dbc069e86f1
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a3db070b8bd0400054b5452831ecc98d3f7c3aa23a45e3614d02ddd93b42db7
                                                                                                                                                                        • Instruction Fuzzy Hash: FAB19971840209EFCF19DFA4C8899AEBBF5FF54310F5481D9E8296B212DB31DA51CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexW.KERNEL32(00000000,00000000,00000000,?,{08DA086F-9FC4-4B2E-954C-6D7D5ACD5167},00000000,?,00000000), ref: 00B6A130
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B6A141
                                                                                                                                                                          • Part of subcall function 00B71060: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 00B71142
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000400,00000400,00000000), ref: 00B6A207
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000000), ref: 00B6A221
                                                                                                                                                                          • Part of subcall function 00B6DEE8: DeleteCriticalSection.KERNEL32(?,00000000,00B6A238), ref: 00B6DEEC
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B6A2DA
                                                                                                                                                                        Strings
                                                                                                                                                                        • [CrashHandler][Failed to init crash dir][0x%08x], xrefs: 00B6A193
                                                                                                                                                                        • [CrashHandler][Instance is already running][%d-bit][%d], xrefs: 00B6A2C2
                                                                                                                                                                        • [CrashHandler][Failed to start Breakpad][0x%08x], xrefs: 00B6A1D5
                                                                                                                                                                        • {08DA086F-9FC4-4B2E-954C-6D7D5ACD5167}, xrefs: 00B6A0F0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CloseCreateDeleteDirectoryErrorHandleInitializeLastMessageMutexPeekRemove
                                                                                                                                                                        • String ID: [CrashHandler][Failed to init crash dir][0x%08x]$[CrashHandler][Failed to start Breakpad][0x%08x]$[CrashHandler][Instance is already running][%d-bit][%d]${08DA086F-9FC4-4B2E-954C-6D7D5ACD5167}
                                                                                                                                                                        • API String ID: 1622185908-2107458705
                                                                                                                                                                        • Opcode ID: 7c031612159317b9e7050502d3a582781ebe13f713629e5924ff5e40dc201932
                                                                                                                                                                        • Instruction ID: d51f9556fa9c6fc45547df730d27d6013a42c0f8c32860bc6bbde091428e9635
                                                                                                                                                                        • Opcode Fuzzy Hash: 7c031612159317b9e7050502d3a582781ebe13f713629e5924ff5e40dc201932
                                                                                                                                                                        • Instruction Fuzzy Hash: 185106B1E042059BCF08AFA8D856AAEBBF8EF05710F1445EDF511B7291DB389D05CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,old-uid,00000000,00000000,00000000,00000000,HKLM\Software\BraveSoftware\Update\,000F003F), ref: 00B73A3F
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,old-uid,?,?,?,uid,?,?,?), ref: 00B73B1E
                                                                                                                                                                        • ReleaseMutex.KERNEL32(?,old-uid,?,?,?,uid,?,?,?), ref: 00B73B3E
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B73B5A
                                                                                                                                                                          • Part of subcall function 00B6834F: SHQueryValueExW.SHLWAPI(00B6802D,?,00000000,?,00000000,?,00000000,00000000,?,00B682E8,IsEnrolledToDomain,00000000,00000000,00000200,00000000,00000000), ref: 00B6836F
                                                                                                                                                                          • Part of subcall function 00B6834F: SHQueryValueExW.SHLWAPI(00B6802D,?,00000000,?,00000000,00000000,?,00B682E8,IsEnrolledToDomain,00000000,00000000,00000200,00000000,00000000), ref: 00B683A6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$Close$HandleMutexRelease
                                                                                                                                                                        • String ID: ; legacy$HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$old-uid$uid
                                                                                                                                                                        • API String ID: 1263982701-1200880116
                                                                                                                                                                        • Opcode ID: c3fb8f1c2619e4ef3d7deeb8ca0357459b459ba6a713f89797f7edd47aca2832
                                                                                                                                                                        • Instruction ID: 6913ee4737079fed31a96252b5d389fdf18151990589df2dfcf86233afb580bd
                                                                                                                                                                        • Opcode Fuzzy Hash: c3fb8f1c2619e4ef3d7deeb8ca0357459b459ba6a713f89797f7edd47aca2832
                                                                                                                                                                        • Instruction Fuzzy Hash: 29414D72D00119ABCF11EB95CD86CEEBBF8EF55704B1081E9E425B3261DB745B04DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32(00B714B0,?,GOOGLE_UPDATE_NO_CRASH_HANDLER,00B9C098,00000000,00000000,?), ref: 00B71348
                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(?,00000000,?), ref: 00B71369
                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000400,?,00000000,00000044,?), ref: 00B713C1
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B713D4
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B713D9
                                                                                                                                                                        • _Deallocate.LIBCONCRT ref: 00B713F2
                                                                                                                                                                          • Part of subcall function 00B69179: GetLastError.KERNEL32(00000000,00B63C57,?,?,?,00000008,00000000), ref: 00B6917A
                                                                                                                                                                          • Part of subcall function 00B69179: RaiseException.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000008,00000000), ref: 00B691AC
                                                                                                                                                                        Strings
                                                                                                                                                                        • GOOGLE_UPDATE_NO_CRASH_HANDLER, xrefs: 00B71308
                                                                                                                                                                        • D, xrefs: 00B7137C
                                                                                                                                                                        • [StartProcessWithNoExceptionHandler][%s], xrefs: 00B712E5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseEnvironmentHandleStrings$CreateDeallocateErrorExceptionFreeLastProcessRaise
                                                                                                                                                                        • String ID: D$GOOGLE_UPDATE_NO_CRASH_HANDLER$[StartProcessWithNoExceptionHandler][%s]
                                                                                                                                                                        • API String ID: 2853129887-3082069127
                                                                                                                                                                        • Opcode ID: f247bfb60ed709d574a767945e635b54656b2600c959e45a87f713f660b16da9
                                                                                                                                                                        • Instruction ID: 95b7e79efa2938793f2501d9e24d64a06f6868e00271aceab7234b2bf4d3e17f
                                                                                                                                                                        • Opcode Fuzzy Hash: f247bfb60ed709d574a767945e635b54656b2600c959e45a87f713f660b16da9
                                                                                                                                                                        • Instruction Fuzzy Hash: 40414F71910109AFDB14EBA8DC96DEEBBB9FF04314F1045A9F126B31A1DB74AA05CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B6B9BC: CreateWindowStationW.USER32(00000000,00000000,0000037F,00000000), ref: 00B6B9CD
                                                                                                                                                                          • Part of subcall function 00B67381: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,?,?), ref: 00B673E3
                                                                                                                                                                          • Part of subcall function 00B67381: VerSetConditionMask.KERNEL32(00000000,?,?,?,?), ref: 00B673E7
                                                                                                                                                                          • Part of subcall function 00B67381: VerSetConditionMask.KERNEL32(00000000,?,?,?,?,?), ref: 00B673EB
                                                                                                                                                                          • Part of subcall function 00B67381: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00B67411
                                                                                                                                                                        • ConvertStringSidToSidW.ADVAPI32(S-1-16-0,00000000), ref: 00B6B937
                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00B6B9B1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConditionMask$ConvertCreateFreeInfoLocalStationStringVerifyVersionWindow
                                                                                                                                                                        • String ID: $S-1-16-0
                                                                                                                                                                        • API String ID: 4053732374-2667333480
                                                                                                                                                                        • Opcode ID: cdd28cf815f2f7b653d20a817884ef12bf83f2eedf14795c4f107e8d85c41f30
                                                                                                                                                                        • Instruction ID: 52492bc2596769350c3e48d20364087b5c5c8177c222daa23ef9a8be41fb63f1
                                                                                                                                                                        • Opcode Fuzzy Hash: cdd28cf815f2f7b653d20a817884ef12bf83f2eedf14795c4f107e8d85c41f30
                                                                                                                                                                        • Instruction Fuzzy Hash: 56115472910119FFDF049BA4DC4AFEE77B8EB00306F104494EA11F71A1DBB88A44DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00B670A1
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00B670CD
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00B670EA
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 00B67100
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?), ref: 00B67138
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00B67154
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 00B6716A
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?), ref: 00B671A2
                                                                                                                                                                        • WriteFile.KERNEL32(?,00B9AAEC,00000002,?,00000000), ref: 00B671D0
                                                                                                                                                                        • ReleaseMutex.KERNEL32(00000000), ref: 00B671DB
                                                                                                                                                                          • Part of subcall function 00B66A02: OutputDebugStringW.KERNEL32(00000000), ref: 00B66A41
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Write$Pointerlstrlen$DebugMutexOutputReleaseString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2872164957-0
                                                                                                                                                                        • Opcode ID: 5131597496c820ffafe63242018f52f3fd9688ec2381f9729d258ad66835b0f6
                                                                                                                                                                        • Instruction ID: 49c902ed20c2608a99ae3440c6240d859cd762d0f048748b657cacd1a7d9e508
                                                                                                                                                                        • Opcode Fuzzy Hash: 5131597496c820ffafe63242018f52f3fd9688ec2381f9729d258ad66835b0f6
                                                                                                                                                                        • Instruction Fuzzy Hash: 39414C30244346AFDB20EF24CC85F6AB7E9FF55708F0448ADB551A61E1EF64AD08CB62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EB5F
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EB6D
                                                                                                                                                                        • DisconnectNamedPipe.KERNEL32(00000000,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EB76
                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EB8B
                                                                                                                                                                        • UnregisterWaitEx.KERNEL32(00000000,000000FF,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EBA0
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EBAF
                                                                                                                                                                        • ReleaseMutex.KERNEL32(00000000,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EC02
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EC0B
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EC1C
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6EC23
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCriticalHandleSection$DeleteDisconnectEnterLeaveMutexNamedPipeReleaseSleepUnregisterWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1260616277-0
                                                                                                                                                                        • Opcode ID: 1f3bca4c5c9739c05c352933101c50d97fc28878de55e41e807a227e5d6d591a
                                                                                                                                                                        • Instruction ID: ef317d204db087ed577fe33d69bf947466fb83ea0d1326177dd86624c5dd07ad
                                                                                                                                                                        • Opcode Fuzzy Hash: 1f3bca4c5c9739c05c352933101c50d97fc28878de55e41e807a227e5d6d591a
                                                                                                                                                                        • Instruction Fuzzy Hash: E7318C35200612AFDB15AF68DC89BA8B7A5FF00350F1445A9F226935B1CFB9FC54CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B74856: __aulldiv.LIBCMT ref: 00B7488F
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,uid,00000000,00000000,00000000,00000000,HKLM\Software\BraveSoftware\Update\,?,?,000F003F,?,00000000), ref: 00B73C61
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,HKLM\Software\BraveSoftware\Update\,?,?,000F003F,?,00000000), ref: 00B73CAD
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,000F003F,?,00000000), ref: 00B73CD6
                                                                                                                                                                          • Part of subcall function 00B63A7A: StringFromGUID2.OLE32(?,?,00000028,?,00000000,?,?,?,?,00B717CE,?,[rollback_to_target_version][%d],00000000,?,[target_version_prefix][%s],00000001), ref: 00B63AA7
                                                                                                                                                                          • Part of subcall function 00B63A7A: CharUpperW.USER32(?,?,00000000,?,?,?,?,00B717CE,?,[rollback_to_target_version][%d],00000000,?,[target_version_prefix][%s],00000001,?,[target_channel][%s]), ref: 00B63AB1
                                                                                                                                                                          • Part of subcall function 00B685E4: lstrlenW.KERNEL32(000F003F,?,?,00B73D1F,uid,?,00000001,00000000,?,?,000F003F,?,00000000), ref: 00B685ED
                                                                                                                                                                          • Part of subcall function 00B685E4: RegSetValueExW.ADVAPI32(00B6802D,?,00000000,?,000F003F,00000000,?,00B73D1F,uid,?,00000001,00000000,?,?,000F003F), ref: 00B68609
                                                                                                                                                                        • _Deallocate.LIBCONCRT ref: 00B73E1A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseValue$CharDeallocateFromHandleQueryStringUpper__aulldivlstrlen
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$uid
                                                                                                                                                                        • API String ID: 3604516228-1956591466
                                                                                                                                                                        • Opcode ID: a5c04f38ace1d00bfd1414aeca841c6ffe75ed1bc508ea1c1829d5b45b7b8a17
                                                                                                                                                                        • Instruction ID: d1c30561ce225054c0c2bd384cb8a5327478c58d1bb233a1ceda55012ff7a837
                                                                                                                                                                        • Opcode Fuzzy Hash: a5c04f38ace1d00bfd1414aeca841c6ffe75ed1bc508ea1c1829d5b45b7b8a17
                                                                                                                                                                        • Instruction Fuzzy Hash: 81817971E002099FCF10DFA9D8859EEBBF5EF48700F1480A9E429B7251EB74AE05DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process2,0000014C,?,arm64,x64,x86,?,?,00000000), ref: 00B6757F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B67586
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?), ref: 00B675A6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                        • String ID: IsWow64Process2$arm64$kernel32.dll$x64$x86
                                                                                                                                                                        • API String ID: 4190356694-1443508272
                                                                                                                                                                        • Opcode ID: fc9642ce53491ff1efc7688e785f184f48c5aea7b7503a720358d425c2c70361
                                                                                                                                                                        • Instruction ID: 4c76ff159b453dad87db8d8802737e8ae37f24abb6f0d36c503a58d5ef2ac637
                                                                                                                                                                        • Opcode Fuzzy Hash: fc9642ce53491ff1efc7688e785f184f48c5aea7b7503a720358d425c2c70361
                                                                                                                                                                        • Instruction Fuzzy Hash: CD415F71A40219ABCF14EFA8C9958EDBBF9EF54304F1405D9E41277291DF78AE05CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,?,?,?), ref: 00B66F61
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,PendingFileRenameOperations,00000000,?,00000000,?), ref: 00B66F90
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,PendingFileRenameOperations,00000000,00000000,00000000,?), ref: 00B66FCC
                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?), ref: 00B67016
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00B67023
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$Openlstrcmplstrlen
                                                                                                                                                                        • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\??\
                                                                                                                                                                        • API String ID: 2090349685-3703331852
                                                                                                                                                                        • Opcode ID: 31dd1a973bab2d3c2f4241ff51fbd65edd19362e46bab172e442b7ae4ba64e1d
                                                                                                                                                                        • Instruction ID: dda784110d627115ff047f80021e379bd36d6bb1a4b28059b696044ddbff53b7
                                                                                                                                                                        • Opcode Fuzzy Hash: 31dd1a973bab2d3c2f4241ff51fbd65edd19362e46bab172e442b7ae4ba64e1d
                                                                                                                                                                        • Instruction Fuzzy Hash: 28416C72D00218EF9F20DFA8DC819EEB7BDEF04768B204169E514A7152DB35AD05CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000088,00000000,00000000,000004B0,00000000,?,00B6FBDB,00000000,00000000,000004B0), ref: 00B70142
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000070,?,00B6FBDB,00000000,00000000,000004B0), ref: 00B70154
                                                                                                                                                                        • LoadLibraryW.KERNEL32(dbghelp.dll,?,00B6FBDB,00000000,00000000,000004B0), ref: 00B70161
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000070,?,00B6FBDB,00000000,00000000,000004B0), ref: 00B7016F
                                                                                                                                                                        • GetProcAddress.KERNEL32(7734FFB0,MiniDumpWriteDump), ref: 00B7017B
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(000004B0,?,00B6FBDB,00000000,00000000,000004B0), ref: 00B7018A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressLibraryLoadProc
                                                                                                                                                                        • String ID: MiniDumpWriteDump$dbghelp.dll
                                                                                                                                                                        • API String ID: 2049748340-4105291546
                                                                                                                                                                        • Opcode ID: 1c5109f3443ae2dcb989d812d0defa7f0d0e7d79ceb204f9ed797f468e2935de
                                                                                                                                                                        • Instruction ID: 387983f819592c9b13f310e5f634ed3f0617761418a585837466d1d3b0762764
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c5109f3443ae2dcb989d812d0defa7f0d0e7d79ceb204f9ed797f468e2935de
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B016D72500B04EFDB21EBA8DC89956B3ECEF84760715486AE565E3220DBB0ED058B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,00B70211,?,?,?), ref: 00B701A2
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00B701AB
                                                                                                                                                                        • LoadLibraryW.KERNEL32(rpcrt4.dll), ref: 00B701B9
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00B701C5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,UuidCreate), ref: 00B701D5
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00B701E2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressLibraryLoadProc
                                                                                                                                                                        • String ID: UuidCreate$rpcrt4.dll
                                                                                                                                                                        • API String ID: 2049748340-1705988563
                                                                                                                                                                        • Opcode ID: 91263a8292e32d1909a6f82f671df7f3f13de43d02daa2578634506cf8a6134a
                                                                                                                                                                        • Instruction ID: 95936bd8d33688e6465e7aab63d89134ccf6544f5bcaadbfd9f9b0df4032d89c
                                                                                                                                                                        • Opcode Fuzzy Hash: 91263a8292e32d1909a6f82f671df7f3f13de43d02daa2578634506cf8a6134a
                                                                                                                                                                        • Instruction Fuzzy Hash: 14F01D72200B14EFC7106B259C88D57B7EDEE84762715C86AF56AA3630DBB4E8419B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegisterWaitForSingleObject.KERNEL32(00000000,?,00B6F415,?,000000FF,00000014), ref: 00B6F37C
                                                                                                                                                                        • RegisterWaitForSingleObject.KERNEL32(?,?,00B6F443,?,000000FF,00000008), ref: 00B6F39D
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,00B6F233,?), ref: 00B6F3AA
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 00B6F3BA
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 00B6F3F1
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00B6F400
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$LeaveObjectRegisterSingleWait$EnterXinvalid_argumentstd::_
                                                                                                                                                                        • String ID: list too long
                                                                                                                                                                        • API String ID: 2590634607-1124181908
                                                                                                                                                                        • Opcode ID: d2064a6dc508662325a6d4060fc57e9ffb0f4cc237d8fdfcc46beae7a6ef7ca9
                                                                                                                                                                        • Instruction ID: 4971d6c3770bd60694fe44d4df368a02bd28f60314675fa79aac10aa69e265bc
                                                                                                                                                                        • Opcode Fuzzy Hash: d2064a6dc508662325a6d4060fc57e9ffb0f4cc237d8fdfcc46beae7a6ef7ca9
                                                                                                                                                                        • Instruction Fuzzy Hash: 31215071500305FBDB109F55E886EA6BBF8FF05310F1085AAB519D76A1DB74E940CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,00B67761,?,?,?,?,?,00B67692,?,?,00000000,?,?,00B67761), ref: 00B674A0
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00B674AC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32$unknown$x64$x86
                                                                                                                                                                        • API String ID: 1646373207-2413232933
                                                                                                                                                                        • Opcode ID: 1bb55625ad39cf8ff4235139a01ab9b20e0b4149e73630bc2489cacdf069b164
                                                                                                                                                                        • Instruction ID: 7bdd327a0b72dbfdc3e81ae2d6188abbe2eb0b8ae0a6d40593d7d86b80a061f0
                                                                                                                                                                        • Opcode Fuzzy Hash: 1bb55625ad39cf8ff4235139a01ab9b20e0b4149e73630bc2489cacdf069b164
                                                                                                                                                                        • Instruction Fuzzy Hash: EEF0F231744315578F106779DD4DC6A76EADB89B04F1044B2F401F32A0EE78DD40C2D2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B62F9C: GetCurrentProcess.KERNEL32(00000000,?,00B63C28,00000008,00000000), ref: 00B62FA9
                                                                                                                                                                          • Part of subcall function 00B62F9C: OpenProcessToken.ADVAPI32(?,?,?,00000000,?,00B63C28,00000008,00000000), ref: 00B62FB7
                                                                                                                                                                          • Part of subcall function 00B645D9: GetTokenInformation.ADVAPI32(00B62FD9,00000004,00000000,00000000,00000000,00B99DD4,00000000,00000000,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A}), ref: 00B64608
                                                                                                                                                                          • Part of subcall function 00B645D9: GetLastError.KERNEL32 ref: 00B6460E
                                                                                                                                                                          • Part of subcall function 00B645D9: __alloca_probe_16.LIBCMT ref: 00B64636
                                                                                                                                                                          • Part of subcall function 00B645D9: GetTokenInformation.ADVAPI32(?,00000004,00000000,00000000,00000000,00000000), ref: 00B64661
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,?,?,?,00000008,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?), ref: 00B63510
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(00000000,?,?,?,?,00000008,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?), ref: 00B63542
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,?,?,?,?,00000008,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?), ref: 00B63568
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,?,?,?,?,?,00000008,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?), ref: 00B63595
                                                                                                                                                                        • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,?,?,?,?,00000008,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?), ref: 00B635CB
                                                                                                                                                                          • Part of subcall function 00B629B0: GetSecurityDescriptorOwner.ADVAPI32(?,?,00B636CD,00B99B0C,00000000,00000000,00000000,?,00B636CD,?,00000220,?,10000000,00000000), ref: 00B629D5
                                                                                                                                                                          • Part of subcall function 00B629B0: GetLengthSid.ADVAPI32(00B636D1,00000220,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B629FF
                                                                                                                                                                          • Part of subcall function 00B646A0: GetTokenInformation.ADVAPI32(00B62FD9,00000005(TokenIntegrityLevel),00000000,00000000,00000000,00B99DD4,00000000,00000000,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A}), ref: 00B646CF
                                                                                                                                                                          • Part of subcall function 00B646A0: GetLastError.KERNEL32 ref: 00B646D5
                                                                                                                                                                          • Part of subcall function 00B646A0: __alloca_probe_16.LIBCMT ref: 00B646FD
                                                                                                                                                                          • Part of subcall function 00B646A0: GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),00000000,00000000,00000000,00000000), ref: 00B64728
                                                                                                                                                                          • Part of subcall function 00B62A6C: GetSecurityDescriptorGroup.ADVAPI32(?,00000000,00B636CD,00B636CD,00000000,?,?,?,80004005,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62A91
                                                                                                                                                                          • Part of subcall function 00B62A6C: GetLengthSid.ADVAPI32(00B636D1,00000220,00B636CD,00000000,?,?,?,80004005,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62ABB
                                                                                                                                                                          • Part of subcall function 00B64508: GetTokenInformation.ADVAPI32(00B62FD9,00000006,00000000,00000000,00000000,00B99DD4,00000000,00000000,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A}), ref: 00B64537
                                                                                                                                                                          • Part of subcall function 00B64508: GetLastError.KERNEL32 ref: 00B6453D
                                                                                                                                                                          • Part of subcall function 00B64508: __alloca_probe_16.LIBCMT ref: 00B64565
                                                                                                                                                                          • Part of subcall function 00B64508: GetTokenInformation.ADVAPI32(?,00000006,00000000,00000000,00000000,00000000), ref: 00B64590
                                                                                                                                                                          • Part of subcall function 00B64767: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000,00000000,00000000,00B99D68,00000000), ref: 00B64798
                                                                                                                                                                          • Part of subcall function 00B64767: GetLastError.KERNEL32 ref: 00B6479E
                                                                                                                                                                          • Part of subcall function 00B64767: __alloca_probe_16.LIBCMT ref: 00B647C6
                                                                                                                                                                          • Part of subcall function 00B64767: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000,00000000), ref: 00B647F0
                                                                                                                                                                          • Part of subcall function 00B62B28: GetSecurityDescriptorDacl.ADVAPI32(?,?,00000000,00B636CD,00B636CD,?,00000220,?,00B636CD), ref: 00B62B57
                                                                                                                                                                          • Part of subcall function 00B62B28: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,00B636CD,?,00000220,?,00B636CD), ref: 00B62BCC
                                                                                                                                                                        Strings
                                                                                                                                                                        • {BC6A0F04-AE75-459F-B879-2C961515B78A}, xrefs: 00B63390
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurityToken$Information$ErrorLast__alloca_probe_16$Dacl$GroupLengthOwnerProcess$ControlCurrentOpenSacl
                                                                                                                                                                        • String ID: {BC6A0F04-AE75-459F-B879-2C961515B78A}
                                                                                                                                                                        • API String ID: 3927931817-3018252608
                                                                                                                                                                        • Opcode ID: 6194a85b01a4c4f3fffa716d025b524e09ce55223d9ef4cd30518a6fbb5d8698
                                                                                                                                                                        • Instruction ID: 4015f194eba8c0f773fffd808961360d7a4dff2ae0dc6cfc9f77ec9f44541c26
                                                                                                                                                                        • Opcode Fuzzy Hash: 6194a85b01a4c4f3fffa716d025b524e09ce55223d9ef4cd30518a6fbb5d8698
                                                                                                                                                                        • Instruction Fuzzy Hash: 38610872810528AADB26EF54CC95FEEB7B8EF19301F0041EAE51AA6151DF355F88CF60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SetEvent.KERNEL32(00B69E95,?,?,?,00000000,?,00000000), ref: 00B6A064
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00B69E95), ref: 00B6A0AD
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00B69E95), ref: 00B6A0B8
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00B69E95), ref: 00B6A0C3
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000000), ref: 00B6A0CE
                                                                                                                                                                        Strings
                                                                                                                                                                        • [CrashHandler][Preparing dump][%d-bit][pid %d], xrefs: 00B69F9F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$Event
                                                                                                                                                                        • String ID: [CrashHandler][Preparing dump][%d-bit][pid %d]
                                                                                                                                                                        • API String ID: 1562036122-3072279710
                                                                                                                                                                        • Opcode ID: 46bfdd48c0d9b5e9780fef0fa448d6c78fa7c2d26e6d1ef8e509572f3eace66c
                                                                                                                                                                        • Instruction ID: bd53bfe13d53e36e21863520b046b72064cf6d22b1c305a06ad10685934dd1f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 46bfdd48c0d9b5e9780fef0fa448d6c78fa7c2d26e6d1ef8e509572f3eace66c
                                                                                                                                                                        • Instruction Fuzzy Hash: FA51C471E002099BDF01EBE4D881BEEBBF9AF44300F1441AAE515B7291EF795A45CF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B733B0: RegCloseKey.ADVAPI32(00000000,HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards,00020019,HKLM\Software\BraveSoftware\Update\), ref: 00B73676
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000000,00000001,00000000,uid,HKLM\Software\BraveSoftware\Update\,?,HKLM\Software\BraveSoftware\Update\,?,00000000), ref: 00B73935
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,uid,HKLM\Software\BraveSoftware\Update\,?,HKLM\Software\BraveSoftware\Update\,?,00000000), ref: 00B7396A
                                                                                                                                                                        • _Deallocate.LIBCONCRT ref: 00B739B8
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$DeallocateQueryValue
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$uid
                                                                                                                                                                        • API String ID: 3590966819-1956591466
                                                                                                                                                                        • Opcode ID: 18b7a995848c78b4382106894af843f01d968b0c732b6a5e2dee941786e43c4c
                                                                                                                                                                        • Instruction ID: 90d5b29a528fdc6a89406bba70bdc92bba211728199119b4322a6748e9871a96
                                                                                                                                                                        • Opcode Fuzzy Hash: 18b7a995848c78b4382106894af843f01d968b0c732b6a5e2dee941786e43c4c
                                                                                                                                                                        • Instruction Fuzzy Hash: E841C032D0010A9BCF10EBA8C891AEEFBF4EF50710F1440A8E566B7291DFB56A05C760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,00B6FE10,?,00000008,00000000,00000000,00000000,00B6FE10,?,?,00000000,00000000,000004B0), ref: 00B6F8D2
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00B6F8EA
                                                                                                                                                                        • LoadLibraryW.KERNEL32(verifier.dll), ref: 00B6F906
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,VerifierEnumerateResource), ref: 00B6F91C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                        • String ID: VerifierEnumerateResource$verifier.dll
                                                                                                                                                                        • API String ID: 1580871199-3762872906
                                                                                                                                                                        • Opcode ID: f14e20ff72dddb45ff52be11b7f34d0c7ad64e49d65c173b113e5274678965ef
                                                                                                                                                                        • Instruction ID: 9b54ba374a7fdfb16f2475e262c04a2fe93b9e69152460316282b5fddebf0064
                                                                                                                                                                        • Opcode Fuzzy Hash: f14e20ff72dddb45ff52be11b7f34d0c7ad64e49d65c173b113e5274678965ef
                                                                                                                                                                        • Instruction Fuzzy Hash: 1441907160060ABFDB14DF64D881EA9BBF5FF44300F24C1A9E818AB2A0DB75F955CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B64E98: GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 00B64EC2
                                                                                                                                                                        • CreateFileW.KERNEL32(00000010,00000001,00000001,00000000,00000003,?,00000000), ref: 00B6AC2C
                                                                                                                                                                        • GetFileTime.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B6AC4C
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B6AC5F
                                                                                                                                                                          • Part of subcall function 00B69179: GetLastError.KERNEL32(00000000,00B63C57,?,?,?,00000008,00000000), ref: 00B6917A
                                                                                                                                                                          • Part of subcall function 00B69179: RaiseException.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000008,00000000), ref: 00B691AC
                                                                                                                                                                          • Part of subcall function 00B65885: GetSystemTimeAsFileTime.KERNEL32(?,00000001,00000001,?,00B65E92,00000000,?,?,00000000,00B71FC3,?,00000001,00000000), ref: 00B658A5
                                                                                                                                                                        • DeleteFileW.KERNEL32(00000000), ref: 00B6ACC4
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00B6ACCD
                                                                                                                                                                        Strings
                                                                                                                                                                        • [CrashHandler][Deleted Stale Crash][filename %s][custom data %s], xrefs: 00B6AD1B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Time$Delete$AttributesCloseCreateErrorExceptionHandleLastRaiseSystem
                                                                                                                                                                        • String ID: [CrashHandler][Deleted Stale Crash][filename %s][custom data %s]
                                                                                                                                                                        • API String ID: 3167968216-1706742488
                                                                                                                                                                        • Opcode ID: 3d7696002ce333e014825b8b8aa6c778161edff313fd77085c51dcbe8b1e23ef
                                                                                                                                                                        • Instruction ID: 05947372b87f54c43e90a7924249b30ffd2d8868b80e7a2175c22189384f3828
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d7696002ce333e014825b8b8aa6c778161edff313fd77085c51dcbe8b1e23ef
                                                                                                                                                                        • Instruction Fuzzy Hash: C8418E71910109ABDF04EFA4CC96AFEB7F9EB05301F1009A9E512F3191DB389A04CF21
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B64F7B: GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 00B64FA8
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000000,00000080,00000000), ref: 00B66D2F
                                                                                                                                                                          • Part of subcall function 00B66EAE: OutputDebugStringW.KERNEL32(LOG_SYSTEM: trying to move log file to backup,?,?,?,?,?,00B66D0D), ref: 00B66EBC
                                                                                                                                                                          • Part of subcall function 00B66EAE: MoveFileExW.KERNEL32(?,?,0000000B,?,?,?,?,?,00B66D0D), ref: 00B66EDD
                                                                                                                                                                          • Part of subcall function 00B66EAE: OutputDebugStringW.KERNEL32(LOG_SYSTEM: failed to move log file to backup,?,?,?,?,?,00B66D0D), ref: 00B66EF5
                                                                                                                                                                          • Part of subcall function 00B68FAD: PathRemoveFileSpecW.SHLWAPI(00000000,?,00000000,00000000,00000024,00000024,?,00B64BE1,00000000,00000024,?,00B721C8,00000000,00000068,00000000,00000068), ref: 00B68FCE
                                                                                                                                                                          • Part of subcall function 00B64EE5: GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 00B64F0D
                                                                                                                                                                        • GetLastError.KERNEL32(?,C0010000,00000000), ref: 00B66DD7
                                                                                                                                                                        • WriteFile.KERNEL32(?,00B98638,00000002,00000000,00000000), ref: 00B66DFE
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000), ref: 00B66E27
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B66E30
                                                                                                                                                                          • Part of subcall function 00B61D39: GetSidLengthRequired.ADVAPI32(00000000,00000000,00000000,00B99D68,?,?,?,?,?,?,?,00B63C70,?,00B99B0C,00000001,00000012), ref: 00B61D8F
                                                                                                                                                                          • Part of subcall function 00B61D39: InitializeSid.ADVAPI32(?,?,00000000,?,?,?,?,?,?,?,00B63C70,?,00B99B0C,00000001,00000012,?), ref: 00B61DA2
                                                                                                                                                                          • Part of subcall function 00B61D39: GetSidSubAuthority.ADVAPI32(?,00000000,?,?,?,?,?,?,?,00B63C70,?,00B99B0C,00000001,00000012,?), ref: 00B61DC3
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: ERROR - Log path %s has a reparse point, xrefs: 00B66E19
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$DebugOutputString$Attributes$AuthorityCloseCreateErrorHandleInitializeLastLengthMovePathRemoveRequiredSpecWrite
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: ERROR - Log path %s has a reparse point
                                                                                                                                                                        • API String ID: 763239187-1149571711
                                                                                                                                                                        • Opcode ID: d0dfb3de25bc065dcd7fce7a58f3b46e1b1b577c27c94f29ff5acd0da9e4cbde
                                                                                                                                                                        • Instruction ID: 1e7122415afa73d4c891bc4faec0a410caaa36b0401f658a0614fcbc59fe3a15
                                                                                                                                                                        • Opcode Fuzzy Hash: d0dfb3de25bc065dcd7fce7a58f3b46e1b1b577c27c94f29ff5acd0da9e4cbde
                                                                                                                                                                        • Instruction Fuzzy Hash: 6841C131A00218ABDB10EFB0DC8AFADB7F8FF15310F1005A9E115A71D2DB79A959CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00B77667
                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00B7766F
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00B776F8
                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00B77723
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00B77778
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                        • Opcode ID: 195aebac6b0cd8c8d658bd227fc423237d4291942f58a76c7bd263e135f71c1a
                                                                                                                                                                        • Instruction ID: 57aafc93e0a84d340592194cc3069473d6615a35e04b248c105d1ec054a38de5
                                                                                                                                                                        • Opcode Fuzzy Hash: 195aebac6b0cd8c8d658bd227fc423237d4291942f58a76c7bd263e135f71c1a
                                                                                                                                                                        • Instruction Fuzzy Hash: 15418234A44209ABCF11DF68C895A9E7FE5EF45314F14C0D5E8289B3A2DB31DD11CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,00000000,?,{BC6A0F04-AE75-459F-B879-2C961515B78A},00000000,?,00000000), ref: 00B63770
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(00000000,00B736AC,?,?,{BC6A0F04-AE75-459F-B879-2C961515B78A},00000000,?,00000000), ref: 00B63792
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,?,?,?,{BC6A0F04-AE75-459F-B879-2C961515B78A},00000000,?,00000000), ref: 00B637AC
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,?,?,?,{BC6A0F04-AE75-459F-B879-2C961515B78A},00000000,?,00000000), ref: 00B637CA
                                                                                                                                                                        • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,?,?,?,{BC6A0F04-AE75-459F-B879-2C961515B78A},00000000,?,00000000), ref: 00B637EE
                                                                                                                                                                        Strings
                                                                                                                                                                        • {BC6A0F04-AE75-459F-B879-2C961515B78A}, xrefs: 00B63735
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl
                                                                                                                                                                        • String ID: {BC6A0F04-AE75-459F-B879-2C961515B78A}
                                                                                                                                                                        • API String ID: 1158139820-3018252608
                                                                                                                                                                        • Opcode ID: b00dc7fb3ca5c1066b30e862f1a7a8d2b083e100d087d60fd2ddc7565a3ccd11
                                                                                                                                                                        • Instruction ID: a3c88c59795a123ff7963690510d88bc41e565afa4bac5a7d3cc8dbfe4ae199a
                                                                                                                                                                        • Opcode Fuzzy Hash: b00dc7fb3ca5c1066b30e862f1a7a8d2b083e100d087d60fd2ddc7565a3ccd11
                                                                                                                                                                        • Instruction Fuzzy Hash: 673194B2800118ABDF05EBD4DD46EEEBBFDEF08311F1041A6E521B2061DB799A48DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • wsprintfW.USER32 ref: 00B694FA
                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,Exception,00250012), ref: 00B6952F
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00B6954B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitMessageProcesswsprintf
                                                                                                                                                                        • String ID: Exception$Exception %x in %s %s %u%hs:%d$base\logging.cc
                                                                                                                                                                        • API String ID: 1070390611-1730742759
                                                                                                                                                                        • Opcode ID: f5f95d7c93fe7760c6e1d2a4cc685ef9be6287244c157447fc17edc3a94c0048
                                                                                                                                                                        • Instruction ID: f0c96b132a1d92bc6eee732f07db8e50067b7321c76ff49413bc521033a4aae0
                                                                                                                                                                        • Opcode Fuzzy Hash: f5f95d7c93fe7760c6e1d2a4cc685ef9be6287244c157447fc17edc3a94c0048
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A11BF35A00218EACBA0EB34CC4AFA977F8EF45710F4485E4B059A31D1DE749E89CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(LOG_SYSTEM: trying to move log file to backup,?,?,?,?,?,00B66D0D), ref: 00B66EBC
                                                                                                                                                                        • MoveFileExW.KERNEL32(?,?,0000000B,?,?,?,?,?,00B66D0D), ref: 00B66EDD
                                                                                                                                                                          • Part of subcall function 00B69179: GetLastError.KERNEL32(00000000,00B63C57,?,?,?,00000008,00000000), ref: 00B6917A
                                                                                                                                                                          • Part of subcall function 00B69179: RaiseException.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000008,00000000), ref: 00B691AC
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(LOG_SYSTEM: failed to move log file to backup,?,?,?,?,?,00B66D0D), ref: 00B66EF5
                                                                                                                                                                          • Part of subcall function 00B66F24: RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,?,?,?), ref: 00B66F61
                                                                                                                                                                          • Part of subcall function 00B66F24: RegQueryValueExW.ADVAPI32(?,PendingFileRenameOperations,00000000,?,00000000,?), ref: 00B66F90
                                                                                                                                                                          • Part of subcall function 00B66F24: RegQueryValueExW.ADVAPI32(?,PendingFileRenameOperations,00000000,00000000,00000000,?), ref: 00B66FCC
                                                                                                                                                                          • Part of subcall function 00B66F24: lstrcmpW.KERNEL32(?,?), ref: 00B67016
                                                                                                                                                                          • Part of subcall function 00B66F24: lstrlenW.KERNEL32(?), ref: 00B67023
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: trying to move log file to backup, xrefs: 00B66EB5
                                                                                                                                                                        • LOG_SYSTEM: failed to move log file to backup, xrefs: 00B66EF0
                                                                                                                                                                        • .bak, xrefs: 00B66EC5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputQueryStringValue$ErrorExceptionFileLastMoveOpenRaiselstrcmplstrlen
                                                                                                                                                                        • String ID: .bak$LOG_SYSTEM: failed to move log file to backup$LOG_SYSTEM: trying to move log file to backup
                                                                                                                                                                        • API String ID: 2993329787-3505153176
                                                                                                                                                                        • Opcode ID: 52c04434c9a457ecfef0795d22a4acd31815b34d4d0941d993e5a7737903a1db
                                                                                                                                                                        • Instruction ID: 939328574e84f978ee47d24c10864e413ed6a7d6e2508309e11061eec1927711
                                                                                                                                                                        • Opcode Fuzzy Hash: 52c04434c9a457ecfef0795d22a4acd31815b34d4d0941d993e5a7737903a1db
                                                                                                                                                                        • Instruction Fuzzy Hash: 17F0AF31340201AB9A246B65FD669AA7BE8EF8575071004A4F502A72A2DFB9AD05C791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,00B67E59,?,00000000,?,00B736B8,00000000,?,?,?,?,00B73E61,00000000,?,?), ref: 00B67E1D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateMutexExW), ref: 00B67E2F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00B67E40
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: CreateEventExW$CreateMutexExW$kernel32.dll
                                                                                                                                                                        • API String ID: 667068680-2423819206
                                                                                                                                                                        • Opcode ID: 1761cedb7dea6b727c3a1476301fd3fcb92ea4078f0f67b4416115ab5f4f9801
                                                                                                                                                                        • Instruction ID: ddb92f36ad15884a4fe5e687353663d67f4fad8b0507da5d28e4a5283cfabd32
                                                                                                                                                                        • Opcode Fuzzy Hash: 1761cedb7dea6b727c3a1476301fd3fcb92ea4078f0f67b4416115ab5f4f9801
                                                                                                                                                                        • Instruction Fuzzy Hash: D6E09B35884202DFCB655B69FC4971576E5D7D2B06F6488EDE400631B4EF798845CB21
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00B6C614
                                                                                                                                                                        • WaitForDebugEvent.KERNEL32(?,00000000), ref: 00B6C63F
                                                                                                                                                                        • Sleep.KERNEL32(00000032), ref: 00B6C64B
                                                                                                                                                                          • Part of subcall function 00B63AD2: GetTickCount.KERNEL32 ref: 00B63AD5
                                                                                                                                                                        • ContinueDebugEvent.KERNEL32(?,?,00010002), ref: 00B6C7BF
                                                                                                                                                                        • DebugActiveProcessStop.KERNEL32(?), ref: 00B6C826
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Debug$CountEventTick$ActiveContinueProcessSleepStopWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1595541703-0
                                                                                                                                                                        • Opcode ID: 5878cbf93d4fe36410ff0e2d30ae63a912a6bd62a26378b835ab49d93e85f11a
                                                                                                                                                                        • Instruction ID: 9051bb2144ac03c0463710179b5e7c9a39a549e3dd41b21021ccd4ac787155fb
                                                                                                                                                                        • Opcode Fuzzy Hash: 5878cbf93d4fe36410ff0e2d30ae63a912a6bd62a26378b835ab49d93e85f11a
                                                                                                                                                                        • Instruction Fuzzy Hash: 8B616371A002189FDB26DF64CC85BAABBF9EB44300F0441DAE549AB251DB75AF85CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00B779A9,00B7793A,00B76B26), ref: 00B779C0
                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B779CE
                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B779E7
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00B779A9,00B7793A,00B76B26), ref: 00B77A39
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                        • Opcode ID: b29433e88b90601ee31800c096b0a0423f6d5ebe7c28cc970cf439643f2b86a4
                                                                                                                                                                        • Instruction ID: e05028fd9a2a2dd4712d709ebcfd3c67f827d4742c6f3366225545f81e47f2f4
                                                                                                                                                                        • Opcode Fuzzy Hash: b29433e88b90601ee31800c096b0a0423f6d5ebe7c28cc970cf439643f2b86a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D0128321AE3126EF7353BB47C86A2B26D8DB16B70F2083B9F538460F1EF114D019284
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,00B6BCA9,00000000,00B6BC7F,?,?), ref: 00B6FB4A
                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,00B6BCA9,00000000,00B6BC7F,?,?), ref: 00B6FB5B
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,00000000,00B6BCA9,00000000,00B6BC7F,?,?), ref: 00B6FB6A
                                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,00000000,00B6BCA9,00000000,00B6BC7F,?,?), ref: 00B6FB75
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00000088,00000000,00000000,00B6BCA9,00000000,00B6BC7F,?,?), ref: 00B6FB84
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00000070), ref: 00B6FB8A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCriticalDeleteFreeHandleLibrarySection
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 165238876-0
                                                                                                                                                                        • Opcode ID: 1fa8aa4c4f94486670da3048331c9580a25fa6b2f9bf0ed8d2e67ab5edbce4c8
                                                                                                                                                                        • Instruction ID: f8cf7920936da85922c7ba1d33499fbe1782a1aef767c1691b17d39839d10319
                                                                                                                                                                        • Opcode Fuzzy Hash: 1fa8aa4c4f94486670da3048331c9580a25fa6b2f9bf0ed8d2e67ab5edbce4c8
                                                                                                                                                                        • Instruction Fuzzy Hash: A801127190091BABDB155B24EC14BA5FBE5FF05314F1842769020938B0CB79B8A9CFD0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B754CF: EnterCriticalSection.KERNEL32(00BA1E3C,?,?,00B75582), ref: 00B754D8
                                                                                                                                                                          • Part of subcall function 00B754CF: SetUnhandledExceptionFilter.KERNEL32(?,?,?,00B75582), ref: 00B7550A
                                                                                                                                                                        • RtlCaptureContext.KERNEL32(?), ref: 00B75719
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B75762
                                                                                                                                                                          • Part of subcall function 00B758B6: EnterCriticalSection.KERNEL32(?,?,?,00000001,?,00B755F7,?,00000000), ref: 00B758C5
                                                                                                                                                                          • Part of subcall function 00B758B6: GetCurrentThreadId.KERNEL32 ref: 00B758D5
                                                                                                                                                                          • Part of subcall function 00B758B6: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00B755F7,?,00000000), ref: 00B758FC
                                                                                                                                                                          • Part of subcall function 00B758B6: WaitForSingleObject.KERNEL32(?,000000FF,?,00B755F7,?,00000000), ref: 00B7590A
                                                                                                                                                                          • Part of subcall function 00B758B6: LeaveCriticalSection.KERNEL32(?,?,00B755F7,?,00000000), ref: 00B75929
                                                                                                                                                                        • RtlCaptureContext.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00B75828
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B7586B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalCurrentSectionThread$CaptureContextEnter$ExceptionFilterLeaveObjectReleaseSemaphoreSingleUnhandledWait
                                                                                                                                                                        • String ID: %
                                                                                                                                                                        • API String ID: 4000429020-2567322570
                                                                                                                                                                        • Opcode ID: 487e473d9967ec26e8dfd84efe0dcfff936cd14967f30769e9f9ee34312e18df
                                                                                                                                                                        • Instruction ID: d8e69a21488ed77ea41ed18c5eb5c27e5e6d29a4d589de420e1bc684a32088f8
                                                                                                                                                                        • Opcode Fuzzy Hash: 487e473d9967ec26e8dfd84efe0dcfff936cd14967f30769e9f9ee34312e18df
                                                                                                                                                                        • Instruction Fuzzy Hash: C7617DB1508744ABD720EF60D846B9FB7ECBB84714F004A5DF5AD93291EB70D609CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,00000006,?,?,00000000,uid,HKLM\Software\BraveSoftware\Update\), ref: 00B737F8
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000006,?,?,00000000,uid,HKLM\Software\BraveSoftware\Update\), ref: 00B7382A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$Handle
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$uid
                                                                                                                                                                        • API String ID: 187904097-1956591466
                                                                                                                                                                        • Opcode ID: 4cd0282b9e013bfdda956d435a481c5bfdf1876422b3426847163331f7d2fdca
                                                                                                                                                                        • Instruction ID: 96ffcd29f54df1e674396b0622cc6ef6ae0f35514af6a8207458bb937164d3e5
                                                                                                                                                                        • Opcode Fuzzy Hash: 4cd0282b9e013bfdda956d435a481c5bfdf1876422b3426847163331f7d2fdca
                                                                                                                                                                        • Instruction Fuzzy Hash: 5C414E7191010AAFDF08DFA4C895AEEBBF9FF10304F1041A8E41167191DF75AE49CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventW.KERNEL32(0000000C,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00B974D8), ref: 00B6AB27
                                                                                                                                                                          • Part of subcall function 00B6A2FA: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B6A332
                                                                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000493E0,?,?,?,?,?,?,?,00B974D8), ref: 00B6AB69
                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00B6AB81
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00B974D8), ref: 00B6ABCA
                                                                                                                                                                        Strings
                                                                                                                                                                        • [Child process signals that minidump is created.], xrefs: 00B6ABB6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCodeCreateEventExitFileHandleModuleMultipleNameObjectsProcessWait
                                                                                                                                                                        • String ID: [Child process signals that minidump is created.]
                                                                                                                                                                        • API String ID: 1619337316-4206081094
                                                                                                                                                                        • Opcode ID: 08c41cf98f9c257d80d8b7e5fef0a383f43a2ca8deebee4be491cb233cf36575
                                                                                                                                                                        • Instruction ID: 18ea4730c7f806e004551155b3926b2f1d053de05e07dc5f74297d4ca9b66976
                                                                                                                                                                        • Opcode Fuzzy Hash: 08c41cf98f9c257d80d8b7e5fef0a383f43a2ca8deebee4be491cb233cf36575
                                                                                                                                                                        • Instruction Fuzzy Hash: 692139B2901209BFDF019FA8DD85DEFBBF9EB09300F14456AF512E6150D7789A048BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingSettings,MaxLogFileSize,00989680,00000001), ref: 00B6695F
                                                                                                                                                                        • GetPrivateProfileIntW.KERNEL32(LoggingSettings,LogFileWide,00000001,00000001), ref: 00B66973
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: PrivateProfile
                                                                                                                                                                        • String ID: LogFileWide$LoggingSettings$MaxLogFileSize
                                                                                                                                                                        • API String ID: 1469295129-2181087832
                                                                                                                                                                        • Opcode ID: b13ffb0eacbdc0aa33624b0dfef0b6b2ff4316c4b2b30693d1794f581a5cd728
                                                                                                                                                                        • Instruction ID: d59f62078ef227946717cc510b3ea610c2f4bc4908ac923d4ee72e973caa67a3
                                                                                                                                                                        • Opcode Fuzzy Hash: b13ffb0eacbdc0aa33624b0dfef0b6b2ff4316c4b2b30693d1794f581a5cd728
                                                                                                                                                                        • Instruction Fuzzy Hash: BC21C3721042009E8F04DF68C8C28B6BBE8EF55314708C4E9EC09DF296DB78D905CBB1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNEL32(00000032,?,00B6311D,?,?,?,?,?,?,00B71FF0,?,[OmahaPolicyManager::set_policy][%s][%s]), ref: 00B665AB
                                                                                                                                                                        • OutputDebugStringA.KERNEL32(LOG_SYSTEM: Couldn't acquire lock - ,?,00B6311D,?,?,?,?,?,?,00B71FF0,?,[OmahaPolicyManager::set_policy][%s][%s]), ref: 00B665E8
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00B71FF0,?,00B6311D,?,?,?,?,?,?,00B71FF0,?,[OmahaPolicyManager::set_policy][%s][%s]), ref: 00B665F5
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00B9A770,?,00B6311D,?,?,?,?,?,?,00B71FF0,?,[OmahaPolicyManager::set_policy][%s][%s]), ref: 00B665FC
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: Couldn't acquire lock - , xrefs: 00B665E3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputString$Sleep
                                                                                                                                                                        • String ID: LOG_SYSTEM: Couldn't acquire lock -
                                                                                                                                                                        • API String ID: 3789842296-1219263422
                                                                                                                                                                        • Opcode ID: 1885aa407ccd778c64ae0c88c71db482ddfed0fc9f35cf760aa461ea92d6aa72
                                                                                                                                                                        • Instruction ID: e5c630cbce9f52ddcc0f420c94813532eebbfdbcda90bd5c9ac3996fa33e72fa
                                                                                                                                                                        • Opcode Fuzzy Hash: 1885aa407ccd778c64ae0c88c71db482ddfed0fc9f35cf760aa461ea92d6aa72
                                                                                                                                                                        • Instruction Fuzzy Hash: 48219A3120010AABDF04DF9CDC96DAE37A9EF50354F0404A9F90297062DBB4EE45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(000000FF,000000FF,?,00000000,?,?,?,?,?,?,?,?,00B6A287,?,00000000,?), ref: 00B6AE6B
                                                                                                                                                                        • SetProcessWorkingSetSize.KERNEL32(00000000), ref: 00B6AE72
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00B6AE92
                                                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B6AEA4
                                                                                                                                                                        Strings
                                                                                                                                                                        • [CrashHandler::RunUntilShutdown], xrefs: 00B6AE5A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageProcess$CurrentDispatchSizeWorking
                                                                                                                                                                        • String ID: [CrashHandler::RunUntilShutdown]
                                                                                                                                                                        • API String ID: 636188758-3731342378
                                                                                                                                                                        • Opcode ID: 4e9169e492f49ed10de4db86b43f7d022ff17ca83c8907875dbace28edaada6a
                                                                                                                                                                        • Instruction ID: 55993a95ccdd61ee7895505adc339eaacf08edbcd3692cd151513db167ea5a53
                                                                                                                                                                        • Opcode Fuzzy Hash: 4e9169e492f49ed10de4db86b43f7d022ff17ca83c8907875dbace28edaada6a
                                                                                                                                                                        • Instruction Fuzzy Hash: F511C672D04224AA8F149BF9DC098AEBBECDB457607204666F532F31E0EB34D9008BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocalTime.KERNEL32(?,?,?,00000000), ref: 00B65BA3
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B65BE1
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00B65BE9
                                                                                                                                                                        Strings
                                                                                                                                                                        • [%s][%u:%u], xrefs: 00B65BF4
                                                                                                                                                                        • [%02d/%02d/%02d %02d:%02d:%02d.%03d], xrefs: 00B65BD3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Current$LocalProcessThreadTime
                                                                                                                                                                        • String ID: [%02d/%02d/%02d %02d:%02d:%02d.%03d]$[%s][%u:%u]
                                                                                                                                                                        • API String ID: 2750998906-1978067781
                                                                                                                                                                        • Opcode ID: f69cda39b6a0d595990b2b107b741668c6cb8148dc6a31d01e00bcba1ca95752
                                                                                                                                                                        • Instruction ID: 8d9d46a1f95c1f29b1d00d35cd471cf981029b951dc81f94bfbc85c9122cec20
                                                                                                                                                                        • Opcode Fuzzy Hash: f69cda39b6a0d595990b2b107b741668c6cb8148dc6a31d01e00bcba1ca95752
                                                                                                                                                                        • Instruction Fuzzy Hash: CD112EB2900218BADB54ABE9DC469BFB7FCEF4C701B044465FA01E2151DA388985C7B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00B77D58,?,?,00BA113C,00000000,?,00B77E83,00000004,InitializeCriticalSectionEx,00B8F04C,InitializeCriticalSectionEx,00000000), ref: 00B77D27
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                                                                        • Opcode ID: 5f3895186d0180d342bc89330f0c4bca12c1ab2caa89e184c59b96999ac7cb1f
                                                                                                                                                                        • Instruction ID: e9d17e4108ad4ef4ef36c1863351770f8ac690a7639ad870e57b2a15845d2f55
                                                                                                                                                                        • Opcode Fuzzy Hash: 5f3895186d0180d342bc89330f0c4bca12c1ab2caa89e184c59b96999ac7cb1f
                                                                                                                                                                        • Instruction Fuzzy Hash: C111A771A89225A7DB325B689C4576973D4DF05760F2585B0E938F71A0DF70ED00C7E0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000,00000000,?,00B660E4,00000040,?,00B661CA,00B9E0B8,00000010,00B66277,00000000,00000000,?), ref: 00B695A4
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RtlCaptureStackBackTrace), ref: 00B695B4
                                                                                                                                                                        • RegisterTraceGuidsW.ADVAPI32(00B69C4F,00000008,00000000,00000001,00BA0A70,00000000,00000000,00000020,00000001,00000000), ref: 00B695EA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressGuidsHandleModuleProcRegisterTrace
                                                                                                                                                                        • String ID: RtlCaptureStackBackTrace$kernel32.dll
                                                                                                                                                                        • API String ID: 3926896046-94782561
                                                                                                                                                                        • Opcode ID: f9ad361408d55f0637a438c3db571c2446cd19d001e3dad17d86624abe00a3a9
                                                                                                                                                                        • Instruction ID: 480613c17fda7664cd89b4642ad2492a0a125d926403d1a69acbc0ca493bac2a
                                                                                                                                                                        • Opcode Fuzzy Hash: f9ad361408d55f0637a438c3db571c2446cd19d001e3dad17d86624abe00a3a9
                                                                                                                                                                        • Instruction Fuzzy Hash: F8113DB2645300ABDB148F14DCC6B467AE8EF5A710B1040BABD09AF295D7B0D940CBA9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,00B72A79,?,?,?,?), ref: 00B650B7
                                                                                                                                                                        • lstrlenW.KERNEL32(.brave.com,?,00B72A79,?,?,?,?), ref: 00B650BF
                                                                                                                                                                        • CharLowerW.USER32(74C08459,?,00B72A79,?,?,?,?), ref: 00B650E1
                                                                                                                                                                        • CharLowerW.USER32(7622E0B0,?,00B72A79,?,?,?,?), ref: 00B650EB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CharLowerlstrlen
                                                                                                                                                                        • String ID: .brave.com
                                                                                                                                                                        • API String ID: 1209591262-1418523283
                                                                                                                                                                        • Opcode ID: 6f5d7d43c1cd7e21641dd8d6dd8ef4522765297c924051927330d7bfca11108e
                                                                                                                                                                        • Instruction ID: fdedb6d274e8223a2acb42ba3f72263b5a0e6807160c0d0909c9b019bc3648e7
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f5d7d43c1cd7e21641dd8d6dd8ef4522765297c924051927330d7bfca11108e
                                                                                                                                                                        • Instruction Fuzzy Hash: 5B014F71D00628ABCF21DFADDCC69BDBBF8EA46300B1404A6E811E3210EA749D559B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00B749F8
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00B74A08
                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 00B74A48
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCreateHandleModuleProc
                                                                                                                                                                        • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                        • API String ID: 1964897782-2994018265
                                                                                                                                                                        • Opcode ID: 8601996a7059a3e25a3576424eb8c0bde6587bc0db8f160d3651c4fb1c82c211
                                                                                                                                                                        • Instruction ID: da34af51fc5a673788ca4cfd824a63ba810c394f30a259bdb25075b82e2caca8
                                                                                                                                                                        • Opcode Fuzzy Hash: 8601996a7059a3e25a3576424eb8c0bde6587bc0db8f160d3651c4fb1c82c211
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D01FB32140248BB9F215E929D09D97BFF9EBC9B527018469BA29A1060D771D850EB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5B862952,?,?,00000000,00B8CF12,000000FF,?,00B79A0E,?,?,00B799E2,?), ref: 00B79A70
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B79A82
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,00B8CF12,000000FF,?,00B79A0E,?,?,00B799E2,?), ref: 00B79AA4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: 775241dc5bacacddb09b2f3169399f3ec374041d2ab16589b2f46ff1c4edf13c
                                                                                                                                                                        • Instruction ID: 8847c7de857392ef1562c26cd14697287326f77a133fa023d1340e0085ef07a2
                                                                                                                                                                        • Opcode Fuzzy Hash: 775241dc5bacacddb09b2f3169399f3ec374041d2ab16589b2f46ff1c4edf13c
                                                                                                                                                                        • Instruction Fuzzy Hash: 4B014F3194461AAFDB11AF50CC49BAEBBF9FB04B25F044569F821A32B0DB749900CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B66AB1: GetLastError.KERNEL32(?,?,00000000), ref: 00B66B44
                                                                                                                                                                          • Part of subcall function 00B66AB1: GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,?,?,00000000), ref: 00B66B82
                                                                                                                                                                          • Part of subcall function 00B66AB1: GetSecurityDescriptorOwner.ADVAPI32(00000000,?,?,?,00000000), ref: 00B66BA0
                                                                                                                                                                          • Part of subcall function 00B66AB1: GetSecurityDescriptorGroup.ADVAPI32(00000000,?,?,?,00000000), ref: 00B66BBA
                                                                                                                                                                          • Part of subcall function 00B66AB1: GetSecurityDescriptorDacl.ADVAPI32(00000000,?,?,?,?,00000000), ref: 00B66BD8
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000), ref: 00B66A41
                                                                                                                                                                          • Part of subcall function 00B66CD5: CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000000,00000080,00000000), ref: 00B66D2F
                                                                                                                                                                        • ReleaseMutex.KERNEL32(00000000,?,00B67079), ref: 00B66A7D
                                                                                                                                                                          • Part of subcall function 00B69366: wvsprintfW.USER32(00BA2830,00000000,00000001), ref: 00B693F8
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000), ref: 00B66A6A
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: Could not acquire logging mutex %s, xrefs: 00B66A33
                                                                                                                                                                        • LOG_SYSTEM: [%s]: Could not create logging file %s, xrefs: 00B66A5C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$DebugOutputString$ControlCreateDaclErrorFileGroupLastMutexOwnerReleasewvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: Could not acquire logging mutex %s$LOG_SYSTEM: [%s]: Could not create logging file %s
                                                                                                                                                                        • API String ID: 2958308531-2023621912
                                                                                                                                                                        • Opcode ID: 824857ca6e1eb1a16e7a4cc5bccbf3f87df0fd4f781fcfc5beacfd068dcad1ac
                                                                                                                                                                        • Instruction ID: 1c09760da07cf41671fa35c382169d458c0443e0c2b41dfd313fcf2d7da70f07
                                                                                                                                                                        • Opcode Fuzzy Hash: 824857ca6e1eb1a16e7a4cc5bccbf3f87df0fd4f781fcfc5beacfd068dcad1ac
                                                                                                                                                                        • Instruction Fuzzy Hash: BA01A231500B009FDF316FA4E80975A7FE5EF10304F0489ECE0D2225A2CBBEA989C792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000308,?,00000000,00000000,000004B0), ref: 00B6FCDC
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B6FCFA
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B6FD16
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,00000000,000004B0), ref: 00B6FE1C
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,00000000,000004B0), ref: 00B6FE39
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$MemoryProcessRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 9861249-0
                                                                                                                                                                        • Opcode ID: 37eda7342e3bfa982ac2d310141b89afa882b5d018b864c10c6ef9b81fba1ae6
                                                                                                                                                                        • Instruction ID: a516dc1a0ead89598fbe07af8f2d2452e2913d59f9e3c2a618636e39039f93d5
                                                                                                                                                                        • Opcode Fuzzy Hash: 37eda7342e3bfa982ac2d310141b89afa882b5d018b864c10c6ef9b81fba1ae6
                                                                                                                                                                        • Instruction Fuzzy Hash: F1B13B709017199FDB36CF29D884AAABBF8FF08314F1445EDE499976A1D735AA84CF00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B844C7
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B84588
                                                                                                                                                                        • __freea.LIBCMT ref: 00B845EF
                                                                                                                                                                          • Part of subcall function 00B8217C: HeapAlloc.KERNEL32(00000000,00000000,00B7A3DB,?,00B7FA8D,?,00000000,?,00B796AF,00000000,00B7A3DB,00B985D0,?,00B985CC,?,00B7A1D5), ref: 00B821AE
                                                                                                                                                                        • __freea.LIBCMT ref: 00B84604
                                                                                                                                                                        • __freea.LIBCMT ref: 00B84614
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1096550386-0
                                                                                                                                                                        • Opcode ID: f435945f4dac9af969f891c12b262adc82abb85aa9cff364951fa4a88da5c11c
                                                                                                                                                                        • Instruction ID: 2302e9a12b0db6fba0beeac43b6662ca58aceb9153f1fc96800d83a2b9c4d0ea
                                                                                                                                                                        • Opcode Fuzzy Hash: f435945f4dac9af969f891c12b262adc82abb85aa9cff364951fa4a88da5c11c
                                                                                                                                                                        • Instruction Fuzzy Hash: 65518E72600207AFEB25BF65CC81EBF3AE9EB55350B1901A9BD04E7261EB71CC50C7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?), ref: 00B75A52
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B75A80
                                                                                                                                                                        • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?), ref: 00B75AEC
                                                                                                                                                                        • GetProcessId.KERNEL32(?,?,?), ref: 00B75B96
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?), ref: 00B75BC3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCreateCurrentFileHandleProcessQueryThreadVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1837238986-0
                                                                                                                                                                        • Opcode ID: 02e7e578b39c0af9e9a160754990783cafe05c35ac0474f678e117298a961c21
                                                                                                                                                                        • Instruction ID: f75b4fa6de61681f2b4f7157718ccc465a2a36d2f4d9fa94ce79775abc3974df
                                                                                                                                                                        • Opcode Fuzzy Hash: 02e7e578b39c0af9e9a160754990783cafe05c35ac0474f678e117298a961c21
                                                                                                                                                                        • Instruction Fuzzy Hash: 46513871E006199FDF28CFA8D884AADBBF5FF48310F14856AE919A7390D770A845CF64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,00000000), ref: 00B62DC1
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(00000000,?,?), ref: 00B62DE3
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,?,?), ref: 00B62DFD
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,?,?,?), ref: 00B62E1B
                                                                                                                                                                        • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,?,?), ref: 00B62E3F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1158139820-0
                                                                                                                                                                        • Opcode ID: e46b0549e37803aacb4dcc033a44d11b3376c853cd2f48278a37c732aa76d58e
                                                                                                                                                                        • Instruction ID: 655234b204f9ec2f3d110df35d71bdd603908a7b32b5be2288612afdb7b80ad3
                                                                                                                                                                        • Opcode Fuzzy Hash: e46b0549e37803aacb4dcc033a44d11b3376c853cd2f48278a37c732aa76d58e
                                                                                                                                                                        • Instruction Fuzzy Hash: 4421ED72800508FFEB11AF94DD46EEFB7FDEF04701F108466E526A1061DB75AA58DB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000001,?,00B755F7,?,00000000), ref: 00B758C5
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B758D5
                                                                                                                                                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00B755F7,?,00000000), ref: 00B758FC
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,00B755F7,?,00000000), ref: 00B7590A
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00B755F7,?,00000000), ref: 00B75929
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CurrentEnterLeaveObjectReleaseSemaphoreSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3216651733-0
                                                                                                                                                                        • Opcode ID: 1b0ad6dbca9428be6e0d1b1529d36f6aff0a405aafa1f6195126a8e2380eb74e
                                                                                                                                                                        • Instruction ID: ce3f2ffbc7a5551c1d6c4a4dace55184c0c631465c7f1749aa46a7083f0b1cf4
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b0ad6dbca9428be6e0d1b1529d36f6aff0a405aafa1f6195126a8e2380eb74e
                                                                                                                                                                        • Instruction Fuzzy Hash: 1B01E876504700EFD7609F78D888BD6BBE9FB49220F00492EE5AEC3220CB706444DB22
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • TryEnterCriticalSection.KERNEL32(?), ref: 00B67F81
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00B67F8B
                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00B67F96
                                                                                                                                                                        • TryEnterCriticalSection.KERNEL32(?), ref: 00B67F9D
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00B67FA7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalEnterSectionTick$Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1544504822-0
                                                                                                                                                                        • Opcode ID: e092347d7f2c8c687f2f942c85650f972071eb83d32c290db5950b17d284bf8c
                                                                                                                                                                        • Instruction ID: 3bb21603596cfa0c8dd6fa351ab66eab49b68566b5cdfefc11deeb9ee70be2e0
                                                                                                                                                                        • Opcode Fuzzy Hash: e092347d7f2c8c687f2f942c85650f972071eb83d32c290db5950b17d284bf8c
                                                                                                                                                                        • Instruction Fuzzy Hash: 18E06D31145111FBDB009FA1DD4AA9EBBACEF21709B108080E912C3120EF34EA02CBB5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 00B6CF70
                                                                                                                                                                        Strings
                                                                                                                                                                        • The process has a PE mapped which is not in the modules list.Segment: %x, xrefs: 00B6D19E
                                                                                                                                                                        • @, xrefs: 00B6D124
                                                                                                                                                                        • @, xrefs: 00B6D0B3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                        • String ID: @$@$The process has a PE mapped which is not in the modules list.Segment: %x
                                                                                                                                                                        • API String ID: 31276548-2618598736
                                                                                                                                                                        • Opcode ID: 069acf7f47c5dede404d1a449fe2c4390b78e99242b81f47984e99511c12bfcb
                                                                                                                                                                        • Instruction ID: a2c5d1bcdd64cac92b80cee46627eb406b91a31f0783e4ddc1598d8999a9d109
                                                                                                                                                                        • Opcode Fuzzy Hash: 069acf7f47c5dede404d1a449fe2c4390b78e99242b81f47984e99511c12bfcb
                                                                                                                                                                        • Instruction Fuzzy Hash: 4E919E71A083419FCB10DF54C880A6AFBE9FF85304F4489AEF18697252D779ED89CB42
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B6A332
                                                                                                                                                                          • Part of subcall function 00B6E02C: lstrcmpiW.KERNEL32(00000000,?,00000000,00000000,00000104), ref: 00B6E102
                                                                                                                                                                        • _Deallocate.LIBCONCRT ref: 00B6A421
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeallocateFileModuleNamelstrcmpi
                                                                                                                                                                        • String ID: CrashHandlerLaunchedForMinidump$True
                                                                                                                                                                        • API String ID: 3210227496-415871888
                                                                                                                                                                        • Opcode ID: e9478e128a8dfda430946b5538f3caa7b95c9414d771b3b623b8655a39f34e51
                                                                                                                                                                        • Instruction ID: c7140a5cc6e8b4fe5b4d88f129b9e0b112d33b86ed1c0700aaea219d4215e97d
                                                                                                                                                                        • Opcode Fuzzy Hash: e9478e128a8dfda430946b5538f3caa7b95c9414d771b3b623b8655a39f34e51
                                                                                                                                                                        • Instruction Fuzzy Hash: FC414F76900009ABCF04EFA8D996CEEB7F9EF54310F2442A9E512B7291EF345E45CB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BA1F4C), ref: 00B74CE5
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BA1F4C), ref: 00B74D0B
                                                                                                                                                                          • Part of subcall function 00B74F2A: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,?,?,?,00B74D56,?), ref: 00B74F46
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,00000000,00000003,?,00000020), ref: 00B74DE3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSectionValue$EnterLeaveQuery
                                                                                                                                                                        • String ID: Timings
                                                                                                                                                                        • API String ID: 1680022259-3816324337
                                                                                                                                                                        • Opcode ID: c50e85ffb296ca0d28b1373ce3e676591d1d643273fdc09a0b61b73b01842c96
                                                                                                                                                                        • Instruction ID: a49a7ebbc683b27a9432958a2d0ff73a9130c0f91ea1e28aa02b03c637026449
                                                                                                                                                                        • Opcode Fuzzy Hash: c50e85ffb296ca0d28b1373ce3e676591d1d643273fdc09a0b61b73b01842c96
                                                                                                                                                                        • Instruction Fuzzy Hash: 3C416C31608300AFC760DF18D896A5BB7E5FB88715F00896EF5A997291DB70EE08CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ResetEvent.KERNEL32(?,?,00000000,?,00B6F411,?,list too long), ref: 00B6F25D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EventReset
                                                                                                                                                                        • String ID: ,
                                                                                                                                                                        • API String ID: 2632953641-3772416878
                                                                                                                                                                        • Opcode ID: 8b000a658420af0cf89469fb2e8e229a1ed4cb79b2dae31ea79cbbb00e4f0cd7
                                                                                                                                                                        • Instruction ID: ef7dedbc87bbf71177d89c641f45a07a444a195479384c6f918edda7260378fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 8b000a658420af0cf89469fb2e8e229a1ed4cb79b2dae31ea79cbbb00e4f0cd7
                                                                                                                                                                        • Instruction Fuzzy Hash: 2921B475508702DBE710AB64F886BBA72E8FF01300FA045F7F067D2191CB7CA544AB26
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BA1F4C), ref: 00B74C29
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BA1F4C), ref: 00B74C4B
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000003,?,00000008), ref: 00B74CAB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeaveValue
                                                                                                                                                                        • String ID: Counts
                                                                                                                                                                        • API String ID: 1327302620-3214611213
                                                                                                                                                                        • Opcode ID: e670ffd8120cac579e0bdd2218dfc681316f7fb8792e1105c6404b7c2608621d
                                                                                                                                                                        • Instruction ID: 172d2593018eae3f4323142dcae631bc3dfc9af923404c5189aa9ccb0309186f
                                                                                                                                                                        • Opcode Fuzzy Hash: e670ffd8120cac579e0bdd2218dfc681316f7fb8792e1105c6404b7c2608621d
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E118431A00308EFDF20DF59C885BAEBBF4FF50355F1088A9E51597151DBB1AA49CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BA1F4C), ref: 00B74E7A
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BA1F4C), ref: 00B74E8F
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000003,?,00000004), ref: 00B74ECA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeaveValue
                                                                                                                                                                        • String ID: Booleans
                                                                                                                                                                        • API String ID: 1327302620-2711339455
                                                                                                                                                                        • Opcode ID: 39f71fcaa83cc0d730a7620b6e0f4d563d78d700a87aef4bb649b66219a83725
                                                                                                                                                                        • Instruction ID: 4e6f2753385e506608097bc77986398361bc1e68d31f29e25e39390367048db5
                                                                                                                                                                        • Opcode Fuzzy Hash: 39f71fcaa83cc0d730a7620b6e0f4d563d78d700a87aef4bb649b66219a83725
                                                                                                                                                                        • Instruction Fuzzy Hash: 1101D435200204FFCB149F14DC4AE9A7B64EB453A0F004598F9655B1F0DB71E911CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileInformationByHandle.KERNEL32(?,?), ref: 00B6598F
                                                                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00B65999
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000,?,?), ref: 00B659AD
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: ERROR - [::GetFileInformationByHandle failed][%d], xrefs: 00B659A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugErrorFileHandleInformationLastOutputString
                                                                                                                                                                        • String ID: LOG_SYSTEM: ERROR - [::GetFileInformationByHandle failed][%d]
                                                                                                                                                                        • API String ID: 2968764131-979073235
                                                                                                                                                                        • Opcode ID: b1692a358d5e345b14cc50221073902563bdfeed52321e4bd4b97fcf75317527
                                                                                                                                                                        • Instruction ID: 3af3393e6a7fc580ad9ef89336a6f8cf3125ebf12a2f955a13cd022e01bff01e
                                                                                                                                                                        • Opcode Fuzzy Hash: b1692a358d5e345b14cc50221073902563bdfeed52321e4bd4b97fcf75317527
                                                                                                                                                                        • Instruction Fuzzy Hash: EFF0C231A00608ABD724ABA4EC0AAAE77ECDB05310F400095F901E72A0EB64EA00C7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 00B6AF0E
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(80004004), ref: 00B6AF1E
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00B6AF25
                                                                                                                                                                        Strings
                                                                                                                                                                        • [CrashHandler::Shutdown], xrefs: 00B6AEF8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentMessagePostTerminateThread
                                                                                                                                                                        • String ID: [CrashHandler::Shutdown]
                                                                                                                                                                        • API String ID: 1968212778-2933495623
                                                                                                                                                                        • Opcode ID: b6ebf57848d3e8d53de07a7a429dbaaaefd1ef5e2cb0a71f7e26eb418eb29eab
                                                                                                                                                                        • Instruction ID: cc3b9c723cad388c3cb05a57df3f9904f4af011df2118c2864e1536b78b36f29
                                                                                                                                                                        • Opcode Fuzzy Hash: b6ebf57848d3e8d53de07a7a429dbaaaefd1ef5e2cb0a71f7e26eb418eb29eab
                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF096B1914214AEDB146BB8DC0BFAA7BE8EB05700F104DA9B611F71D1EBB895008B59
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProductInfo), ref: 00B67459
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,map/set too long,00B6B042,00000000,00000000,?,00000000,00000000,?,00000000,?,00B69EDB,00000000,?,00000000), ref: 00B67479
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                        • String ID: GetProductInfo$kernel32.dll
                                                                                                                                                                        • API String ID: 3013587201-182221857
                                                                                                                                                                        • Opcode ID: d0efe83dfee5250d59c0892abb9860a0ba74a8f16464d9504377d8ea7c39be36
                                                                                                                                                                        • Instruction ID: 4d4f59d7f1cc2edde271bc419b0a7b8d2fc0b9022dfa0afa8e6c6555146809a7
                                                                                                                                                                        • Opcode Fuzzy Hash: d0efe83dfee5250d59c0892abb9860a0ba74a8f16464d9504377d8ea7c39be36
                                                                                                                                                                        • Instruction Fuzzy Hash: 7BF0E53238A62023D721163A1C48F2B29CEDBD5BA8F1500B1FA58E3350DD68CC0142B5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • OutputDebugStringA.KERNEL32(Unexpected exception in: omaha::Logging::InternalLogMessageMaskedVA), ref: 00B6652F
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(?), ref: 00B6653E
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00B9A770), ref: 00B66545
                                                                                                                                                                        Strings
                                                                                                                                                                        • Unexpected exception in: omaha::Logging::InternalLogMessageMaskedVA, xrefs: 00B6652A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputString
                                                                                                                                                                        • String ID: Unexpected exception in: omaha::Logging::InternalLogMessageMaskedVA
                                                                                                                                                                        • API String ID: 1166629820-3049550389
                                                                                                                                                                        • Opcode ID: 5dbb1c32c0556f25ea6768c08494891131040988829918e6e42a2b6547a4aef8
                                                                                                                                                                        • Instruction ID: a4e58546d4bd6ee629324644ae9ce7b59007fa296d294207626009352a45fa91
                                                                                                                                                                        • Opcode Fuzzy Hash: 5dbb1c32c0556f25ea6768c08494891131040988829918e6e42a2b6547a4aef8
                                                                                                                                                                        • Instruction Fuzzy Hash: 0CD01273A44219DBCF109FD8EC0799D7BB0FB44770F10456BD922532B09B796811CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetConsoleOutputCP.KERNEL32(5B862952,?,00000000,?), ref: 00B84884
                                                                                                                                                                          • Part of subcall function 00B80ACA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00B845E5,?,00000000,-00000008), ref: 00B80B76
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B84ADF
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00B84B27
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B84BCA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2112829910-0
                                                                                                                                                                        • Opcode ID: 5671b64343c17186bbd9ae5ae118f8f31dcec462590af73b21ccc09edb8f8e25
                                                                                                                                                                        • Instruction ID: 96dbc677158318990e87dab4b8c52db07f25d2a4545360d4190c30591a598a75
                                                                                                                                                                        • Opcode Fuzzy Hash: 5671b64343c17186bbd9ae5ae118f8f31dcec462590af73b21ccc09edb8f8e25
                                                                                                                                                                        • Instruction Fuzzy Hash: 5CD17A75E042599FCB15DFA8D880AADBBF8FF09300F1845AAE865EB361D730E951CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 6db018bbbad23e25b0f8b65ea23c0b721ed87fe51e47b277ad5645effea305ef
                                                                                                                                                                        • Instruction ID: 9b6cf0b2b201a67f2c72e7613873f89f300cbe166d6210e065a6a4f39bbb973f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6db018bbbad23e25b0f8b65ea23c0b721ed87fe51e47b277ad5645effea305ef
                                                                                                                                                                        • Instruction Fuzzy Hash: AC51BF726842029FDB258F18D989B6A77E4EF00710F25C4ADF82D57291EB71EC41C794
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,?,?,00000000,00000000), ref: 00B62C2B
                                                                                                                                                                        • MakeAbsoluteSD.ADVAPI32(00000000,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?), ref: 00B62C71
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B62C77
                                                                                                                                                                        • MakeAbsoluteSD.ADVAPI32(00000000,00000000,?,00000000,?,00000000,?,?,00000000,?,00000000), ref: 00B62D3B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AbsoluteMake$ControlDescriptorErrorLastSecurity
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3769124138-0
                                                                                                                                                                        • Opcode ID: 72b7f5bad7c7f0de9625dce55d96752cf50897bcf2edb1a382774f26f14ab920
                                                                                                                                                                        • Instruction ID: 1c2bbf62c2b4810c4804826cf00ae559a01790985195e2b79bee5525618eedbd
                                                                                                                                                                        • Opcode Fuzzy Hash: 72b7f5bad7c7f0de9625dce55d96752cf50897bcf2edb1a382774f26f14ab920
                                                                                                                                                                        • Instruction Fuzzy Hash: 26512CB1D01519ABEB11DF94D945AEEBBF8FF08740F1480AAE915B2251D7389E40CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(00B62FD9,00000006,00000000,00000000,00000000,00B99DD4,00000000,00000000,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A}), ref: 00B64537
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B6453D
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000006,00000000,00000000,00000000,00000000), ref: 00B64590
                                                                                                                                                                          • Part of subcall function 00B619D7: __alloca_probe_16.LIBCMT ref: 00B619FA
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B64565
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken__alloca_probe_16$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 434645856-0
                                                                                                                                                                        • Opcode ID: 97dff848bf1c8d80ffa8d2e7c18ceb2969785b168281370e13a17b94f877d276
                                                                                                                                                                        • Instruction ID: cd4e6bc287a158737d0127e15663e3d28de1e28f87f6639eccd9c040396be88c
                                                                                                                                                                        • Opcode Fuzzy Hash: 97dff848bf1c8d80ffa8d2e7c18ceb2969785b168281370e13a17b94f877d276
                                                                                                                                                                        • Instruction Fuzzy Hash: CC218E31A00518AFDB10AF68C895EAEBBF8EF55350F5544A9E512AB261CB78ED00CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(00B62FD9,00000004,00000000,00000000,00000000,00B99DD4,00000000,00000000,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A}), ref: 00B64608
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B6460E
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000004,00000000,00000000,00000000,00000000), ref: 00B64661
                                                                                                                                                                          • Part of subcall function 00B619D7: __alloca_probe_16.LIBCMT ref: 00B619FA
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B64636
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken__alloca_probe_16$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 434645856-0
                                                                                                                                                                        • Opcode ID: 66ae676737b55f5ae29e7fd2ee74559c65cefbd83cc313e16f3aa58c3a59e5fe
                                                                                                                                                                        • Instruction ID: 3c5dc64c1bdc2dbc609cedaaac28290b229c55105f22302991e36dc476d694ea
                                                                                                                                                                        • Opcode Fuzzy Hash: 66ae676737b55f5ae29e7fd2ee74559c65cefbd83cc313e16f3aa58c3a59e5fe
                                                                                                                                                                        • Instruction Fuzzy Hash: B621A471900508EFDF14AF54C895DAEBBF8EF06350F5584E9E911A7251DB34DE01CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(00B62FD9,00000005(TokenIntegrityLevel),00000000,00000000,00000000,00B99DD4,00000000,00000000,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A}), ref: 00B646CF
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B646D5
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),00000000,00000000,00000000,00000000), ref: 00B64728
                                                                                                                                                                          • Part of subcall function 00B619D7: __alloca_probe_16.LIBCMT ref: 00B619FA
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B646FD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken__alloca_probe_16$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 434645856-0
                                                                                                                                                                        • Opcode ID: 94a697e2729d1821d8fbed6350d962c8b1b9d68b32c71b81cbe2eb09a8351b20
                                                                                                                                                                        • Instruction ID: 6920e356de5545ba321dec138a065d3a4d357d1b228623703ae3fefdf981f9ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 94a697e2729d1821d8fbed6350d962c8b1b9d68b32c71b81cbe2eb09a8351b20
                                                                                                                                                                        • Instruction Fuzzy Hash: 1C21A475900508EFDF14EF64C88A9BEBBF8EF16350F1544A9E411AB251DB34ED00CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLengthSid.ADVAPI32(00B636D1,00000220,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B629FF
                                                                                                                                                                          • Part of subcall function 00B62C07: GetSecurityDescriptorControl.ADVAPI32(00000000,?,?,00000000,00000000), ref: 00B62C2B
                                                                                                                                                                          • Part of subcall function 00B62C07: MakeAbsoluteSD.ADVAPI32(00000000,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?), ref: 00B62C71
                                                                                                                                                                          • Part of subcall function 00B62C07: GetLastError.KERNEL32 ref: 00B62C77
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(?,?,00B636CD,00B99B0C,00000000,00000000,00000000,?,00B636CD,?,00000220,?,10000000,00000000), ref: 00B629D5
                                                                                                                                                                          • Part of subcall function 00B61C5A: GetLastError.KERNEL32(00B61FA0,?,00B61EFF,?,?,?,00B64804,00000000), ref: 00B61C5A
                                                                                                                                                                        • CopySid.ADVAPI32(00B636CD,00000000,00B636D1,?,00B636CD), ref: 00B62A21
                                                                                                                                                                        • SetSecurityDescriptorOwner.ADVAPI32(?,00000000,00000000,00B636CD), ref: 00B62A32
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ErrorLastOwner$AbsoluteControlCopyLengthMake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3905656193-0
                                                                                                                                                                        • Opcode ID: 7c18fcf1c4aaff7d475b97fd86b2425fd40ed7cedbdbd04fca320456fe5d06a2
                                                                                                                                                                        • Instruction ID: d9f5533603ab34c96aa14d5d6273d4617f263c29a2007b7a1fc8f5f231853221
                                                                                                                                                                        • Opcode Fuzzy Hash: 7c18fcf1c4aaff7d475b97fd86b2425fd40ed7cedbdbd04fca320456fe5d06a2
                                                                                                                                                                        • Instruction Fuzzy Hash: 2511D672600600BBFB24ABA4CD46E6E7BECEF80750F1448A9F515A6191DFB8DD00C760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLengthSid.ADVAPI32(00B636D1,00000220,00B636CD,00000000,?,?,?,80004005,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62ABB
                                                                                                                                                                          • Part of subcall function 00B62C07: GetSecurityDescriptorControl.ADVAPI32(00000000,?,?,00000000,00000000), ref: 00B62C2B
                                                                                                                                                                          • Part of subcall function 00B62C07: MakeAbsoluteSD.ADVAPI32(00000000,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?), ref: 00B62C71
                                                                                                                                                                          • Part of subcall function 00B62C07: GetLastError.KERNEL32 ref: 00B62C77
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(?,00000000,00B636CD,00B636CD,00000000,?,?,?,80004005,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62A91
                                                                                                                                                                          • Part of subcall function 00B61C5A: GetLastError.KERNEL32(00B61FA0,?,00B61EFF,?,?,?,00B64804,00000000), ref: 00B61C5A
                                                                                                                                                                        • CopySid.ADVAPI32(00B636CD,00000000,00B636D1,?,?,?,80004005,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62ADD
                                                                                                                                                                        • SetSecurityDescriptorGroup.ADVAPI32(?,00000000,00000000,?,?,80004005,00B99B0C,00000000,00000000,00000000,?,00B636CD), ref: 00B62AEE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ErrorGroupLast$AbsoluteControlCopyLengthMake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3828051983-0
                                                                                                                                                                        • Opcode ID: 7f73177d85a6cfdfd2600c023e55e7d7dce3ccb9eae700df81e00a4e2073e10b
                                                                                                                                                                        • Instruction ID: ccfdadf5bc9ef9521748989fbf25a9ae1b0b952dad84799052f7788cc5367ddd
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f73177d85a6cfdfd2600c023e55e7d7dce3ccb9eae700df81e00a4e2073e10b
                                                                                                                                                                        • Instruction Fuzzy Hash: 6811B172600A00BBFB25AFA5CC4AE6E77ECEF80350B184499F516A6051EFB8ED00D760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00B6DD87), ref: 00B6DDC1
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00B6DD87), ref: 00B6DDFF
                                                                                                                                                                        • UnregisterWaitEx.KERNEL32(?,000000FF,?,?,?,?,?,00B6DD87), ref: 00B6DE0E
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00B6DD87), ref: 00B6DE3D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CloseEnterHandleLeaveUnregisterWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 776973864-0
                                                                                                                                                                        • Opcode ID: bba2352996f736124f81c05cad4cd172685825176b7955babdf40e1895544ba9
                                                                                                                                                                        • Instruction ID: ab3b77b84db73a0e187116f8c4ccfae4872d7444c41a0776f720b961fab5a055
                                                                                                                                                                        • Opcode Fuzzy Hash: bba2352996f736124f81c05cad4cd172685825176b7955babdf40e1895544ba9
                                                                                                                                                                        • Instruction Fuzzy Hash: B021C071A00200EFCB18DF18D88592AB7F9EF8432032485EDE4199B365DB75EE01CBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00B6F0D2
                                                                                                                                                                          • Part of subcall function 00B6F149: GetCurrentProcess.KERNEL32(?,?,?,?,?,00B6F0E7,?,?), ref: 00B6F153
                                                                                                                                                                          • Part of subcall function 00B6F149: DuplicateHandle.KERNEL32(00000000,?,?,?,00000002,00000000,00000000,?,?,?,?,00B6F0E7,?,?), ref: 00B6F172
                                                                                                                                                                          • Part of subcall function 00B6F149: DuplicateHandle.KERNEL32(00000000,?,?,?,00100002,00000000,00000000,?,?,?,?,00B6F0E7,?,?), ref: 00B6F190
                                                                                                                                                                          • Part of subcall function 00B6F149: DuplicateHandle.KERNEL32(00000000,?,?,?,00100000,00000000,00000000,?,?,?,?,00B6F0E7,?,?), ref: 00B6F1B1
                                                                                                                                                                        • DuplicateHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000001,?,?), ref: 00B6F108
                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,?,?,?,?,?), ref: 00B6F121
                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000001,?,?,?,?,?,?), ref: 00B6F13A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DuplicateHandle$CurrentProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 322452111-0
                                                                                                                                                                        • Opcode ID: f9ca23bc906c04a19ce138ed1c9b0c6754a3017fbb1d1f23d7a2a9eabf765eb7
                                                                                                                                                                        • Instruction ID: 045a9847bea2fd9f9693ab5380401ab2112fd87c3cf0f45a594b6253579a4b3c
                                                                                                                                                                        • Opcode Fuzzy Hash: f9ca23bc906c04a19ce138ed1c9b0c6754a3017fbb1d1f23d7a2a9eabf765eb7
                                                                                                                                                                        • Instruction Fuzzy Hash: D91115B2500216BFEB109F21DC49FB2BBEDFB49360F000266B808E6951D775EC60CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,?,?), ref: 00B673E3
                                                                                                                                                                        • VerSetConditionMask.KERNEL32(00000000,?,?,?,?), ref: 00B673E7
                                                                                                                                                                        • VerSetConditionMask.KERNEL32(00000000,?,?,?,?,?), ref: 00B673EB
                                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00B67411
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2793162063-0
                                                                                                                                                                        • Opcode ID: e5b14721c9ac820e876d3e0b8c1d7a52dada94737d159c167296cf5f2d2d7299
                                                                                                                                                                        • Instruction ID: 633efd2284549590e1dfc8288ad04d66b2fa0a8a8ec1b4b8c5b40db99fa39e2c
                                                                                                                                                                        • Opcode Fuzzy Hash: e5b14721c9ac820e876d3e0b8c1d7a52dada94737d159c167296cf5f2d2d7299
                                                                                                                                                                        • Instruction Fuzzy Hash: E31137709412286AEB24DF65DD06FEF7BBCDF48B10F004099B508E7180DA745B44CBE4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenProcess.KERNEL32(10000000,00000000,?,00000000,?,00B6B834,00000000,?,?,?,?,?,?,00000000,?,00000000), ref: 00B6E6FC
                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00B69F66,?), ref: 00B6E71A
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,00B69F66,?,?), ref: 00B6E73B
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,00B69F66,?,?), ref: 00B6E74D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateEventProcess$OpenTimes
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2811004771-0
                                                                                                                                                                        • Opcode ID: 55fff928ca46989b32046485033fe6bd0c74e24b9aee339c7959cdc09c239eb6
                                                                                                                                                                        • Instruction ID: 4fedc4f1e60875b86f623067a82395ae2444cd2e3658128915adcf1e81103126
                                                                                                                                                                        • Opcode Fuzzy Hash: 55fff928ca46989b32046485033fe6bd0c74e24b9aee339c7959cdc09c239eb6
                                                                                                                                                                        • Instruction Fuzzy Hash: 95011BB5500715AFDB24CFA58C85EABB7ECFB08340B00095DB66692590EA74ED44CB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,00B6F0E7,?,?), ref: 00B6F153
                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,00000002,00000000,00000000,?,?,?,?,00B6F0E7,?,?), ref: 00B6F172
                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,00100002,00000000,00000000,?,?,?,?,00B6F0E7,?,?), ref: 00B6F190
                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,00100000,00000000,00000000,?,?,?,?,00B6F0E7,?,?), ref: 00B6F1B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DuplicateHandle$CurrentProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 322452111-0
                                                                                                                                                                        • Opcode ID: 863abe572161bd8fb2e6c280ced86b4125c85a307008924799c0aa8fdce4d772
                                                                                                                                                                        • Instruction ID: f95ceb2b74b2c8f03d5dbf01e782e18939d20d6236d3d9a925c7de89130bf461
                                                                                                                                                                        • Opcode Fuzzy Hash: 863abe572161bd8fb2e6c280ced86b4125c85a307008924799c0aa8fdce4d772
                                                                                                                                                                        • Instruction Fuzzy Hash: A0014032340204FFDB119F91DC46FA67BE8EB0EB90F104465FA05E61A0D775E801DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B6E763: UnregisterWaitEx.KERNEL32(00000000,000000FF,00000063,00B6EBD8,00000001,?,00B6B08D,?,?,00B6A4E5,00000000,?), ref: 00B6E771
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00B6F451,?), ref: 00B6F475
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00B6F485
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 00B6F49A
                                                                                                                                                                        • UnregisterWait.KERNEL32(00000000), ref: 00B6F4AC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$LeaveUnregisterWait$Enter
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2523206457-0
                                                                                                                                                                        • Opcode ID: 9a86f6e7375e6c0ef54469a6a0f15420c5cd1d57bc964c455e4c13f82e280ea5
                                                                                                                                                                        • Instruction ID: 303f9dee1df671c92d4167b9a0527408eeee9f252333a7cd4a2d5b8b12736bfe
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a86f6e7375e6c0ef54469a6a0f15420c5cd1d57bc964c455e4c13f82e280ea5
                                                                                                                                                                        • Instruction Fuzzy Hash: 8801A231105714AFD725AF10EC4ABAB7BE8EF00350F00846AF456869A1CF78F940CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,deferred-upload,00000000,76232EE0,?,?,00B6A928,?,?,00000000,00000000,?,?,?,?,?), ref: 00B715F4
                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,true,?,00B6A928,?,?,00000000,00000000,?,?,?,?,?,40000000,00000000,?), ref: 00B71606
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                                        • String ID: deferred-upload$true
                                                                                                                                                                        • API String ID: 1586166983-2139981059
                                                                                                                                                                        • Opcode ID: 83fa22c32d29a13b6f2d294b2fdea86913fe7aa21a7ef75258e470413bd52d7a
                                                                                                                                                                        • Instruction ID: 907bb23354bc64e02d4576fa3ed735895f9349c2b6bd210a78374d45c740c45e
                                                                                                                                                                        • Opcode Fuzzy Hash: 83fa22c32d29a13b6f2d294b2fdea86913fe7aa21a7ef75258e470413bd52d7a
                                                                                                                                                                        • Instruction Fuzzy Hash: 28F08231600624AFCF20EFADDC45999B3F8EA0675470448E4E525B7261D770FD04EBA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ResetEvent.KERNEL32(?,?,00B6F28E,00000000,?,00B6F411,?,list too long), ref: 00B6ED41
                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00B6F28E,00000000,?,00B6F411,?,list too long), ref: 00B6ED51
                                                                                                                                                                        • ConnectNamedPipe.KERNEL32(?,?,?,00B6F28E,00000000,?,00B6F411,?,list too long), ref: 00B6ED6D
                                                                                                                                                                        • GetLastError.KERNEL32(?,00B6F28E,00000000,?,00B6F411,?,list too long), ref: 00B6ED77
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$ConnectErrorLastNamedPipeReset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1444130582-0
                                                                                                                                                                        • Opcode ID: e9b2005a5301cef9be67f6f814793daf5ee09b4a895be70de15efb4f47182351
                                                                                                                                                                        • Instruction ID: f2fe0ca5dffc1e6306c8192c666fafa3db001dd7316843d482fbe52214eaf03f
                                                                                                                                                                        • Opcode Fuzzy Hash: e9b2005a5301cef9be67f6f814793daf5ee09b4a895be70de15efb4f47182351
                                                                                                                                                                        • Instruction Fuzzy Hash: B0F0FE71100611DBEB311F24FC49BD97BE9EB50304F048479F166C60B4DBB8AD819BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00B87A9E,?,00000001,?,?,?,00B84C1E,?,?,00000000), ref: 00B8887D
                                                                                                                                                                        • GetLastError.KERNEL32(?,00B87A9E,?,00000001,?,?,?,00B84C1E,?,?,00000000,?,?,?,00B851A5,?), ref: 00B88889
                                                                                                                                                                          • Part of subcall function 00B8884F: CloseHandle.KERNEL32(FFFFFFFE,00B88899,?,00B87A9E,?,00000001,?,?,?,00B84C1E,?,?,00000000,?,?), ref: 00B8885F
                                                                                                                                                                        • ___initconout.LIBCMT ref: 00B88899
                                                                                                                                                                          • Part of subcall function 00B88811: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B88840,00B87A8B,?,?,00B84C1E,?,?,00000000,?), ref: 00B88824
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00B87A9E,?,00000001,?,?,?,00B84C1E,?,?,00000000,?), ref: 00B888AE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                        • Opcode ID: 102a65084bb1de13c2ec651a45c580abf1cc7b9d28481f08ee9240138b87f51a
                                                                                                                                                                        • Instruction ID: ea91072980f144f95cabeb126963d150de705f3f65102dcef1ba6aecca353560
                                                                                                                                                                        • Opcode Fuzzy Hash: 102a65084bb1de13c2ec651a45c580abf1cc7b9d28481f08ee9240138b87f51a
                                                                                                                                                                        • Instruction Fuzzy Hash: D8F0C036501124BFCF227F95DC099997FA6FF497A1F858554FE1896130CE32D820EB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTraceLoggerHandle.ADVAPI32(?), ref: 00B69C0B
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00B69C1F
                                                                                                                                                                        • GetTraceEnableFlags.ADVAPI32(00000000), ref: 00B69C29
                                                                                                                                                                        • GetTraceEnableLevel.ADVAPI32(?,?), ref: 00B69C38
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Trace$Enable$ErrorFlagsHandleLastLevelLogger
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 101358600-0
                                                                                                                                                                        • Opcode ID: 39768a636c0d10aed2a3e97fdf00fefb7842a7e1bdd60e77d454d6c82d4b7822
                                                                                                                                                                        • Instruction ID: 44d9b98378275f217260f9bdf13eae8f17ba9d5cf66d4aaed94d98e1be979cce
                                                                                                                                                                        • Opcode Fuzzy Hash: 39768a636c0d10aed2a3e97fdf00fefb7842a7e1bdd60e77d454d6c82d4b7822
                                                                                                                                                                        • Instruction Fuzzy Hash: 0DF0F8755007019FD7245F69D848916BFF9FF587513008E69E89A82630EB75E800DB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,00B762BD,00000064), ref: 00B76343
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BA0D84,00000000,?,00B762BD,00000064,?,00B613CF,00BA1B98,?,?,00B6169A,?,00B64B93), ref: 00B7634D
                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(00000000,00000000,?,00B762BD,00000064,?,00B613CF,00BA1B98,?,?,00B6169A,?,00B64B93), ref: 00B7635E
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BA0D84,?,00B762BD,00000064,?,00B613CF,00BA1B98,?,?,00B6169A,?,00B64B93,?,?,?,?), ref: 00B76365
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3269011525-0
                                                                                                                                                                        • Opcode ID: 0095bbabfdf142da02ade4d63e61f0c1d462490e83002f338ec0f48153ab4a19
                                                                                                                                                                        • Instruction ID: 1d4aac24b3ca04389f75f94c4282ad1232be2e0c5fb1c825b54a62c655ff0ffb
                                                                                                                                                                        • Opcode Fuzzy Hash: 0095bbabfdf142da02ade4d63e61f0c1d462490e83002f338ec0f48153ab4a19
                                                                                                                                                                        • Instruction Fuzzy Hash: 57E09233658524BBC6022B94EC0A99D3F68EB0AB51F004171FD5A53130CFA1A810CBD5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00B788F6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                        • Opcode ID: 21af42f4a55ccf646e131cf07253cd3d5be54e81e48d74d40c4ce98e92042922
                                                                                                                                                                        • Instruction ID: 3ecda689b2930aec532bc8fd44aed331a546bf09e441a1c78d36205255b0650a
                                                                                                                                                                        • Opcode Fuzzy Hash: 21af42f4a55ccf646e131cf07253cd3d5be54e81e48d74d40c4ce98e92042922
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A418932940209AFCF15DF98CD85AEEBBF5FF48304F188199FA2867221DB359950CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,00000400,?,00000000,00000044,?), ref: 00B65900
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateProcess
                                                                                                                                                                        • String ID: D$[Started process][%u]
                                                                                                                                                                        • API String ID: 963392458-3883989185
                                                                                                                                                                        • Opcode ID: ec9f511687889b02698e6897f63e46dbd760d7804cb2ac98df894b67feccf6b7
                                                                                                                                                                        • Instruction ID: c547dde2984ac018aad302784deb16bbb84a12efb51a863b7e3be5be4bb43f94
                                                                                                                                                                        • Opcode Fuzzy Hash: ec9f511687889b02698e6897f63e46dbd760d7804cb2ac98df894b67feccf6b7
                                                                                                                                                                        • Instruction Fuzzy Hash: 091186F5A00209BEDF509FA5DC85EAF7BFCEB41358F004479F619E6141D63899148BA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • EnumWindows.USER32(00B70D20,?), ref: 00B70C82
                                                                                                                                                                          • Part of subcall function 00B64E5C: GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,BraveSoftware\Update,00000000,00000000,00000000,00000068,00000000,00000068,00BA1F68), ref: 00B64E80
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AttributesEnumFileWindows
                                                                                                                                                                        • String ID: %s\%s-full.dmp$%s\%s.dmp
                                                                                                                                                                        • API String ID: 480946610-1721437685
                                                                                                                                                                        • Opcode ID: 93a1a04a1d36d739d981435a3727873ca7e2097f81a1b736f42f2835cdea1a09
                                                                                                                                                                        • Instruction ID: f0346620fac3ba88c11c950e603cc767e766838e3d31b00663b20a275f06bd80
                                                                                                                                                                        • Opcode Fuzzy Hash: 93a1a04a1d36d739d981435a3727873ca7e2097f81a1b736f42f2835cdea1a09
                                                                                                                                                                        • Instruction Fuzzy Hash: 6C11B17104830ABECB14EF64DC52EAAB7DCEF51314F14C99DF8A847291DA36EA08CB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,00000000,?,?,?,00B65F63,00000000,?,?,00B66029,00000000,?), ref: 00B65EE6
                                                                                                                                                                        • PathAppendW.SHLWAPI(00000000,BraveSoftware\Update\Log,?,?,?,00B65F63,00000000,?,?,00B66029,00000000,?,?,00000000), ref: 00B65F1D
                                                                                                                                                                        Strings
                                                                                                                                                                        • BraveSoftware\Update\Log, xrefs: 00B65F17
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: BraveSoftware\Update\Log
                                                                                                                                                                        • API String ID: 29327785-1094821290
                                                                                                                                                                        • Opcode ID: 410dddc67a281f34cc456d1c54557ef17cd14049ec065dc3e9f11bf2d20b4986
                                                                                                                                                                        • Instruction ID: 95399e07167863e578609eeec0b95e4c53a9a53da15ad529d554bec6e10a6904
                                                                                                                                                                        • Opcode Fuzzy Hash: 410dddc67a281f34cc456d1c54557ef17cd14049ec065dc3e9f11bf2d20b4986
                                                                                                                                                                        • Instruction Fuzzy Hash: D0115B71600008ABCF14EFA8DD569AEB7A8EF11314B24069CB552A72D2DE34AF00CB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteFile.KERNEL32(?,00B6A05B,FC4D8B1C,?,00000000,?,?,00B6A05B,?,?,?,00000000,?,00000000), ref: 00B73390
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite
                                                                                                                                                                        • String ID: %s=%s$[%s]
                                                                                                                                                                        • API String ID: 3934441357-2213662286
                                                                                                                                                                        • Opcode ID: 1a336c025b44daebfdd81a57578cb6b97f8c0f6399e40ea9700fc0617ea4179c
                                                                                                                                                                        • Instruction ID: e753dde71af0bfd1a7bc9985c0b6e47f04dd2b69ce7d9b284571a7c420092937
                                                                                                                                                                        • Opcode Fuzzy Hash: 1a336c025b44daebfdd81a57578cb6b97f8c0f6399e40ea9700fc0617ea4179c
                                                                                                                                                                        • Instruction Fuzzy Hash: 6A119E71A00104ABDB24DF69DC85CAEB7F8EF5431471448A9F505D7221EA30EE048BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventW.KERNEL32(?,00000001,00000000,?,?,00000000,?,?,?,00B6A27C,?,00000000,?), ref: 00B6DE8E
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00B6A27C,?,00000000,?), ref: 00B6DEA2
                                                                                                                                                                        Strings
                                                                                                                                                                        • {4613C8D6-D26E-4F10-B494-72CFF6F0BF0B}, xrefs: 00B6DE78
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCreateEventHandle
                                                                                                                                                                        • String ID: {4613C8D6-D26E-4F10-B494-72CFF6F0BF0B}
                                                                                                                                                                        • API String ID: 3369476804-1239525503
                                                                                                                                                                        • Opcode ID: d442d7cb4ccd1840a999d2ede88ce170831d95eda0af8a6256c073983aa226ac
                                                                                                                                                                        • Instruction ID: 6bd51b9e33d75e84815d4b8373f88a0758999c978148fa380e6f0c319c6e76a7
                                                                                                                                                                        • Opcode Fuzzy Hash: d442d7cb4ccd1840a999d2ede88ce170831d95eda0af8a6256c073983aa226ac
                                                                                                                                                                        • Instruction Fuzzy Hash: 8D112C71E003169BCF249B68C851DAFB7E89F54700B04896DF863D7250E665E901C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B65885: GetSystemTimeAsFileTime.KERNEL32(?,00000001,00000001,?,00B65E92,00000000,?,?,00000000,00B71FC3,?,00000001,00000000), ref: 00B658A5
                                                                                                                                                                        • __aulldiv.LIBCMT ref: 00B73B7E
                                                                                                                                                                          • Part of subcall function 00B685BB: RegSetValueExW.ADVAPI32(00B6802D,?,00000000,00000004,000F003F,00000004,?,00B73B95,uid-create-time,-49EF6F00,00000000,?,00989680,00000000,?,?), ref: 00B685CE
                                                                                                                                                                          • Part of subcall function 00B683C6: SHQueryValueExW.SHLWAPI(00B6802D,00000000,00000000,00000000,?,00000000,00B99D8C,00B99D8C,?,00B682CF,IsEnrolledToDomain,00000000,00000000,00000000,?,HKLM\Software\BraveSoftware\UpdateDev\), ref: 00B683E9
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: TimeValue$FileQuerySystem__aulldiv
                                                                                                                                                                        • String ID: uid-create-time$uid-num-rotations
                                                                                                                                                                        • API String ID: 2700563484-461279828
                                                                                                                                                                        • Opcode ID: 511731ba8458c8905096c3c362d602e948ec17ff6ea6c55c67dafd9d87206930
                                                                                                                                                                        • Instruction ID: 905e8806ff4a44615d27bbb5abdccf84c9b44d656be1c96093dc3f856f81b139
                                                                                                                                                                        • Opcode Fuzzy Hash: 511731ba8458c8905096c3c362d602e948ec17ff6ea6c55c67dafd9d87206930
                                                                                                                                                                        • Instruction Fuzzy Hash: 3FF037A2B102147BDB14B6558C06EBF75ECCBD1F24F10019AB501E7291E9B49E0086B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(CrashHandlerLaunchedForMinidump,00000000,00000000,00000000,?,00000000,00B69E7E), ref: 00B63CC9
                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(CrashHandlerLaunchedForMinidump,00000000,00000000,00000000,?,00000000,00B69E7E), ref: 00B63CE0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                                                                        • String ID: CrashHandlerLaunchedForMinidump
                                                                                                                                                                        • API String ID: 1431749950-1125981027
                                                                                                                                                                        • Opcode ID: 4b68f7e3be9056d7644839771b454a9ea3e092008e58e1411e28c8b02ede1ccf
                                                                                                                                                                        • Instruction ID: 2d517522da37fda6f35d1b6d5b4e8d81ba878121ae872bf079824a53ee5973f8
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b68f7e3be9056d7644839771b454a9ea3e092008e58e1411e28c8b02ede1ccf
                                                                                                                                                                        • Instruction Fuzzy Hash: F8E0487530061127D511366D1C5AF2B95DD8FD2F61F28055AB915F61A18D69CD014264
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,00B66524), ref: 00B6932D
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(**SehSendMinidump**,?,?,00B66524), ref: 00B6933C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                        • String ID: **SehSendMinidump**
                                                                                                                                                                        • API String ID: 4086329628-2587082360
                                                                                                                                                                        • Opcode ID: f9b083a97749accbaa1d8eb014a9c343014f0df12e6665a1deee77f5d14c97a3
                                                                                                                                                                        • Instruction ID: 19064ad53818f05b7188b2a9c378a47693631fd05ebbaa380c56c7088aad1f7c
                                                                                                                                                                        • Opcode Fuzzy Hash: f9b083a97749accbaa1d8eb014a9c343014f0df12e6665a1deee77f5d14c97a3
                                                                                                                                                                        • Instruction Fuzzy Hash: B8E0D8353440105BDB545B65AC89B6636ECFF82742B2544B8E412C32A0DA749C0083A9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000001F4,?,00B6708A), ref: 00B671FF
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000), ref: 00B67224
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: Could not acquire logging mutex %s, xrefs: 00B67216
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugObjectOutputSingleStringWait
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: Could not acquire logging mutex %s
                                                                                                                                                                        • API String ID: 3023325665-3861772780
                                                                                                                                                                        • Opcode ID: b2746e49f4e2e7a7cfcbc211c76cca780f13f29bd32e6e94e7e8276aeef94283
                                                                                                                                                                        • Instruction ID: 71261f1c68205cccefacfb943f7275fe09f7047ac83aa5438bd85dc1e9144696
                                                                                                                                                                        • Opcode Fuzzy Hash: b2746e49f4e2e7a7cfcbc211c76cca780f13f29bd32e6e94e7e8276aeef94283
                                                                                                                                                                        • Instruction Fuzzy Hash: A8E0D8315983109BCF702B78AC097837BE6BB02314F0089BAF055951A0CFB8D846D7D2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B612B5: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00B76092,?,?,?,00B61242), ref: 00B612BA
                                                                                                                                                                          • Part of subcall function 00B612B5: GetLastError.KERNEL32(?,00B76092,?,?,?,00B61242), ref: 00B612C4
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00B61242), ref: 00B76096
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00B61242), ref: 00B760A5
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00B760A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2196670729.0000000000B61000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2196619899.0000000000B60000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196772107.0000000000B8E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196808479.0000000000BA0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2196847651.0000000000BA3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_b60000_BraveCrashHandler.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 450123788-631824599
                                                                                                                                                                        • Opcode ID: 5bd7dd1ad1d86e6e3ea0cd14a61cd2ebeb6e3bc421971f86de4eb40ec343c159
                                                                                                                                                                        • Instruction ID: 54815b9dba217366b6c2b5539f38e9735367f6c5fd038d4be5f52eeec39419e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bd7dd1ad1d86e6e3ea0cd14a61cd2ebeb6e3bc421971f86de4eb40ec343c159
                                                                                                                                                                        • Instruction Fuzzy Hash: 5EE06D70200B108FC360AF28E9453067BE4AF01304F04CDACE46EC7761EBB8D444CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 182 7ff6af3df31c-7ff6af3df411 183 7ff6af3df4ea-7ff6af3df4ee 182->183 184 7ff6af3df417-7ff6af3df480 call 7ff6af3f8b90 call 7ff6af3cf878 call 7ff6af3e17b0 182->184 186 7ff6af3df4f4-7ff6af3df534 InitializeCriticalSection CreateSemaphoreW * 2 183->186 187 7ff6af3df63c-7ff6af3df65e 183->187 221 7ff6af3df482-7ff6af3df485 184->221 222 7ff6af3df48b-7ff6af3df492 184->222 189 7ff6af3df56c-7ff6af3df583 LoadLibraryW 186->189 190 7ff6af3df536-7ff6af3df53d 186->190 191 7ff6af3df664-7ff6af3df69c call 7ff6af3f8b90 187->191 192 7ff6af3df771-7ff6af3df77f call 7ff6af3f8e24 187->192 196 7ff6af3df585-7ff6af3df595 GetProcAddressForCaller 189->196 197 7ff6af3df59c-7ff6af3df5b3 LoadLibraryW 189->197 190->189 195 7ff6af3df53f-7ff6af3df565 CreateThread 190->195 204 7ff6af3df69e-7ff6af3df6a1 InitializeCriticalSection 191->204 205 7ff6af3df6a7-7ff6af3df6ba EnterCriticalSection 191->205 195->189 196->197 201 7ff6af3df5b5-7ff6af3df5c5 GetProcAddress 197->201 202 7ff6af3df5cc-7ff6af3df5d3 197->202 201->202 207 7ff6af3df623-7ff6af3df628 202->207 208 7ff6af3df5d5-7ff6af3df5de 202->208 204->205 209 7ff6af3df6bc-7ff6af3df6d2 call 7ff6af3f8b90 205->209 210 7ff6af3df6d6-7ff6af3df6e3 205->210 212 7ff6af3df62a 207->212 213 7ff6af3df62d-7ff6af3df637 call 7ff6af3e0348 207->213 214 7ff6af3df5e3-7ff6af3df5e7 208->214 215 7ff6af3df5e0 208->215 209->210 219 7ff6af3df6e5-7ff6af3df6ed 210->219 220 7ff6af3df6ef-7ff6af3df6f7 call 7ff6af3d1e24 210->220 212->213 213->187 216 7ff6af3df5e9-7ff6af3df5f1 214->216 217 7ff6af3df618-7ff6af3df61e call 7ff6af3cf99c 214->217 215->214 224 7ff6af3df5f3 216->224 225 7ff6af3df5f6-7ff6af3df616 call 7ff6af3e1970 216->225 217->207 228 7ff6af3df6fc-7ff6af3df742 SetUnhandledExceptionFilter call 7ff6af3e6dbc call 7ff6af3e2924 LeaveCriticalSection 219->228 220->228 221->222 230 7ff6af3df494-7ff6af3df497 call 7ff6af3e04bc 222->230 231 7ff6af3df4c0-7ff6af3df4ca 222->231 224->225 225->207 249 7ff6af3df744-7ff6af3df754 call 7ff6af3e0478 call 7ff6af3e0df8 228->249 250 7ff6af3df759-7ff6af3df770 228->250 239 7ff6af3df49c-7ff6af3df4a2 230->239 231->183 235 7ff6af3df4cc-7ff6af3df4cf 231->235 236 7ff6af3df4d1-7ff6af3df4e1 call 7ff6af3e0478 call 7ff6af3e0df8 235->236 237 7ff6af3df4e6 235->237 236->237 237->183 239->183 242 7ff6af3df4a4-7ff6af3df4be call 7ff6af3e0590 CloseHandle 239->242 242->183 242->231 249->250
                                                                                                                                                                        APIs
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF4B5
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF4FB
                                                                                                                                                                        • CreateSemaphoreW.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF50C
                                                                                                                                                                        • CreateSemaphoreW.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF524
                                                                                                                                                                        • CreateThread.KERNELBASE ref: 00007FF6AF3DF55F
                                                                                                                                                                        • LoadLibraryW.KERNELBASE(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF573
                                                                                                                                                                        • GetProcAddressForCaller.KERNELBASE(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF58F
                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF5A3
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF5BF
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF6A1
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF6AA
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF703
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF739
                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00007FF6AF3DF778
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Create$AddressInitializeLibraryLoadProcSemaphore$CallerCloseEnterExceptionFilterHandleLeaveThreadUnhandledXinvalid_argumentstd::_
                                                                                                                                                                        • String ID: MiniDumpWriteDump$UuidCreate$dbghelp.dll$list too long$rpcrt4.dll
                                                                                                                                                                        • API String ID: 4249234664-919091749
                                                                                                                                                                        • Opcode ID: 5a4f96beaaf8c9ed99c979b96020c468ff006024070f89450cb9ddc4342c9ac2
                                                                                                                                                                        • Instruction ID: 9595e67b47fc4e0913a9dc24c1b1d6c567955cdb1c606440420f73d529edb06d
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a4f96beaaf8c9ed99c979b96020c468ff006024070f89450cb9ddc4342c9ac2
                                                                                                                                                                        • Instruction Fuzzy Hash: E6C18D32A0AF8282E764DB20E848AAD73E8FB44B84F544535CE9D8B761DF3CE455C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 254 7ff6af3df780-7ff6af3df7a1 255 7ff6af3df7a3 FreeLibrary 254->255 256 7ff6af3df7a9-7ff6af3df7b3 254->256 255->256 257 7ff6af3df7b5 FreeLibrary 256->257 258 7ff6af3df7bb-7ff6af3df7c2 256->258 257->258 259 7ff6af3df905-7ff6af3df90a 258->259 260 7ff6af3df7c8-7ff6af3df7dd EnterCriticalSection 258->260 263 7ff6af3df975-7ff6af3df983 259->263 264 7ff6af3df90c-7ff6af3df96f ReleaseSemaphore WaitForSingleObject FindCloseChangeNotification DeleteCriticalSection CloseHandle * 2 259->264 261 7ff6af3df7f2-7ff6af3df7f4 260->261 262 7ff6af3df7df-7ff6af3df7ec SetUnhandledExceptionFilter 260->262 265 7ff6af3df7f6-7ff6af3df802 call 7ff6af3e6dbc 261->265 266 7ff6af3df808-7ff6af3df80a 261->266 262->261 267 7ff6af3df992-7ff6af3df9ac 263->267 268 7ff6af3df985-7ff6af3df98c DeleteCriticalSection 263->268 264->263 265->266 270 7ff6af3df80c-7ff6af3df813 call 7ff6af3e2924 266->270 271 7ff6af3df818-7ff6af3df82a 266->271 272 7ff6af3df9ae-7ff6af3df9bf call 7ff6af3e0df8 267->272 273 7ff6af3df9c1-7ff6af3df9f2 call 7ff6af3e0df8 call 7ff6af3cf814 * 3 267->273 268->267 270->271 274 7ff6af3df832-7ff6af3df859 call 7ff6af3f0708 call 7ff6af3df2cc 271->274 275 7ff6af3df82c-7ff6af3df830 271->275 272->273 313 7ff6af3df9f4-7ff6af3dfa04 call 7ff6af3e0478 call 7ff6af3e0df8 273->313 314 7ff6af3dfa09-7ff6af3dfa1d 273->314 281 7ff6af3df892-7ff6af3df899 274->281 300 7ff6af3df85b 274->300 275->281 286 7ff6af3df89b-7ff6af3df89e 281->286 287 7ff6af3df8f8-7ff6af3df8ff LeaveCriticalSection 281->287 290 7ff6af3df8e3-7ff6af3df8f0 call 7ff6af3e0df8 286->290 291 7ff6af3df8a0-7ff6af3df8b2 286->291 287->259 290->287 292 7ff6af3df8b4-7ff6af3df8c7 291->292 293 7ff6af3df8d0-7ff6af3df8de call 7ff6af3e0df8 291->293 297 7ff6af3dfa1e-7ff6af3dfa2a call 7ff6af3e6d44 292->297 298 7ff6af3df8cd 292->298 293->290 311 7ff6af3dfa2d-7ff6af3dfa3f WaitForSingleObject 297->311 298->293 305 7ff6af3df85f-7ff6af3df862 300->305 308 7ff6af3df884-7ff6af3df888 305->308 309 7ff6af3df864-7ff6af3df882 call 7ff6af3e1970 305->309 315 7ff6af3df88c-7ff6af3df890 308->315 309->315 311->311 316 7ff6af3dfa41-7ff6af3dfa49 311->316 313->314 315->281 315->305 319 7ff6af3dfa83-7ff6af3dfa8a 316->319 320 7ff6af3dfa4b-7ff6af3dfa81 call 7ff6af3e0018 ReleaseSemaphore 316->320 320->311
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Close$DeleteFreeHandleLibraryObjectReleaseSemaphoreSingleWait$ChangeEnterExceptionFilterFindLeaveNotificationUnhandled_invalid_parameter_noinfo_noreturnfwprintf
                                                                                                                                                                        • String ID: warning: removing Breakpad handler out of order
                                                                                                                                                                        • API String ID: 4290541629-3173292377
                                                                                                                                                                        • Opcode ID: b7700197a998ce795e83c83177e1d0f2e2368076fa1912ed8837319c0422c5c6
                                                                                                                                                                        • Instruction ID: e075b63e1ac5da1fe4388cb280a334de4771dce04cd5ce54789c58d103d349c6
                                                                                                                                                                        • Opcode Fuzzy Hash: b7700197a998ce795e83c83177e1d0f2e2368076fa1912ed8837319c0422c5c6
                                                                                                                                                                        • Instruction Fuzzy Hash: 23918632B0AE8292EB58DB21D4943BD63A0FF45B94F444631CB6E8F695CF2CE455C392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: PrivateProfile$CloseOpenQueryValue
                                                                                                                                                                        • String ID: AppendToFile$EnableLogging$IsEnabledLogToFile$LogToOutputDebug$LoggingLevel$LoggingSettings$ShowTime$Software\BraveSoftware\UpdateDev\
                                                                                                                                                                        • API String ID: 2210674228-3529394150
                                                                                                                                                                        • Opcode ID: d33c1e195708cfeb006daa527f8f7900fe85207a86be5c551300dc1f025d0380
                                                                                                                                                                        • Instruction ID: 0f9d7706a1051ebe602998e421174bcf0c754fb9fbd4403ea953b5e80ebc0b31
                                                                                                                                                                        • Opcode Fuzzy Hash: d33c1e195708cfeb006daa527f8f7900fe85207a86be5c551300dc1f025d0380
                                                                                                                                                                        • Instruction Fuzzy Hash: 1161B432A0AA929AEB558F39C4447A83760FB04BA8F044131DF2D8B796DF7CE599C351
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3F8B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6AF3F8BC0
                                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6AF3DA88C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID: BraveSoftware\Update$Device Management$Group Policy
                                                                                                                                                                        • API String ID: 73155330-3064359773
                                                                                                                                                                        • Opcode ID: deaf97567b721cc4362282d18acc981fd478495d1b073901c7da64f8d1b4d57b
                                                                                                                                                                        • Instruction ID: 1202ef6483341b91ba54a47c98b85e22822d6041a22a846fcb6149a1cda6a6d6
                                                                                                                                                                        • Opcode Fuzzy Hash: deaf97567b721cc4362282d18acc981fd478495d1b073901c7da64f8d1b4d57b
                                                                                                                                                                        • Instruction Fuzzy Hash: E5828A72A06F8582EF14CF25D5402AD73A4FB44BA8B548A35CB6D8B795DF3CE4A1C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 7ff6af3dac70-7ff6af3daccb call 7ff6af3d8e6c 3 7ff6af3dace0-7ff6af3dad19 call 7ff6af3caddc 0->3 4 7ff6af3daccd-7ff6af3dacd8 call 7ff6af3c9fe8 0->4 9 7ff6af3dad25 call 7ff6af3c532c 3->9 10 7ff6af3dad1b-7ff6af3dad23 3->10 4->3 13 7ff6af3dad2a-7ff6af3dad2d 9->13 11 7ff6af3dad30-7ff6af3dad38 10->11 14 7ff6af3dad9e 11->14 15 7ff6af3dad3a-7ff6af3dad3d 11->15 13->11 16 7ff6af3dada2-7ff6af3dadac call 7ff6af3cb4c4 14->16 17 7ff6af3dad3f-7ff6af3dad47 call 7ff6af3c532c 15->17 18 7ff6af3dad5b-7ff6af3dad70 15->18 22 7ff6af3dadb1-7ff6af3dadb3 16->22 17->14 27 7ff6af3dad49-7ff6af3dad50 call 7ff6af3c5390 17->27 18->16 19 7ff6af3dad72-7ff6af3dad97 call 7ff6af3c830c call 7ff6af3c4194 18->19 38 7ff6af3dad9c 19->38 25 7ff6af3dadb5-7ff6af3dadce 22->25 26 7ff6af3dae06-7ff6af3dae34 call 7ff6af3cad4c 22->26 29 7ff6af3dadd4-7ff6af3dae01 call 7ff6af3c830c call 7ff6af3c4194 25->29 30 7ff6af3db060-7ff6af3db0a6 call 7ff6af3d9994 call 7ff6af3d8fe0 call 7ff6af3e0920 25->30 42 7ff6af3dae45-7ff6af3dae6c call 7ff6af3caddc 26->42 43 7ff6af3dae36-7ff6af3dae3a 26->43 27->14 40 7ff6af3dad52 call 7ff6af3c5434 27->40 29->30 38->16 51 7ff6af3dad57-7ff6af3dad59 40->51 55 7ff6af3dae6e-7ff6af3dae76 42->55 56 7ff6af3dae79-7ff6af3daf88 call 7ff6af3db910 call 7ff6af3d9234 call 7ff6af3db910 * 5 call 7ff6af3d9234 * 3 call 7ff6af3caddc * 2 call 7ff6af3cbd14 42->56 47 7ff6af3dae3d-7ff6af3dae40 43->47 48 7ff6af3dae3c 43->48 53 7ff6af3db037-7ff6af3db04b 47->53 48->47 51->14 51->18 53->30 57 7ff6af3db04d-7ff6af3db058 RegCloseKey 53->57 55->56 86 7ff6af3db034 56->86 87 7ff6af3daf8e 56->87 57->30 86->53 88 7ff6af3daf91-7ff6af3daf99 call 7ff6af3c14b8 87->88 91 7ff6af3db40f-7ff6af3db41b call 7ff6af3c1834 88->91 92 7ff6af3daf9f-7ff6af3dafcf call 7ff6af3cbd60 88->92 98 7ff6af3dafd1-7ff6af3dafda 92->98 99 7ff6af3dafdc-7ff6af3dafe8 92->99 100 7ff6af3db010-7ff6af3db01b 98->100 101 7ff6af3dafea-7ff6af3daff0 99->101 102 7ff6af3db00c 99->102 104 7ff6af3db01d-7ff6af3db020 100->104 105 7ff6af3db026-7ff6af3db02e 100->105 103 7ff6af3db004-7ff6af3db007 101->103 102->100 106 7ff6af3daff2-7ff6af3daff6 103->106 107 7ff6af3db009 103->107 104->105 105->86 105->88 108 7ff6af3daffc-7ff6af3db000 106->108 109 7ff6af3db0a7-7ff6af3db0aa 106->109 107->102 108->103 109->107 110 7ff6af3db0b0-7ff6af3db0b9 109->110 110->107 111 7ff6af3db0bf-7ff6af3db0e5 call 7ff6af3c5bb4 110->111 114 7ff6af3db0eb-7ff6af3db0fd IIDFromString 111->114 115 7ff6af3db3fa-7ff6af3db40d 111->115 114->115 116 7ff6af3db103-7ff6af3db11e call 7ff6af3f8e80 114->116 117 7ff6af3db3e4-7ff6af3db3e6 115->117 116->115 121 7ff6af3db124-7ff6af3db13d call 7ff6af3c56f0 116->121 117->98 119 7ff6af3db3ec-7ff6af3db3f5 117->119 119->98 125 7ff6af3db143-7ff6af3db146 121->125 126 7ff6af3db2a4-7ff6af3db2ac call 7ff6af3c14b8 121->126 128 7ff6af3db19b-7ff6af3db1b7 call 7ff6af3cb0b8 125->128 129 7ff6af3db148-7ff6af3db15d 125->129 126->91 135 7ff6af3db2b2-7ff6af3db2dd call 7ff6af3cb1d0 126->135 132 7ff6af3db3ae 128->132 140 7ff6af3db1bd-7ff6af3db1d4 lstrcmpiW 128->140 131 7ff6af3db163-7ff6af3db196 call 7ff6af3c830c call 7ff6af3c4194 129->131 129->132 131->132 137 7ff6af3db3b3-7ff6af3db3c8 132->137 158 7ff6af3db2e3-7ff6af3db2f7 lstrcmpiW 135->158 159 7ff6af3db38e-7ff6af3db3a3 135->159 138 7ff6af3db3d3-7ff6af3db3e2 137->138 139 7ff6af3db3ca-7ff6af3db3cd 137->139 138->117 139->138 142 7ff6af3db1f1-7ff6af3db203 lstrcmpiW 140->142 143 7ff6af3db1d6-7ff6af3db1ec call 7ff6af3db6c8 140->143 147 7ff6af3db205-7ff6af3db21c call 7ff6af3db6c8 142->147 148 7ff6af3db221-7ff6af3db233 lstrcmpiW 142->148 143->137 147->137 153 7ff6af3db235-7ff6af3db24c call 7ff6af3db6c8 148->153 154 7ff6af3db251-7ff6af3db266 148->154 153->137 154->137 160 7ff6af3db26c-7ff6af3db29f call 7ff6af3c830c call 7ff6af3c4194 154->160 162 7ff6af3db30f-7ff6af3db323 lstrcmpiW 158->162 163 7ff6af3db2f9-7ff6af3db30d call 7ff6af3db6c8 158->163 159->132 164 7ff6af3db3a5-7ff6af3db3a8 159->164 160->137 166 7ff6af3db345-7ff6af3db35a 162->166 167 7ff6af3db325-7ff6af3db335 call 7ff6af3db6c8 162->167 177 7ff6af3db339-7ff6af3db343 call 7ff6af3c1858 163->177 164->132 166->159 172 7ff6af3db35c-7ff6af3db389 call 7ff6af3c830c call 7ff6af3c4194 166->172 167->177 172->159 177->159
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$CloseFromInformationJoinStringVersion
                                                                                                                                                                        • String ID: AutoUpdateCheckPeriodMinutes$CloudPolicyOverridesPlatformPolicy$DownloadPreference$HKLM\Software\BraveSoftware\UpdateDev\$HKLM\Software\Policies\BraveSoftware\Update\$Install$InstallDefault$IsEnrolledToDomain$PackageCacheLifeLimit$PackageCacheSizeLimit$ProxyMode$ProxyPacUrl$ProxyServer$RollbackToTargetVersion$TargetChannel$TargetVersionPrefix$Update$UpdateDefault$UpdatesSuppressedDurationMin$UpdatesSuppressedStartHour$UpdatesSuppressedStartMin$[ConfigManager::LoadGroupPolicies][Machine is not Enterprise Managed]$[ConfigManager::LoadGroupPolicies][No Group Policies found under key][%s]$[ConfigManager::LoadGroupPolicies][Unexpected DWORD policy prefix encountered][%s][%d]$[ConfigManager::LoadGroupPolicies][Unexpected String policy prefix encountered][%s][%s]$[ConfigManager::LoadGroupPolicies][Unexpected Type for policy prefix encountered][%s][%d]
                                                                                                                                                                        • API String ID: 1238509541-381215280
                                                                                                                                                                        • Opcode ID: 3c7c05a9b49a8495eff8ab8ea173dc456e925f65b9dcf01cf34e0a959eff8022
                                                                                                                                                                        • Instruction ID: e2f6b1f2f8a257f2d3a4802ddde8c52462648acc54ac56fb5484b29f7f40be6e
                                                                                                                                                                        • Opcode Fuzzy Hash: 3c7c05a9b49a8495eff8ab8ea173dc456e925f65b9dcf01cf34e0a959eff8022
                                                                                                                                                                        • Instruction Fuzzy Hash: FF22A072A0AA8685FB10DF25D8402BD37A0FF40798F401535EA4DDB6AADF7CE549C782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 354 7ff6af3c83f0-7ff6af3c845f 355 7ff6af3c8463-7ff6af3c84a9 call 7ff6af3c5894 call 7ff6af3c767c call 7ff6af3ed1c0 354->355 362 7ff6af3c84ab-7ff6af3c84b1 355->362 363 7ff6af3c84d6-7ff6af3c84d8 355->363 364 7ff6af3c84b3-7ff6af3c84b7 362->364 365 7ff6af3c84c5-7ff6af3c84cb 362->365 366 7ff6af3c84de-7ff6af3c84e4 363->366 367 7ff6af3c866b-7ff6af3c86ab call 7ff6af3c1834 363->367 364->363 368 7ff6af3c84b9-7ff6af3c84bf 364->368 365->355 366->367 370 7ff6af3c84ea-7ff6af3c850c 366->370 380 7ff6af3c86b1-7ff6af3c86b3 367->380 381 7ff6af3c87dc-7ff6af3c87fa 367->381 371 7ff6af3c84c1-7ff6af3c84c3 368->371 372 7ff6af3c84cd-7ff6af3c84d1 call 7ff6af3f12a8 368->372 374 7ff6af3c8512-7ff6af3c8596 GetLocalTime call 7ff6af3cbef0 370->374 375 7ff6af3c859b-7ff6af3c85bd GetCurrentThreadId GetCurrentProcessId call 7ff6af3cbf38 370->375 371->366 372->363 374->375 382 7ff6af3c85c2-7ff6af3c866a call 7ff6af3c88d4 call 7ff6af3e0920 375->382 384 7ff6af3c86b5-7ff6af3c86b9 380->384 385 7ff6af3c86bf-7ff6af3c86c7 call 7ff6af3c14b8 380->385 384->381 384->385 391 7ff6af3c87fb-7ff6af3c8807 call 7ff6af3c1834 385->391 392 7ff6af3c86cd-7ff6af3c86e7 call 7ff6af3c14b8 385->392 392->391 399 7ff6af3c86ed-7ff6af3c8703 392->399 401 7ff6af3c870b-7ff6af3c8718 399->401 403 7ff6af3c872e-7ff6af3c8762 call 7ff6af3c83f0 401->403 404 7ff6af3c871a-7ff6af3c872a Sleep 401->404 408 7ff6af3c8767-7ff6af3c8773 403->408 404->401 405 7ff6af3c872c 404->405 407 7ff6af3c8775-7ff6af3c8792 OutputDebugStringA OutputDebugStringW * 2 405->407 409 7ff6af3c8798-7ff6af3c87b2 407->409 408->407 408->409 411 7ff6af3c87b4-7ff6af3c87b7 409->411 412 7ff6af3c87bd-7ff6af3c87d1 409->412 411->412 412->381 413 7ff6af3c87d3-7ff6af3c87d6 412->413 413->381
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Current$LocalProcessThreadTime_cwprintf_s_l
                                                                                                                                                                        • String ID: LOG_SYSTEM: Couldn't acquire lock - $[%02d/%02d/%02d %02d:%02d:%02d.%03d]$[%s][%u:%u]
                                                                                                                                                                        • API String ID: 2343420834-4008863920
                                                                                                                                                                        • Opcode ID: dbc02877ac586c76a7cb977288e03639ceda026695a65576525947f75771bd28
                                                                                                                                                                        • Instruction ID: 7029bda1842ecfa6c9890eb31437fa9cbc03e0823ecd7a406d394a0bff27d4cb
                                                                                                                                                                        • Opcode Fuzzy Hash: dbc02877ac586c76a7cb977288e03639ceda026695a65576525947f75771bd28
                                                                                                                                                                        • Instruction Fuzzy Hash: 95A19032A0AF9186E760CF15E44066E73A0FB88B94F004236DE9D87B95DF7CE546CB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 414 7ff6af3dc930-7ff6af3dc973 call 7ff6af3dc78c 417 7ff6af3dc975-7ff6af3dc97b 414->417 418 7ff6af3dc97d 414->418 419 7ff6af3dc980-7ff6af3dc9e8 call 7ff6af3d9b8c call 7ff6af3c5808 * 2 call 7ff6af3c4f0c call 7ff6af3c1858 417->419 418->419 431 7ff6af3dc9f3-7ff6af3dca08 419->431 432 7ff6af3dc9ea-7ff6af3dc9ed 419->432 433 7ff6af3dca13-7ff6af3dca57 call 7ff6af3cb6d4 call 7ff6af3cac20 431->433 434 7ff6af3dca0a-7ff6af3dca0d 431->434 432->431 439 7ff6af3dcaeb-7ff6af3dcafe 433->439 440 7ff6af3dca5d-7ff6af3dca68 433->440 434->433 441 7ff6af3dcb42-7ff6af3dcb4d 439->441 442 7ff6af3dcb00-7ff6af3dcb1f call 7ff6af3cb454 439->442 443 7ff6af3dca6a-7ff6af3dca75 RegCloseKey 440->443 444 7ff6af3dca7c-7ff6af3dca8d 440->444 448 7ff6af3dcb4f-7ff6af3dcb5a RegCloseKey 441->448 449 7ff6af3dcb61-7ff6af3dcb72 441->449 455 7ff6af3dcbc3-7ff6af3dcbce 442->455 456 7ff6af3dcb25-7ff6af3dcb39 442->456 443->444 446 7ff6af3dca8f-7ff6af3dca92 444->446 447 7ff6af3dca98-7ff6af3dcaaa 444->447 446->447 451 7ff6af3dcaac-7ff6af3dcab6 ReleaseMutex 447->451 452 7ff6af3dcab8 447->452 448->449 453 7ff6af3dcb74-7ff6af3dcb77 449->453 454 7ff6af3dcb7d-7ff6af3dcb93 449->454 457 7ff6af3dcabe-7ff6af3dcac9 451->457 452->457 453->454 464 7ff6af3dcb95 CloseHandle 454->464 465 7ff6af3dcb9b 454->465 459 7ff6af3dcbe2-7ff6af3dcbf3 455->459 460 7ff6af3dcbd0-7ff6af3dcbdb RegCloseKey 455->460 456->442 461 7ff6af3dcb3b 456->461 462 7ff6af3dcad1-7ff6af3dcae6 call 7ff6af3c67f0 457->462 463 7ff6af3dcacb CloseHandle 457->463 467 7ff6af3dcbf5-7ff6af3dcbf8 459->467 468 7ff6af3dcbfe-7ff6af3dcc1b 459->468 460->459 461->441 471 7ff6af3dcbb4-7ff6af3dcbc2 462->471 463->462 464->465 470 7ff6af3dcb9e-7ff6af3dcbb1 call 7ff6af3c67f0 465->470 467->468 468->470 475 7ff6af3dcc1d-7ff6af3dcc23 CloseHandle 468->475 470->471 475->470
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorControl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC846
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorOwner.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC86B
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorGroup.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC886
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC8A5
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC8C9
                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FF6AF3DCA6A
                                                                                                                                                                        • ReleaseMutex.KERNEL32 ref: 00007FF6AF3DCAB0
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00007FF6AF3DCACB
                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FF6AF3DCB4F
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00007FF6AF3DCB95
                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FF6AF3DCBD0
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00007FF6AF3DCC1D
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CB454: lstrlenW.KERNEL32 ref: 00007FF6AF3CB477
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CB454: RegSetValueExW.ADVAPI32 ref: 00007FF6AF3CB49A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$DescriptorSecurity$Handle$ControlDaclGroupMutexOwnerReleaseSaclValuelstrlen
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$uid${BC6A0F04-AE75-459F-B879-2C961515B78A}
                                                                                                                                                                        • API String ID: 3857909350-3455629531
                                                                                                                                                                        • Opcode ID: e48e0ce9963d35ed98410e7930abd71b38b028ba43f8d3b6cb2017a90b20c32f
                                                                                                                                                                        • Instruction ID: 927008076eeb13f9cdc4fc418eb20b5c1f2407e98717172d75427e88329eba4e
                                                                                                                                                                        • Opcode Fuzzy Hash: e48e0ce9963d35ed98410e7930abd71b38b028ba43f8d3b6cb2017a90b20c32f
                                                                                                                                                                        • Instruction Fuzzy Hash: 94915962B16E0689EB00DF65D8542AC27B0FF48BA8F444532CE5D9B7A4DF7CE589C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Delete$CloseValue$AllocateCheckFreeHandleInitializeMembershipToken
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$old-uid$uid
                                                                                                                                                                        • API String ID: 2398258545-524266813
                                                                                                                                                                        • Opcode ID: d324a5137bfca63e9bbe3baac81de9f4efb82e6db18f1c2eeda9bf9050955ef0
                                                                                                                                                                        • Instruction ID: 5c024a3ef7a835c8f8f4110e905cc5940c358b945bb0b7411705b7affcf40328
                                                                                                                                                                        • Opcode Fuzzy Hash: d324a5137bfca63e9bbe3baac81de9f4efb82e6db18f1c2eeda9bf9050955ef0
                                                                                                                                                                        • Instruction Fuzzy Hash: 58310636E2AA1685FB00DB60E8442AC37B0FF44B98F440531DE4D9BA69CF7CE149C392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary$AddressProc$Caller
                                                                                                                                                                        • String ID: NetApi32.dll$NetFreeAadJoinInformation$NetGetAadJoinInformation
                                                                                                                                                                        • API String ID: 321392415-2909723663
                                                                                                                                                                        • Opcode ID: bcdf350934d6ab9aa5d13d5d7246176f1fe1ed3f0ede2264d39a753aabc20b21
                                                                                                                                                                        • Instruction ID: 8404b74fd5befd23cceb9dc3b1b130905a0b5639d38efac666110e2434106c29
                                                                                                                                                                        • Opcode Fuzzy Hash: bcdf350934d6ab9aa5d13d5d7246176f1fe1ed3f0ede2264d39a753aabc20b21
                                                                                                                                                                        • Instruction Fuzzy Hash: 03216D22A1BF0252EF848B19B8547796351AF88751F480539D91ECB3A5EF3CF486C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                        • Opcode ID: 253415952cb0d526232cf6de8fb86081a41700046e91163c7ec077dc9194be5b
                                                                                                                                                                        • Instruction ID: 77658920c71a91c36348f9a3e8834964199ad88c38add446d3d34da6268694b1
                                                                                                                                                                        • Opcode Fuzzy Hash: 253415952cb0d526232cf6de8fb86081a41700046e91163c7ec077dc9194be5b
                                                                                                                                                                        • Instruction Fuzzy Hash: 5841E065B1BE0281EB129B26E8042BA23D2BF06BD0F484135DD1DCF794EE7CE845D382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ProcessValid$CurrentLength$AuthorityChangeCloseCopyEqualFindInitializeNotificationOpenProfileRequiredTokenUnloadUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2833304325-0
                                                                                                                                                                        • Opcode ID: 5d7bd0f18631bcf9a32782e67b86df293647e49a2fce557aba3e4a9b36c94c89
                                                                                                                                                                        • Instruction ID: 064697d0873609474748eec8aac726f97c121701697286609fed8b0a7a5c1d24
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d7bd0f18631bcf9a32782e67b86df293647e49a2fce557aba3e4a9b36c94c89
                                                                                                                                                                        • Instruction Fuzzy Hash: B2417022A0AF5291EB50DB60E4443BE63A0FF84B44F440131EA8DCBA99DF6CE54AC781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCriticalDirectoryEnterHandleInit_thread_footerLibraryLoadModuleProcSectionSystem
                                                                                                                                                                        • String ID: AddDllDirectory$kernel32.dll
                                                                                                                                                                        • API String ID: 1331488200-3973626626
                                                                                                                                                                        • Opcode ID: def41c3b7cbebc21e219df304fb7474b90b52b27854419d50281b9c3f1d86245
                                                                                                                                                                        • Instruction ID: 0f9bf82abf5e161f23208d6aac6f3e27a1f2b2a6d3898adbce0004e48ef02bd0
                                                                                                                                                                        • Opcode Fuzzy Hash: def41c3b7cbebc21e219df304fb7474b90b52b27854419d50281b9c3f1d86245
                                                                                                                                                                        • Instruction Fuzzy Hash: 27317376E1AE4682DB409B29D8401687361FF84BB5F004332DA3E8B7E5DF2CE499C746
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Token$CloseHandleInformationProcessProfileUnloadUser$CurrentErrorLastOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2032368645-0
                                                                                                                                                                        • Opcode ID: f16c99d9ff903e6a1a5fdb3e57dcbec8bfd8b8dcd0dbed1091b30eb027c00042
                                                                                                                                                                        • Instruction ID: b182cb98edd8c8d9973ad59ae6b7f31c8edb749e502346bfa1504bd3fbb737b8
                                                                                                                                                                        • Opcode Fuzzy Hash: f16c99d9ff903e6a1a5fdb3e57dcbec8bfd8b8dcd0dbed1091b30eb027c00042
                                                                                                                                                                        • Instruction Fuzzy Hash: E3513926B0AF5686FB44DBA1C0543AC27A1AF84B84F054535CE0E9F799DE38F40AC3C2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNEL32(?,?,?,?,?,?,00000000,?,?,00007FF6AF3C41C6), ref: 00007FF6AF3C871F
                                                                                                                                                                        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,00000000,?,?,00007FF6AF3C41C6), ref: 00007FF6AF3C877C
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,00000000,?,?,00007FF6AF3C41C6), ref: 00007FF6AF3C8785
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,00000000,?,?,00007FF6AF3C41C6), ref: 00007FF6AF3C8792
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C83F0: GetLocalTime.KERNEL32 ref: 00007FF6AF3C8525
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C83F0: _cwprintf_s_l.LIBCMT ref: 00007FF6AF3C8596
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C83F0: GetCurrentThreadId.KERNEL32 ref: 00007FF6AF3C859B
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C83F0: GetCurrentProcessId.KERNEL32 ref: 00007FF6AF3C85A3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputString$Current$LocalProcessSleepThreadTime_cwprintf_s_l
                                                                                                                                                                        • String ID: LOG_SYSTEM: Couldn't acquire lock -
                                                                                                                                                                        • API String ID: 2554195080-1219263422
                                                                                                                                                                        • Opcode ID: 68ea8875326161ed161d81e94dede1a0f834ac53abbc895acb42c4a58fea93e5
                                                                                                                                                                        • Instruction ID: 991dd83da26a91975a6ad02bfb84802f6f41bef04c756aa961eb70172da4662b
                                                                                                                                                                        • Opcode Fuzzy Hash: 68ea8875326161ed161d81e94dede1a0f834ac53abbc895acb42c4a58fea93e5
                                                                                                                                                                        • Instruction Fuzzy Hash: D941D336A06F4282EB54DB1AD84422D33A0FB84FA0F044235CE6D87791EF7CE94AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CB5D0: RegQueryValueExW.ADVAPI32 ref: 00007FF6AF3CB668
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CB5D0: RegCloseKey.ADVAPI32 ref: 00007FF6AF3CB67D
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CB5D0: RegCloseKey.ADVAPI32(?,?,00000018,HKLM\Software\Policies\BraveSoftware\Update\,-00000014,00007FF6AF3DB451), ref: 00007FF6AF3CB699
                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FF6AF3DB526
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$QueryValue
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\ClientState\$HKLM\Software\BraveSoftware\UpdateDev\$HKLM\Software\BraveSoftware\Update\ClientState\$UsageStats
                                                                                                                                                                        • API String ID: 2393043351-725874505
                                                                                                                                                                        • Opcode ID: 6b1c34efe54b3eef4296586426c2a534e649b41622b96b7ed06a9c9f13583eed
                                                                                                                                                                        • Instruction ID: f0129c66ece95c545ce22ae0c449afa6f32ddc8304886a0cb2118ecbb907924f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b1c34efe54b3eef4296586426c2a534e649b41622b96b7ed06a9c9f13583eed
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F415E62A16F0686FB00DB25D8402A837A1FF44BA8F444635DA6C8B7E6DF3CE459C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetComputerNameExW.KERNELBASE ref: 00007FF6AF3DB5BC
                                                                                                                                                                        • NetWkstaGetInfo.NETAPI32 ref: 00007FF6AF3DB5F2
                                                                                                                                                                        • NetApiBufferFree.NETAPI32 ref: 00007FF6AF3DB61F
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C6B54: lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6B73
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C6B54: lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6B7F
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C6B54: CharLowerW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6BA6
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C6B54: CharLowerW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6BB1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CharLowerlstrlen$BufferComputerFreeInfoNameWksta
                                                                                                                                                                        • String ID: .brave.com$brave
                                                                                                                                                                        • API String ID: 723138920-1739565110
                                                                                                                                                                        • Opcode ID: a205562f3d13a7149af8864648427d62c0519307c7864b14925db8b0a418fe06
                                                                                                                                                                        • Instruction ID: 362872726d64fef1638804174744319589c55a36d4750826c902b15507a98e58
                                                                                                                                                                        • Opcode Fuzzy Hash: a205562f3d13a7149af8864648427d62c0519307c7864b14925db8b0a418fe06
                                                                                                                                                                        • Instruction Fuzzy Hash: 1711AF21A1EE4281FB609B60E4943BA63A1FF84784F844431DA8D8F695DF3CE509CB82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary$AddressProc
                                                                                                                                                                        • String ID: IsDeviceRegisteredWithManagement$MDMRegistration.dll
                                                                                                                                                                        • API String ID: 1309337288-129496282
                                                                                                                                                                        • Opcode ID: ebe19fc59913dad221b5b8d8ad713bbda3ed49acb276540584a5ed347cf08f3a
                                                                                                                                                                        • Instruction ID: 6254c0419e977697cffde878f7317209c208c15e769bc31ceed5bc329741c8de
                                                                                                                                                                        • Opcode Fuzzy Hash: ebe19fc59913dad221b5b8d8ad713bbda3ed49acb276540584a5ed347cf08f3a
                                                                                                                                                                        • Instruction Fuzzy Hash: A5118633E1FA2182EB908B15B4405796360FF88B51F541536E91ECB294DF3CF446C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleNamedPipe$CloseCreateErrorFileLastStateWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1846735221-0
                                                                                                                                                                        • Opcode ID: 03ed2406402c8df14b75a950965af551ed0e698ab87f7c7c374e94d9d625ec4e
                                                                                                                                                                        • Instruction ID: bf8efaaa46cb3814e490aa2e459993589a9b26756d64625942cf6e487b34a0ed
                                                                                                                                                                        • Opcode Fuzzy Hash: 03ed2406402c8df14b75a950965af551ed0e698ab87f7c7c374e94d9d625ec4e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B218461A0DE4682FB508B11E84877A63A0FF55BA4F144635DA5D8EAC4CF7CD8458B81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00007FF6AF3CD849
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C5248: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C528A
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C5248: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C52C2
                                                                                                                                                                        • _cwprintf_s_l.LIBCMT ref: 00007FF6AF3CD8F9
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentVariable$CurrentThread_cwprintf_s_l
                                                                                                                                                                        • String ID: CommandLineMode$CrashHandlerLaunchedForMinidump
                                                                                                                                                                        • API String ID: 3580187243-2890723410
                                                                                                                                                                        • Opcode ID: ca85a5aedb24ef79f1a94810be8f168c33467d65918756645309d6bb1b9e350f
                                                                                                                                                                        • Instruction ID: 515564e361cc0437925dfd28ac351d3b197826d6c0d90a642c79e2ee1139c244
                                                                                                                                                                        • Opcode Fuzzy Hash: ca85a5aedb24ef79f1a94810be8f168c33467d65918756645309d6bb1b9e350f
                                                                                                                                                                        • Instruction Fuzzy Hash: 3C916262B06F5285EB04AF65C4503AC23A0FF45B98F544635EE2D8B7C6DF38E85AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CC618: PathRemoveExtensionW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3C62A2), ref: 00007FF6AF3CC66D
                                                                                                                                                                        • lstrcmpiW.KERNELBASE(?,?,?,00007FF6AF3C790C,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C772A
                                                                                                                                                                        • Concurrency::details::stl_critical_section_win7::stl_critical_section_win7.LIBCPMT ref: 00007FF6AF3C77EE
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CA9E4: InitializeCriticalSection.KERNEL32(?,?,?,00007FF6AF3C77F3,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3CA9FB
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: GetProcessHeap.KERNEL32(?,?,?,00007FF6AF3C1009), ref: 00007FF6AF3C152E
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C1563
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C15CC
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C5248: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C528A
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C5248: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C52C2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentInit_thread_footerVariable$Concurrency::details::stl_critical_section_win7::stl_critical_section_win7CriticalExtensionHeapInitializePathProcessRemoveSectionlstrcmpi
                                                                                                                                                                        • String ID: BraveUpdate.ini$SystemDrive
                                                                                                                                                                        • API String ID: 100727116-4063966519
                                                                                                                                                                        • Opcode ID: 61fb6a9d6c5bd89499d48460325008ba76ebe576a281e02c884b3bb22ec7dc9a
                                                                                                                                                                        • Instruction ID: fa215985eee0ff5f515a433f76e568703fbb5637bdab6ef2f165f18f7ec07e45
                                                                                                                                                                        • Opcode Fuzzy Hash: 61fb6a9d6c5bd89499d48460325008ba76ebe576a281e02c884b3bb22ec7dc9a
                                                                                                                                                                        • Instruction Fuzzy Hash: 37815662A16E4682EB40AB29D8412793361FF84BF4F445331EA7D877E6DF2CE459C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                        • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                        • API String ID: 1646373207-2102062458
                                                                                                                                                                        • Opcode ID: 2a77af6045cf19a3ed4cd897939de9ff650399b86947d4c5b5eec06cabb76a68
                                                                                                                                                                        • Instruction ID: 7474bbcba7d4af62653218b19908364aff81c260ecf3be3de5ed1b10f6ef962d
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a77af6045cf19a3ed4cd897939de9ff650399b86947d4c5b5eec06cabb76a68
                                                                                                                                                                        • Instruction Fuzzy Hash: CC315022E06F5289F700ABB4D8902AC37A4FF44718F444239DA5D9B796DF7CE859C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBBC8
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBBE0
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBBF8
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC10
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC28
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC40
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC58
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC70
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC84
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CBA94: lstrcmpiW.KERNEL32 ref: 00007FF6AF3CBC98
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CACC0: RegOpenKeyExW.KERNELBASE ref: 00007FF6AF3CAD00
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32 ref: 00007FF6AF3CB668
                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FF6AF3CB67D
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000018,HKLM\Software\Policies\BraveSoftware\Update\,-00000014,00007FF6AF3DB451), ref: 00007FF6AF3CB699
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$Close$OpenQueryValue
                                                                                                                                                                        • String ID: HKLM\Software\Policies\BraveSoftware\Update\
                                                                                                                                                                        • API String ID: 645971292-3675634299
                                                                                                                                                                        • Opcode ID: 2c6e6551f29c24d00b6ff9694e7df78551bf2481b83f6eb890f71ffd612ad6b8
                                                                                                                                                                        • Instruction ID: 5bb6fa07f615cfd932c257d183658210e9ecf446827596d67ff5f7f10e507c34
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c6e6551f29c24d00b6ff9694e7df78551bf2481b83f6eb890f71ffd612ad6b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 00319C32F16A528AFB50CF61D8057AD2760FB44B98F044635EE4D9BA58CF38D58AC781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                                                                        • String ID: \VarFileInfo\Translation
                                                                                                                                                                        • API String ID: 2179348866-675650646
                                                                                                                                                                        • Opcode ID: 4728804280d5501dc2a3def877a60f17ba562b7fd522042098763e2c86f0f6b7
                                                                                                                                                                        • Instruction ID: b317d514d3eed17da9d0bbd8de8bf73eab89dbe7de8b15a22434245c43d5ee5c
                                                                                                                                                                        • Opcode Fuzzy Hash: 4728804280d5501dc2a3def877a60f17ba562b7fd522042098763e2c86f0f6b7
                                                                                                                                                                        • Instruction Fuzzy Hash: 33116032619A91C6E7508F15E45437DB3A0FB84B84F448135EA8DCB798DFBCD449C782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2338475965-0
                                                                                                                                                                        • Opcode ID: 58108b20bf0e950292f08e123583247e81063a20d28ac7b19f9f8de59c08d322
                                                                                                                                                                        • Instruction ID: 6cbc432e6d25f0945f0b84ae4557e91f91e5ed52f8b332aa833788fb418f015a
                                                                                                                                                                        • Opcode Fuzzy Hash: 58108b20bf0e950292f08e123583247e81063a20d28ac7b19f9f8de59c08d322
                                                                                                                                                                        • Instruction Fuzzy Hash: 52311361A0FA4281FB64AB64E4523F923D1AF52384F444439EA4EDF6D7DE2CAC058397
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::stl_critical_section_win7::stl_critical_section_win7.LIBCPMT ref: 00007FF6AF3C77EE
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CA9E4: InitializeCriticalSection.KERNEL32(?,?,?,00007FF6AF3C77F3,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3CA9FB
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: GetProcessHeap.KERNEL32(?,?,?,00007FF6AF3C1009), ref: 00007FF6AF3C152E
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C1563
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C15CC
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C5248: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C528A
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C5248: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C52C2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentInit_thread_footerVariable$Concurrency::details::stl_critical_section_win7::stl_critical_section_win7CriticalHeapInitializeProcessSection
                                                                                                                                                                        • String ID: BraveUpdate.ini$SystemDrive
                                                                                                                                                                        • API String ID: 230620767-4063966519
                                                                                                                                                                        • Opcode ID: 0679a6aa97a4d5126470509ba0b69a3bce7b7916ca6409cee65aa6e3dc1d14c1
                                                                                                                                                                        • Instruction ID: a2dc4e9cd6e171478bdaf8a1e591b6a4834a50aa48122240c3db4a00076542a9
                                                                                                                                                                        • Opcode Fuzzy Hash: 0679a6aa97a4d5126470509ba0b69a3bce7b7916ca6409cee65aa6e3dc1d14c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 32618322A1AF4682EB00EB29D4413783760FF81794F404235D66D8B7E6DF7CE469C396
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FolderPath
                                                                                                                                                                        • String ID: LocalAppData$ProgramFiles
                                                                                                                                                                        • API String ID: 1514166925-2363656367
                                                                                                                                                                        • Opcode ID: 95ff70c3f183b927d6c6fdc02f138c4d7e872759f36a5262cb93e757548edcd8
                                                                                                                                                                        • Instruction ID: 0ec5331c45521f5330ce26ee397d01d4372ee3e9ffdf7ac4cffc6fbd994eb3f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 95ff70c3f183b927d6c6fdc02f138c4d7e872759f36a5262cb93e757548edcd8
                                                                                                                                                                        • Instruction Fuzzy Hash: E7312632B19E5281EB649B25E85436D23A0FFC9BD0F404235EA5ECB795DF3CE8068781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$Close$OpenQueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 645971292-0
                                                                                                                                                                        • Opcode ID: a4c40ac77db2586b574c854f1ab15197e490c2858afea1123da75d87570a2c25
                                                                                                                                                                        • Instruction ID: 0db8420c1c103e4f0b7e9d63a26d3dcbd383a3a50631d29e5d138497d9cc543c
                                                                                                                                                                        • Opcode Fuzzy Hash: a4c40ac77db2586b574c854f1ab15197e490c2858afea1123da75d87570a2c25
                                                                                                                                                                        • Instruction Fuzzy Hash: 0551BD73A15E2289FB10CBA5D8543AC33B0BB84798F154135DE4DABA98DF38E54AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2567405617-0
                                                                                                                                                                        • Opcode ID: ff525a242f838a3e1511f120ade3654ad9a4bac41dc8d8a32355d46c92bdf2e5
                                                                                                                                                                        • Instruction ID: a96f50f755bef840d7961940183f729b0950850f8002d07e57b34d001373a20c
                                                                                                                                                                        • Opcode Fuzzy Hash: ff525a242f838a3e1511f120ade3654ad9a4bac41dc8d8a32355d46c92bdf2e5
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C418332B06E6296EB609F21D4505A863A0FF44B98B454531EF2D8FB85DF3DF80A8381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 0b82b5ee860eb780c004d562dad75fa65b3e1972e3773e97ed35a33062fb29a9
                                                                                                                                                                        • Instruction ID: 9afb19ab4a69d567a3970466a991d0d0a550515c1b28b4796b8b9d2154ddc128
                                                                                                                                                                        • Opcode Fuzzy Hash: 0b82b5ee860eb780c004d562dad75fa65b3e1972e3773e97ed35a33062fb29a9
                                                                                                                                                                        • Instruction Fuzzy Hash: 2ED09E50F1AE0252EB543B709C9947813515F4A741F105538D85FCE393CD2CE849C3D2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AppendDirectoryPathRemove
                                                                                                                                                                        • String ID: BraveSoftware\CrashReports
                                                                                                                                                                        • API String ID: 3196498805-4112335201
                                                                                                                                                                        • Opcode ID: e495d4610c5e6d597bb5c83d06bdcc316361b3938ffcbc3ac66faf489dee3b0a
                                                                                                                                                                        • Instruction ID: b366314b5e3c7ef362583d75709e4daf3ddde58d78a00185f0d7df56ff39a6c2
                                                                                                                                                                        • Opcode Fuzzy Hash: e495d4610c5e6d597bb5c83d06bdcc316361b3938ffcbc3ac66faf489dee3b0a
                                                                                                                                                                        • Instruction Fuzzy Hash: A5513E62B06E4586EB149B29C8416AC23E0FF40BB4F544635DE2D8B7D5DF7CE989C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C7684: lstrcmpiW.KERNELBASE(?,?,?,00007FF6AF3C790C,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C772A
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CC9CC: wvsprintfW.USER32 ref: 00007FF6AF3CCA84
                                                                                                                                                                        • OutputDebugStringW.KERNEL32 ref: 00007FF6AF3C81B3
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down , xrefs: 00007FF6AF3C81A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputStringlstrcmpiwvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down
                                                                                                                                                                        • API String ID: 2972341841-1171486310
                                                                                                                                                                        • Opcode ID: 1a5e91cfbe1c10d1186ae6b6df87b21f929df44f1554416e4993e0579e75537f
                                                                                                                                                                        • Instruction ID: b8e3a3c9e56fb7246dabd221cf9a651ebe147ebf80158528d6f53eb89253af7e
                                                                                                                                                                        • Opcode Fuzzy Hash: 1a5e91cfbe1c10d1186ae6b6df87b21f929df44f1554416e4993e0579e75537f
                                                                                                                                                                        • Instruction Fuzzy Hash: D4018B72A1AE4182DB44DB29E14407D2360FF86FE4B445232DA7E4B7E2CF28E55AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C7684: lstrcmpiW.KERNELBASE(?,?,?,00007FF6AF3C790C,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C772A
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CC9CC: wvsprintfW.USER32 ref: 00007FF6AF3CCA84
                                                                                                                                                                        • OutputDebugStringW.KERNEL32 ref: 00007FF6AF3C8112
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down , xrefs: 00007FF6AF3C8103
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputStringlstrcmpiwvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: ERROR - Calling the logging system after it has been shut down
                                                                                                                                                                        • API String ID: 2972341841-1171486310
                                                                                                                                                                        • Opcode ID: 1fbfecef53fdded91304fe3b1b2b9a465cfc5a20173080d469c4957aef4840a6
                                                                                                                                                                        • Instruction ID: df57b1842b3bd18e6ea33f0e00faf0693d50d1b2035bcddace02250eeb185f2d
                                                                                                                                                                        • Opcode Fuzzy Hash: 1fbfecef53fdded91304fe3b1b2b9a465cfc5a20173080d469c4957aef4840a6
                                                                                                                                                                        • Instruction Fuzzy Hash: E7016D12C0EAE394FB51A62484093BC2B909F52B48F540475C64D8E2A6CE9EF58FC392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C1FAC: GetSidLengthRequired.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C2077
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C1FAC: InitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C2096
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C1FAC: GetSidSubAuthority.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C20CA
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C1FAC: IsValidSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C20E5
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C1FAC: GetLengthSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C20F4
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C1FAC: CopySid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C210E
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C2584: IsValidSid.ADVAPI32(?,?,?,?,?,00007FF6AF3C4307), ref: 00007FF6AF3C25B2
                                                                                                                                                                        • SetNamedSecurityInfoW.ADVAPI32 ref: 00007FF6AF3D7FBD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LengthValid$AuthorityCopyInfoInitializeNamedRequiredSecurity
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1085693771-0
                                                                                                                                                                        • Opcode ID: 104415ed9b12c8fee7fb87a831c2f01acb2b887f26c338946c53c35b32669143
                                                                                                                                                                        • Instruction ID: 549e101a179f3ded7bd652deb20141631a253c74d7a2bd8bcf5eadfe440f0861
                                                                                                                                                                        • Opcode Fuzzy Hash: 104415ed9b12c8fee7fb87a831c2f01acb2b887f26c338946c53c35b32669143
                                                                                                                                                                        • Instruction Fuzzy Hash: E0A1AE32A05E4186EB20DB29D8446AD73A4FB84BA4F504631EF1C8B7D5DF7CE949C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi$Close$Open
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1041768801-0
                                                                                                                                                                        • Opcode ID: 11a15da7e178b3b6e8984e906e725dfc56229034341505e4bf4cd8c78d19935a
                                                                                                                                                                        • Instruction ID: 58cc7b58ee37fb332c20766df0634e1fa75db7d4454c2400a9cbd46278b0f5d7
                                                                                                                                                                        • Opcode Fuzzy Hash: 11a15da7e178b3b6e8984e906e725dfc56229034341505e4bf4cd8c78d19935a
                                                                                                                                                                        • Instruction Fuzzy Hash: C7318D72B05F118AEB00CF75D4452AC37B0FB54BA8F044621DA2D9BA99DF38D59AC7C0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CA868: GetModuleHandleW.KERNEL32(?,?,?,00007FF6AF3CA929,?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA894
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CA868: GetProcAddress.KERNEL32(?,?,?,00007FF6AF3CA929,?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA8AC
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CA868: GetProcAddress.KERNEL32(?,?,?,00007FF6AF3CA929,?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA8C3
                                                                                                                                                                        • CreateMutexW.KERNELBASE(?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA944
                                                                                                                                                                        • CreateMutexW.KERNEL32(?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA94D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCreateMutexProc$HandleModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 56544078-0
                                                                                                                                                                        • Opcode ID: f294fee70cad087509354b1d670e1879db7e5036c2f4871908f413918c7050f6
                                                                                                                                                                        • Instruction ID: 2a2a8779f953bcbfcb094ceb147ecd71055c45958e376e6b691e35669e9ffdfc
                                                                                                                                                                        • Opcode Fuzzy Hash: f294fee70cad087509354b1d670e1879db7e5036c2f4871908f413918c7050f6
                                                                                                                                                                        • Instruction Fuzzy Hash: ECF0E220B1AB9281EB548713B55562E6710EB48BD0F08C034EE8D9BB18CE3CE0828700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NetGetJoinInformation.NETAPI32(?,?,?,?,?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C5349
                                                                                                                                                                        • NetApiBufferFree.NETAPI32(?,?,?,?,?,?,?,00007FF6AF3C783E,?,?,?,?,00007FF6AF3C1089), ref: 00007FF6AF3C535F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BufferFreeInformationJoin
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3807213042-0
                                                                                                                                                                        • Opcode ID: 68e9baade43bb2714e903ceeaf58d780f39a82404170e2390558defee31b9e70
                                                                                                                                                                        • Instruction ID: e1597ca85fd7e1760d47206acd2f189b17022a2cd553bafb436f812338b55901
                                                                                                                                                                        • Opcode Fuzzy Hash: 68e9baade43bb2714e903ceeaf58d780f39a82404170e2390558defee31b9e70
                                                                                                                                                                        • Instruction Fuzzy Hash: 46F09672A2A94287E7848F74A8C416573A0EF48321F801236F12FCE4E0DF2CE84ACB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3F8B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6AF3F8BC0
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF31C: CloseHandle.KERNEL32(?,?,?,00000000,?,?,00000000,00000038,?,00007FF6AF3D7782), ref: 00007FF6AF3DF4B5
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: FreeLibrary.KERNELBASE(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7A3
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: FreeLibrary.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7B5
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: EnterCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7CF
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: SetUnhandledExceptionFilter.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7E6
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: LeaveCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF8FF
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: ReleaseSemaphore.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF921
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: WaitForSingleObject.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF933
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: FindCloseChangeNotification.KERNELBASE(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF940
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: DeleteCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF955
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: CloseHandle.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF962
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: CloseHandle.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF96F
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: DeleteCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF98C
                                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6AF3D7820
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCriticalSection$Handle$DeleteFreeLibrary$ChangeConcurrency::cancel_current_taskEnterExceptionFilterFindLeaveNotificationObjectReleaseSemaphoreSingleUnhandledWait_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1146141096-0
                                                                                                                                                                        • Opcode ID: 7347ad8c2df21a05ab16c3e67c8ed611d603acfa9fea216e85bb7b2f70bf33c8
                                                                                                                                                                        • Instruction ID: 8315e7cd4c95e71e03fb844a5fd88f816d2158f805832dee41c2d2fb0d0d3798
                                                                                                                                                                        • Opcode Fuzzy Hash: 7347ad8c2df21a05ab16c3e67c8ed611d603acfa9fea216e85bb7b2f70bf33c8
                                                                                                                                                                        • Instruction Fuzzy Hash: C2518972A16F8596EB04DF24D4943AC33A4FB48B98F414A35EB5C4BB85CF38E461C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AppendPath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3286331749-0
                                                                                                                                                                        • Opcode ID: 6c33b92aec529da6f8ed116593357f44e4997bec554a035597bddff280bb3296
                                                                                                                                                                        • Instruction ID: 0b51b9f29414f99cd7ad6fc41b52aef99b68accee630f10e1a485ee870202cbf
                                                                                                                                                                        • Opcode Fuzzy Hash: 6c33b92aec529da6f8ed116593357f44e4997bec554a035597bddff280bb3296
                                                                                                                                                                        • Instruction Fuzzy Hash: 7441A022B0FE8282EB249B19E45413D63E0FF88B94B144635DF5E8B795EF3CE9018781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: FreeLibrary.KERNELBASE(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7A3
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: FreeLibrary.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7B5
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: EnterCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7CF
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: SetUnhandledExceptionFilter.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF7E6
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: LeaveCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF8FF
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: ReleaseSemaphore.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF921
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: WaitForSingleObject.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF933
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: FindCloseChangeNotification.KERNELBASE(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF940
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: DeleteCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF955
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: CloseHandle.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF962
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: CloseHandle.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF96F
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF780: DeleteCriticalSection.KERNEL32(?,?,00000101,00007FF6AF3D7399), ref: 00007FF6AF3DF98C
                                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6AF3D73F0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Close$DeleteFreeHandleLibrary$ChangeEnterExceptionFilterFindLeaveNotificationObjectReleaseSemaphoreSingleUnhandledWait_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 946179828-0
                                                                                                                                                                        • Opcode ID: cc61f1d68235d314b741b8c84e0e41a94ed9d6f9a8b19a33a2712ab42133a6bb
                                                                                                                                                                        • Instruction ID: e0e5961ae885cb460422b94cd0e5202d0f7e4cf4c8d3a8958a27b1b70c838355
                                                                                                                                                                        • Opcode Fuzzy Hash: cc61f1d68235d314b741b8c84e0e41a94ed9d6f9a8b19a33a2712ab42133a6bb
                                                                                                                                                                        • Instruction Fuzzy Hash: 3B2180A2B16E8542EB149B29C94437D13A2EF45FE4F588631DE2C8F789CF2CD88183C1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: bc40500dcbedccf4a3fd6220dfe7ec3762ff2133c82804beac418e5bb44bffaa
                                                                                                                                                                        • Instruction ID: 02f00eae751fa816b9aafccc0148be5a75384401e57175b8ab26d15a7ef1b025
                                                                                                                                                                        • Opcode Fuzzy Hash: bc40500dcbedccf4a3fd6220dfe7ec3762ff2133c82804beac418e5bb44bffaa
                                                                                                                                                                        • Instruction Fuzzy Hash: C921AC36605F6585EB10AF26D40016977A4FB88FD0B198132EF5D9B799CF38E846C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                        • Opcode ID: 5f3453d9e2e101c31a0983b0e7cc08d47ddc9cabf602461727f34026ba793098
                                                                                                                                                                        • Instruction ID: 0d23de1323373bccb290d573c47e7aaee018ac7eab845aa7351069eed3405ee3
                                                                                                                                                                        • Opcode Fuzzy Hash: 5f3453d9e2e101c31a0983b0e7cc08d47ddc9cabf602461727f34026ba793098
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B218D32E06E468AEB649FA4D4842FC33E4FB05358F041635E72D8AAD5EF38D885C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CC914: GetFileVersionInfoSizeW.KERNELBASE(?,?,?,?,?,00007FF6AF3C654A), ref: 00007FF6AF3CC931
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CC914: GetFileVersionInfoW.KERNELBASE(?,?,?,?,?,00007FF6AF3C654A), ref: 00007FF6AF3CC954
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CC914: VerQueryValueW.VERSION ref: 00007FF6AF3CC97D
                                                                                                                                                                        • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3C64FA), ref: 00007FF6AF3C656E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInfoQueryValueVersion$Size
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2099394744-0
                                                                                                                                                                        • Opcode ID: f5f2f794045fbf6b24b9a3a88b2d22bab4126b0f6b41aad722e913061503eed5
                                                                                                                                                                        • Instruction ID: 7fdd7ce97d64ac0e51c6840940790cc74df11968a4e24d2284b6a5ee4bc73bdf
                                                                                                                                                                        • Opcode Fuzzy Hash: f5f2f794045fbf6b24b9a3a88b2d22bab4126b0f6b41aad722e913061503eed5
                                                                                                                                                                        • Instruction Fuzzy Hash: A4116062B04F518AEB108FB5D8411EC37A0FB04794F584A36DE2C8EA8ACF38E059C391
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AppendPath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3286331749-0
                                                                                                                                                                        • Opcode ID: b417ae627a9cc98ca5f259e967c710d038d820fd3f346132e957dad64580b82f
                                                                                                                                                                        • Instruction ID: 1a2d7d4d5980dd14cfedd3c174b60a83ec8b6e9ac20bd0271c3090c4b651aa89
                                                                                                                                                                        • Opcode Fuzzy Hash: b417ae627a9cc98ca5f259e967c710d038d820fd3f346132e957dad64580b82f
                                                                                                                                                                        • Instruction Fuzzy Hash: 7311C232B06D8286EF00DF69E59417C2360AB88BC4B108031DB4DCB756CF29E866C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 649e0802efe58b9c23095bc8ba15b47c54cc6a7531950cdde7e6618526171237
                                                                                                                                                                        • Instruction ID: efb679a14f9ca879406c52f4fb5810f5307180ff8ca66e4044052a4a9202edd8
                                                                                                                                                                        • Opcode Fuzzy Hash: 649e0802efe58b9c23095bc8ba15b47c54cc6a7531950cdde7e6618526171237
                                                                                                                                                                        • Instruction Fuzzy Hash: 5F116D7291EA8682F7509B18E440479B3A4EF40744F850034EA5E8F7A6DF3CEC108B9A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: c9d1414b02aa421ebe8d7d0f41605f278328a733d919ba9ed5a3749784dd1864
                                                                                                                                                                        • Instruction ID: 9f58d59ca84b52c15af9ac4da8477fcb3163382d8b419735bfa5adf7bc207346
                                                                                                                                                                        • Opcode Fuzzy Hash: c9d1414b02aa421ebe8d7d0f41605f278328a733d919ba9ed5a3749784dd1864
                                                                                                                                                                        • Instruction Fuzzy Hash: 3301C832B15B5242EB48DA28D0941397352EB80B70B2C8374CB79C63D0DF7CF869A641
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                        • Opcode ID: 0d3b3b823fc6e0c2f7e6d7da57a28bb82493f32ebe5d9208ccee375d345eacf3
                                                                                                                                                                        • Instruction ID: 36832c0ffabd1d97a81a257e5e8a2499627629662dd1f4f8116e70de2acca176
                                                                                                                                                                        • Opcode Fuzzy Hash: 0d3b3b823fc6e0c2f7e6d7da57a28bb82493f32ebe5d9208ccee375d345eacf3
                                                                                                                                                                        • Instruction Fuzzy Hash: F001A222B14B5582DB448B26F85576AA2A1F7D8B98F159235EE8A8B758EE3CC8018740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Enum
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2928410991-0
                                                                                                                                                                        • Opcode ID: 3aaafe879a49a6a8a1b7948b006bb49328cfa35807433d5ef6bf51a9bd03d356
                                                                                                                                                                        • Instruction ID: 7992674dab9964278a99588dd3131a0339a034897781fe39a711bc8d98af0609
                                                                                                                                                                        • Opcode Fuzzy Hash: 3aaafe879a49a6a8a1b7948b006bb49328cfa35807433d5ef6bf51a9bd03d356
                                                                                                                                                                        • Instruction Fuzzy Hash: C5015222619E8582E760DB51F4953ABB3A0FBC9788F400135EB8D8AA59CF7CD409CB85
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6AF3EDFAA,?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000), ref: 00007FF6AF3EE331
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 02508e4e945ff2de4a8f979c719e798310d7e96995652adbfea83b9ed68cdfa3
                                                                                                                                                                        • Instruction ID: 2c55a83e0a9f3d25f19c807de702c18a7a3ee66b726dcbf1a62e1403dce03f40
                                                                                                                                                                        • Opcode Fuzzy Hash: 02508e4e945ff2de4a8f979c719e798310d7e96995652adbfea83b9ed68cdfa3
                                                                                                                                                                        • Instruction Fuzzy Hash: E5F06D10B0BA0281FF6456A6D8013B993C45FAAB80F4D4031C90ECE7C2EE2CFCC18292
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                        • Opcode ID: 09bc2dafe1a8e0ea5735a102938158d55f2bad739446180c57c3f21b83c6fdd3
                                                                                                                                                                        • Instruction ID: f054dfcb94a6b526aeb167be5f4abc99a73d0b5b87e094b500da7fda3e1cc0f5
                                                                                                                                                                        • Opcode Fuzzy Hash: 09bc2dafe1a8e0ea5735a102938158d55f2bad739446180c57c3f21b83c6fdd3
                                                                                                                                                                        • Instruction Fuzzy Hash: 85E0D63A710A80CAE700CB20C809BAD33A4F380385FA00039CB9C8A260CF3EC95ACB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: StationWindow$CloseDesktopProcess$Thread$CreateCurrentToken$ConvertFreeHandleInformationLengthLocalOpenString
                                                                                                                                                                        • String ID: $BraveCrashHandlerWorkerDesktop$S-1-16-0
                                                                                                                                                                        • API String ID: 2922227223-1327299191
                                                                                                                                                                        • Opcode ID: 9f145340ec37b79b15b0c3452ee3c7618e9fb8a65796ec23f9e26146e8d9eaf0
                                                                                                                                                                        • Instruction ID: 86007e29fa7a48153bef481a91ca5b3bd5350fa25eeb1fc8259e9c0ac7b66002
                                                                                                                                                                        • Opcode Fuzzy Hash: 9f145340ec37b79b15b0c3452ee3c7618e9fb8a65796ec23f9e26146e8d9eaf0
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C413E61A0AE4386FB949F21A91877D23A0FF88B89F044534DD4E8F658DF3CE409D782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalCurrentSectionThread_snwprintf_s$CaptureContextEnter$ExceptionFilterLeaveObjectReleaseSemaphoreSingleUnhandledWait_invalid_parameter_noinfo
                                                                                                                                                                        • String ID: %
                                                                                                                                                                        • API String ID: 1480434379-2567322570
                                                                                                                                                                        • Opcode ID: acfdc1779d251b748cb3f40c126d5eb36989fa5655da1579817ac9f8c6a09236
                                                                                                                                                                        • Instruction ID: 38a85ffda092509a6dec650189d4e22a619f4b5bec5f3cd8fd496e1e389ff053
                                                                                                                                                                        • Opcode Fuzzy Hash: acfdc1779d251b748cb3f40c126d5eb36989fa5655da1579817ac9f8c6a09236
                                                                                                                                                                        • Instruction Fuzzy Hash: D1815422A19E8295E720DF61E8447ED73A4FF85788F400536EA4D8BB9ADF3CD605C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlocklstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2633044538-0
                                                                                                                                                                        • Opcode ID: 07e05f6eebc0019a08848291acc21c2116c1f27ac4d682faca3291db997fe95f
                                                                                                                                                                        • Instruction ID: 5672835db70286baa8d59dbb6fee5bf02a017cc4d60095697e35b552b0629ab9
                                                                                                                                                                        • Opcode Fuzzy Hash: 07e05f6eebc0019a08848291acc21c2116c1f27ac4d682faca3291db997fe95f
                                                                                                                                                                        • Instruction Fuzzy Hash: D301ED21B1AA4282EB545F61B94C13963A1EF49FC5F084034DD0E8F7A4DF2CE449C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                        • Opcode ID: 10261b3e576601bae66f38c7636217dca0b139c1fac9f7e153f6cc50bfe3c0f9
                                                                                                                                                                        • Instruction ID: 8e1e193a19f259a6fb3e4bb967fc33bf933b34187889c4646a42826e660c56b9
                                                                                                                                                                        • Opcode Fuzzy Hash: 10261b3e576601bae66f38c7636217dca0b139c1fac9f7e153f6cc50bfe3c0f9
                                                                                                                                                                        • Instruction Fuzzy Hash: 7F31B232619F8286EB60CF25E8442AE73A4FF89758F500135EA9D8BB59DF3CC545CB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                        • Opcode ID: c74334df016d1431c26b9d146f44a1e313a81d6b20a01b98846ea4e7f07e8a4b
                                                                                                                                                                        • Instruction ID: ec21d75d997767a2cb9a1730eb557c4229a17ced8c5699ad694f92d2724eb009
                                                                                                                                                                        • Opcode Fuzzy Hash: c74334df016d1431c26b9d146f44a1e313a81d6b20a01b98846ea4e7f07e8a4b
                                                                                                                                                                        • Instruction Fuzzy Hash: 34B1D722B1AE9641EB609B21E5101BDA3D1EF46BE4F454131E95D8FBC5EF3CE881C782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _cwprintf_s_l
                                                                                                                                                                        • String ID: %s$ /%s$ /%s "%s"$ /%s %s$-Embedding$/%s$/%s %s$/broker$/ondemand$appargs$crash$crashhandler$custom_info_filename$enterprise$healthcheck$install$installsource$machine$medsvc$ping$registerproduct$regserver$regsvc$sessionid$silent$svc$uninstall$unregisterproduct$unregserver$unregsvc$update
                                                                                                                                                                        • API String ID: 2941638530-2048313773
                                                                                                                                                                        • Opcode ID: 39a01dd30e034c6e4e370aa841579a8d6b9c73343cf738f2b4df67109fd5f50f
                                                                                                                                                                        • Instruction ID: 9548d6a4d809c5d5eac04629a2dcc0d73fa5a410c6fc91ad0484ad109b933b0a
                                                                                                                                                                        • Opcode Fuzzy Hash: 39a01dd30e034c6e4e370aa841579a8d6b9c73343cf738f2b4df67109fd5f50f
                                                                                                                                                                        • Instruction Fuzzy Hash: AE126B62B0AE0795EB14EF79C4901FC33A1EF417A4B804636D62D8BAD9DF6CD549C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Write$CreateDebugDescriptorMutexOutputPointerReleaseSecurityStringlstrlen$CloseControlErrorHandleLastOwnerwvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: Could not acquire logging mutex %s$LOG_SYSTEM: [%s]: Could not create logging file %s
                                                                                                                                                                        • API String ID: 2301240503-2023621912
                                                                                                                                                                        • Opcode ID: 525d7c02f64a75f0851a737237f10f245259d005719e49de2779dedc604406f3
                                                                                                                                                                        • Instruction ID: 6cc82c3dfceec61995451d9d1515829d1f7008a8bf0be4d729c427bfa55efe91
                                                                                                                                                                        • Opcode Fuzzy Hash: 525d7c02f64a75f0851a737237f10f245259d005719e49de2779dedc604406f3
                                                                                                                                                                        • Instruction Fuzzy Hash: 25919136A06E5292EB54DF26D54456C3B60FF44BA4B048231DB5E8BAD4CF3CE46AC781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                                        • String ID: HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_LOCAL_MACHINE[64]$HKEY_USERS$HKLM$HKLM[64]$HKU
                                                                                                                                                                        • API String ID: 1586166983-2017182612
                                                                                                                                                                        • Opcode ID: fe0ce9466cb28daab2d74b98c6b3cd1aae4795d729e004a643e54446d141f648
                                                                                                                                                                        • Instruction ID: 9f939f7d51fb2e06af238a6af49cd0c52d577d594082225facfed3b2517e36b4
                                                                                                                                                                        • Opcode Fuzzy Hash: fe0ce9466cb28daab2d74b98c6b3cd1aae4795d729e004a643e54446d141f648
                                                                                                                                                                        • Instruction Fuzzy Hash: 60616F61A0AF1281EB109F2AE8442796351FF44BA0F844235DE5D8B7D5DF7CF44AD782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalDescriptorSectionSecurity$EnterLeave$CloseControlCreateDaclErrorGroupHandleInitializeLastMessageMutexOwnerPeekSacl
                                                                                                                                                                        • String ID: -x64$[CrashHandler][Failed to init crash dir][0x%08x]$[CrashHandler][Failed to start Breakpad][0x%08x]$[CrashHandler][Instance is already running][%d-bit][%d]${08DA086F-9FC4-4B2E-954C-6D7D5ACD5167}
                                                                                                                                                                        • API String ID: 1610748891-865581766
                                                                                                                                                                        • Opcode ID: 2c315265b5e1328a3718ad6c4f5f7c51635159656692724f31bd64ded16738bc
                                                                                                                                                                        • Instruction ID: 3a5e7073031174dcb20839c66b56f688fa28e1bd4fe5841861116b2f620aace2
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c315265b5e1328a3718ad6c4f5f7c51635159656692724f31bd64ded16738bc
                                                                                                                                                                        • Instruction Fuzzy Hash: DAC19372B0AF5386EB009B65E8401AD77A0FF84798F401135EA5D8BB95DF3CE49AC781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$HandleQueryValue_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID: ?$HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$uid$uid-create-time$uid-num-rotations
                                                                                                                                                                        • API String ID: 1825860274-598312057
                                                                                                                                                                        • Opcode ID: 69f5e3202b0c2d2c8e3c283419a71d266572433e8a6f95fd7a7c830871bf6b88
                                                                                                                                                                        • Instruction ID: c6e4bb3047b477076dd83360fc37cd434cb26f4f0754918fadedffeeb3a343e3
                                                                                                                                                                        • Opcode Fuzzy Hash: 69f5e3202b0c2d2c8e3c283419a71d266572433e8a6f95fd7a7c830871bf6b88
                                                                                                                                                                        • Instruction Fuzzy Hash: DFC16E62B1AE0696FB10DB65D4403BC33B1EF44798F404632DA1D9BA99DF7CE54AC382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl$CreateErrorLastMutex
                                                                                                                                                                        • String ID: _BraveSoftware_Update_logging_mutex_
                                                                                                                                                                        • API String ID: 495249308-2672253955
                                                                                                                                                                        • Opcode ID: f5d3dac8cd5b2cb420db336f188cd077d148cec6a0d5f20859812ae8e1b8ea7a
                                                                                                                                                                        • Instruction ID: f975832bca3adfcf423555582b534883f9363d6b8585505006d9766d78e965a2
                                                                                                                                                                        • Opcode Fuzzy Hash: f5d3dac8cd5b2cb420db336f188cd077d148cec6a0d5f20859812ae8e1b8ea7a
                                                                                                                                                                        • Instruction Fuzzy Hash: 57B13D72B06E1689EB50DF75E4541EC23B1FF40B98B404532DE1E9BA99DF38E54AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • LOG_SYSTEM: [%s]: ERROR - Log path %s has a reparse point, xrefs: 00007FF6AF3C9179
                                                                                                                                                                        • LOG_SYSTEM: ERROR - [::GetFileInformationByHandle failed][%d], xrefs: 00007FF6AF3C9161
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$DebugOutputString$ErrorLast$AttributesHandle$CloseCreateInfoInformationMoveNamedPathRemoveSecuritySpecWritewvsprintf
                                                                                                                                                                        • String ID: LOG_SYSTEM: ERROR - [::GetFileInformationByHandle failed][%d]$LOG_SYSTEM: [%s]: ERROR - Log path %s has a reparse point
                                                                                                                                                                        • API String ID: 692651417-3510489664
                                                                                                                                                                        • Opcode ID: 60d243ed211b8cb8e585f5f8483b26011950b90a9e90d9533047e5bc8265345e
                                                                                                                                                                        • Instruction ID: cef4adc5a3710b2e1cbff6fcd4a9a87911548f85fb955244a51f094339c8b3fb
                                                                                                                                                                        • Opcode Fuzzy Hash: 60d243ed211b8cb8e585f5f8483b26011950b90a9e90d9533047e5bc8265345e
                                                                                                                                                                        • Instruction Fuzzy Hash: B071C532A0AF5286E720DF21E8445AD7770FB85B94F404235EE8E8BA69DF3CE549C741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorControl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC846
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorOwner.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC86B
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorGroup.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC886
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC8A5
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DC930: GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3DD53D), ref: 00007FF6AF3DC8C9
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32 ref: 00007FF6AF3DCF25
                                                                                                                                                                        • RegDeleteValueW.ADVAPI32 ref: 00007FF6AF3DCF3A
                                                                                                                                                                        • RegSetValueExW.ADVAPI32 ref: 00007FF6AF3DCF9F
                                                                                                                                                                        • RegDeleteValueW.ADVAPI32 ref: 00007FF6AF3DCFC2
                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FF6AF3DD085
                                                                                                                                                                        • ReleaseMutex.KERNEL32 ref: 00007FF6AF3DD0AF
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00007FF6AF3DD0CA
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CAFF0: SHQueryValueExW.SHLWAPI ref: 00007FF6AF3CB030
                                                                                                                                                                          • Part of subcall function 00007FF6AF3CAFF0: SHQueryValueExW.SHLWAPI ref: 00007FF6AF3CB07A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value$DescriptorSecurity$Query$CloseDelete$ControlDaclGroupHandleMutexOwnerReleaseSacl
                                                                                                                                                                        • String ID: ; legacy$HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$old-uid$uid
                                                                                                                                                                        • API String ID: 4099968537-1200880116
                                                                                                                                                                        • Opcode ID: c8aaa1b0c19bb089bcd4e347ba6584abb9f9be27742daaf7052b384ebf0dac4c
                                                                                                                                                                        • Instruction ID: 19fda78ab8803be8085dcfc569e5533d622a15acaa79ec3c7b62faccbfe4a505
                                                                                                                                                                        • Opcode Fuzzy Hash: c8aaa1b0c19bb089bcd4e347ba6584abb9f9be27742daaf7052b384ebf0dac4c
                                                                                                                                                                        • Instruction Fuzzy Hash: DA713826A1AE1689EB10DB65D8503FC33B0FF94798F404532DA0D9BA99DF7CE549C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$ControlCreateDeviceEnumErrorExceptionFileHandleInfoLastOpenQueryRaise_snwprintf_s
                                                                                                                                                                        • String ID: HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName$\\.\%s
                                                                                                                                                                        • API String ID: 611326371-2675102385
                                                                                                                                                                        • Opcode ID: 3fe3ad22d9e57fe23225d60ef97e66f770bc375602991436bf980f31a3c8f5fc
                                                                                                                                                                        • Instruction ID: df4b1464bd9e916ee3d15da14e9f424b00fb0379844994a673653abee0038f1f
                                                                                                                                                                        • Opcode Fuzzy Hash: 3fe3ad22d9e57fe23225d60ef97e66f770bc375602991436bf980f31a3c8f5fc
                                                                                                                                                                        • Instruction Fuzzy Hash: E7B19272A1AF4286EB10DB65D4443AE77A0FB84BA4F440231DA5D8BB95DF3CE449C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCriticalHandleSectionUnregisterWait$DeleteDisconnectEnterLeaveMutexNamedPipeReleaseSleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2155286476-0
                                                                                                                                                                        • Opcode ID: 14972e1411d0da2c62b9705402844042739845c218c24975ca85903a4dc08435
                                                                                                                                                                        • Instruction ID: 1b0bc8a0e29d82d71a385d92001f9fa6131506f030992db8ed58c575ff9fe31d
                                                                                                                                                                        • Opcode Fuzzy Hash: 14972e1411d0da2c62b9705402844042739845c218c24975ca85903a4dc08435
                                                                                                                                                                        • Instruction Fuzzy Hash: 73412825B0AE4292EBA5DB22D55837963A0FF85B90F444531CA1E8FB91CF2CE465C392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressLibraryLoadProc_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID: .dmp$UuidCreate$rpcrt4.dll
                                                                                                                                                                        • API String ID: 89093655-2929501222
                                                                                                                                                                        • Opcode ID: 5337f6bcc48bdf96d1a2b02b9f8892fa3a610bb781751f39ee6706f17b534502
                                                                                                                                                                        • Instruction ID: b780786bc67a25100eaf2464edaa0bd1cdd23dd543d12b569f016d93156266c3
                                                                                                                                                                        • Opcode Fuzzy Hash: 5337f6bcc48bdf96d1a2b02b9f8892fa3a610bb781751f39ee6706f17b534502
                                                                                                                                                                        • Instruction Fuzzy Hash: B171AD32B16F4186EF10DF66E4442AC23E1EB45B98F404935DE6D9BB99CF38E416C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendDebugOutputString$Folder
                                                                                                                                                                        • String ID: BraveSoftware\Update\Log$BraveUpdate.log$LOG_SYSTEM: [%s]: ERROR - Cannot create ETW log writer$LOG_SYSTEM: [%s]: ERROR - Cannot create log writer to %s
                                                                                                                                                                        • API String ID: 1006704236-1185594264
                                                                                                                                                                        • Opcode ID: 2be6ce75fdf294a32e55d23615f2df2039ef50dc2e4d19dfc278ca872bf25446
                                                                                                                                                                        • Instruction ID: b6b6cd44e7f2970e3abe78d027bb51e0675027167187d8bf46a951f4a5421902
                                                                                                                                                                        • Opcode Fuzzy Hash: 2be6ce75fdf294a32e55d23615f2df2039ef50dc2e4d19dfc278ca872bf25446
                                                                                                                                                                        • Instruction Fuzzy Hash: 65D16232B06E9286EB549F29C8542BC23A0EF44BA4F444235DB5D8B7D5DF7CE94AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DuplicateHandle$CurrentProcess$ErrorFileLastWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3225829183-0
                                                                                                                                                                        • Opcode ID: d7e061da5c743914325570df55a46971a06d93edc4eb534a3eadc44730a72f5e
                                                                                                                                                                        • Instruction ID: de6a817666bc4410d6dec0f3e125fd11158cef705dd6270f6d6665c5651e37bf
                                                                                                                                                                        • Opcode Fuzzy Hash: d7e061da5c743914325570df55a46971a06d93edc4eb534a3eadc44730a72f5e
                                                                                                                                                                        • Instruction Fuzzy Hash: E4514FB2616A81CBE7A08F61E84475E77E4FB88B88F005536EE4D4BA18DF38D154CB80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 3606184308-393685449
                                                                                                                                                                        • Opcode ID: 5eba97b9a18e6ff58d044b6149bc44457d273076712e9a8368bfc7a1db58e3e2
                                                                                                                                                                        • Instruction ID: bf9fc3cad38b78fdc2b53d4078d7cb9c736adb9178dbc6f9a6f62459243fb0a3
                                                                                                                                                                        • Opcode Fuzzy Hash: 5eba97b9a18e6ff58d044b6149bc44457d273076712e9a8368bfc7a1db58e3e2
                                                                                                                                                                        • Instruction Fuzzy Hash: 15D18036E09B419AEB209F65D4402AD7BE0FF5A788F004135EE8D9BB55CF38E855C782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                        • String ID: IsWow64Process2$arm64$kernel32.dll$x64$x86
                                                                                                                                                                        • API String ID: 4190356694-1443508272
                                                                                                                                                                        • Opcode ID: a7886bc72ae132222d92073fde0c1ce0547beba5c9d7e25bf720336b4a6d6869
                                                                                                                                                                        • Instruction ID: 5843b29b09e33ba5d6df205a7cfba70565c6be7419d7f05db681377da4591b75
                                                                                                                                                                        • Opcode Fuzzy Hash: a7886bc72ae132222d92073fde0c1ce0547beba5c9d7e25bf720336b4a6d6869
                                                                                                                                                                        • Instruction Fuzzy Hash: E151BF72B16E1299EB00DF38C4441AC3770FB84BA8B454632DA1E9B7D9DF38E55AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$Token$InformationProcess$CloseControlCurrentDaclErrorGroupHandleLastOpenOwnerProfileSaclUnloadUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2331543259-0
                                                                                                                                                                        • Opcode ID: cbb7051fec765390e83f4987400cd4421291a10fdd98add75b415d100003350d
                                                                                                                                                                        • Instruction ID: 51e9773c80dd8a67ae0180d4ece12d06edc7d03b0a634cf6340135e21b052960
                                                                                                                                                                        • Opcode Fuzzy Hash: cbb7051fec765390e83f4987400cd4421291a10fdd98add75b415d100003350d
                                                                                                                                                                        • Instruction Fuzzy Hash: 56A16332A1AE9295EB60DF21E4401ED7770FF85784F504132EA8D8BA59DF3CE54AC781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Delete$AttributesCloseCreateErrorExceptionHandleLastRaiseTime
                                                                                                                                                                        • String ID: [CrashHandler][Deleted Stale Crash][filename %s][custom data %s]$[StartCrashUploader() failed][0x%08x]
                                                                                                                                                                        • API String ID: 1078037304-3333487420
                                                                                                                                                                        • Opcode ID: 4c8a8989320bafba2c49597bd85a75078e8e89ba99ea9704ebaf673132d1aac4
                                                                                                                                                                        • Instruction ID: 8c5da838eeb9e040a52a3b6e89fee3d78a252cb13feecd7a5a4519c28c48ce7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 4c8a8989320bafba2c49597bd85a75078e8e89ba99ea9704ebaf673132d1aac4
                                                                                                                                                                        • Instruction Fuzzy Hash: 82C1EE22B0AF5295EB14DB35C4401BC27A1EB84F9CB484535DA1E8F795DF3CE44AC392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary$AddressProcVersion
                                                                                                                                                                        • String ID: GetProductInfo$kernel32.dll$x64
                                                                                                                                                                        • API String ID: 2117465219-1952678207
                                                                                                                                                                        • Opcode ID: 349d1170ed9ef0e09be8d7b4bd3bb09c9eb6e40349f6624712e1644e3c0e4d35
                                                                                                                                                                        • Instruction ID: 85280085672a9b655149384ecdcd09cc94ec39ffcd678d288094386038b5dffd
                                                                                                                                                                        • Opcode Fuzzy Hash: 349d1170ed9ef0e09be8d7b4bd3bb09c9eb6e40349f6624712e1644e3c0e4d35
                                                                                                                                                                        • Instruction Fuzzy Hash: B1617E32E0ED7781EFA49A3895682792794FF82794F050131D51DCA6E4CE3EF94A9382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$Openlstrcmplstrlen
                                                                                                                                                                        • String ID: PendingFileRenameOperations$\??\
                                                                                                                                                                        • API String ID: 2090349685-1186864550
                                                                                                                                                                        • Opcode ID: 5b1eca5fc9f2a3959d90d53cba2e808c2832ac08b1534050d15703f3e8f1851e
                                                                                                                                                                        • Instruction ID: c01717af161afeb6d66a5c4b41f9511e335ca7ee91627396afee0a510147cc94
                                                                                                                                                                        • Opcode Fuzzy Hash: 5b1eca5fc9f2a3959d90d53cba2e808c2832ac08b1534050d15703f3e8f1851e
                                                                                                                                                                        • Instruction Fuzzy Hash: EB51B022B0AE5295FB208F68E4056A873B0FF49798F454231DE4D9B6A5EF7CE146C3C1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00007FF6AF3CDCD2), ref: 00007FF6AF3D8473
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite
                                                                                                                                                                        • String ID: %s %s$%s=%s$ClientCustomData$GOOGLE_UPDATE_NO_CRASH_HANDLER$[%s]$[StartProcessWithNoExceptionHandler][%s]
                                                                                                                                                                        • API String ID: 3934441357-1723446422
                                                                                                                                                                        • Opcode ID: 94de3e63104b5f50ef8a4740d0f7260e8785e5cb14f6d82a30073b87113132f6
                                                                                                                                                                        • Instruction ID: dd94b65722895bf8ab1f1db0c76cec3c27003da5acdd26b504b48877e9adc080
                                                                                                                                                                        • Opcode Fuzzy Hash: 94de3e63104b5f50ef8a4740d0f7260e8785e5cb14f6d82a30073b87113132f6
                                                                                                                                                                        • Instruction Fuzzy Hash: 4941B572B0AF4282EB149F29D4400AD63A1FB84FE4B48453ADB5D8B7A5CF6CE845C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32$unknown$x64$x86
                                                                                                                                                                        • API String ID: 1646373207-2413232933
                                                                                                                                                                        • Opcode ID: 182febb25887453eeebee0393178e96cb83778457029d92c10d2f732f775a980
                                                                                                                                                                        • Instruction ID: f796c2bbcae4d8ead6a68a9be48cf8e20a300238f8fbe159561db57e76d07d27
                                                                                                                                                                        • Opcode Fuzzy Hash: 182febb25887453eeebee0393178e96cb83778457029d92c10d2f732f775a980
                                                                                                                                                                        • Instruction Fuzzy Hash: 76414F32E16E5285EB109F28D8402B83760FF94B79F464331EA7E866D5DF6CE485C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$LeaveObjectRegisterSingleWait$EnterXinvalid_argumentstd::_
                                                                                                                                                                        • String ID: list too long
                                                                                                                                                                        • API String ID: 2590634607-1124181908
                                                                                                                                                                        • Opcode ID: ad1de824baff6aec727ef81c44663ae0ff5106629ea087abaadd8ef50d0e3f76
                                                                                                                                                                        • Instruction ID: c1ecc65d8db3a6886d423c40ca8946d22c37d676172e682733eb9f0d4ebc4caf
                                                                                                                                                                        • Opcode Fuzzy Hash: ad1de824baff6aec727ef81c44663ae0ff5106629ea087abaadd8ef50d0e3f76
                                                                                                                                                                        • Instruction Fuzzy Hash: DA319836A0AF4282E7948F11E80416DB3E4FB88F90B544631DB9E8B7A4CF38D555C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EventLeaveTimeUnregisterWait$EnterFileMemoryProcessReadResetSystem_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 172547436-0
                                                                                                                                                                        • Opcode ID: 977f84771a8155159f20debc9f95c99dca375aef2fc5240d908c456ab77b1ca2
                                                                                                                                                                        • Instruction ID: a013e3c1d39dde43ec2c56e831346b24497209533516546c348b46fee21d16d1
                                                                                                                                                                        • Opcode Fuzzy Hash: 977f84771a8155159f20debc9f95c99dca375aef2fc5240d908c456ab77b1ca2
                                                                                                                                                                        • Instruction Fuzzy Hash: 11516B62A0AF8582EB948F25E45436E73A0FF89BD4F484631EA9D8B794CF3CE450C741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                        • String ID: [No crash file]$[StartCrashReporter failed][0x%08x]
                                                                                                                                                                        • API String ID: 3168844106-2686982716
                                                                                                                                                                        • Opcode ID: 6e2c3bd6061f38a36fcb05eb5562b49903c2a83385838518854fa364007a4ca1
                                                                                                                                                                        • Instruction ID: edf7814c736cb9c6c3534bcf7f26415e568ce8c26317cbd8fd7814639c1de8ec
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e2c3bd6061f38a36fcb05eb5562b49903c2a83385838518854fa364007a4ca1
                                                                                                                                                                        • Instruction Fuzzy Hash: 3531BF36A0DB8385EB608B22E8401797760FF85B88F444135D98E8B756CF7CF149C786
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Debug$CountEventTick$ActiveContinueProcessSleepStopWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1595541703-0
                                                                                                                                                                        • Opcode ID: 0097283a6ba6ea87c34540b2e18fe79d25d9daff325c7f361d8a600d7689021e
                                                                                                                                                                        • Instruction ID: b0d46424e47e3e04230385351b8acef7f43970ff47769088dfed99d2ff7fa604
                                                                                                                                                                        • Opcode Fuzzy Hash: 0097283a6ba6ea87c34540b2e18fe79d25d9daff325c7f361d8a600d7689021e
                                                                                                                                                                        • Instruction Fuzzy Hash: 3FB16F52D19F8586E721CB38C5012BC27A0FBA9B8CF15A325DF8C5A256EF38E2D5C341
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$QueryValue_cwprintf_s_l_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID: HKCU\Software\BraveSoftware\Update\$HKLM\Software\BraveSoftware\Update\$uid
                                                                                                                                                                        • API String ID: 557519834-1956591466
                                                                                                                                                                        • Opcode ID: d9a504bd2884765d138cbf35840486e3fb45d216473a974b6e920f85825ccee2
                                                                                                                                                                        • Instruction ID: 1c221bf2a555b8052879ed0eb6ad81e27d9194a6a2700dbf85087f8feeeb3c71
                                                                                                                                                                        • Opcode Fuzzy Hash: d9a504bd2884765d138cbf35840486e3fb45d216473a974b6e920f85825ccee2
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A61B362B26E0686FB109B65C8403AD27A1FF44BE8F084631DE6C9B6D9DF7CD4858391
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$EventFileWrite
                                                                                                                                                                        • String ID: [CrashHandler][Preparing dump][%d-bit][pid %d]
                                                                                                                                                                        • API String ID: 3068432810-3072279710
                                                                                                                                                                        • Opcode ID: 3c18835fa243e7f86eaebbbada8022385fc0a7889fb91b3759427582796412c1
                                                                                                                                                                        • Instruction ID: 19f2e782ad2b35913d173f01d27439662ac635e0f2a54896f9eb721ae4881a7a
                                                                                                                                                                        • Opcode Fuzzy Hash: 3c18835fa243e7f86eaebbbada8022385fc0a7889fb91b3759427582796412c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 7F616E62A1AE1289EB50DF21D8543ED27A0FF4478CF540135EE0E9FA99DF78E45AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                        • String ID: VerifierEnumerateResource$verifier.dll
                                                                                                                                                                        • API String ID: 1580871199-3762872906
                                                                                                                                                                        • Opcode ID: b933aec147780a768edccbde703f369cf532ab31d9a762da9e8e709f49e9987e
                                                                                                                                                                        • Instruction ID: ff8209a13f7bfed7435252086a9a555ca7920cfa34121c33bcc73daf78b9d127
                                                                                                                                                                        • Opcode Fuzzy Hash: b933aec147780a768edccbde703f369cf532ab31d9a762da9e8e709f49e9987e
                                                                                                                                                                        • Instruction Fuzzy Hash: FE515A72A06F4196EB54CF26E9402A973A0FB48B84F588536CE4D8B754DF3CE562C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ControlCreateDaclGroupMutexOwnerSacl
                                                                                                                                                                        • String ID: {D6025E95-A77B-4ADB-B46F-65CC31BB40E7}
                                                                                                                                                                        • API String ID: 358609436-3776728971
                                                                                                                                                                        • Opcode ID: fbc5f36dd3b3312ebedebfa28d37023c2d9ded10a19392b3b4e1db83eeb1ea6f
                                                                                                                                                                        • Instruction ID: eb3c0e2c2f52a6a90de565bdd2032301c00d0fe3cf4d650124b10e4beb1cadff
                                                                                                                                                                        • Opcode Fuzzy Hash: fbc5f36dd3b3312ebedebfa28d37023c2d9ded10a19392b3b4e1db83eeb1ea6f
                                                                                                                                                                        • Instruction Fuzzy Hash: 67516132B15E6699EB40DFB1E8405EC27B4FB40798B400531EE5EABA99CF38D44AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AF3E28CE,?,?,?,00007FF6AF3E2544,?,?,?,?,00007FF6AF3E1FF1), ref: 00007FF6AF3E26A1
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6AF3E28CE,?,?,?,00007FF6AF3E2544,?,?,?,?,00007FF6AF3E1FF1), ref: 00007FF6AF3E26AF
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AF3E28CE,?,?,?,00007FF6AF3E2544,?,?,?,?,00007FF6AF3E1FF1), ref: 00007FF6AF3E26D9
                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF6AF3E28CE,?,?,?,00007FF6AF3E2544,?,?,?,?,00007FF6AF3E1FF1), ref: 00007FF6AF3E271F
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF6AF3E28CE,?,?,?,00007FF6AF3E2544,?,?,?,?,00007FF6AF3E1FF1), ref: 00007FF6AF3E272B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                        • Opcode ID: 4531e4ce760006a77428897dbd85ff8fe8cad863be8fe4213413207ff16dbe8c
                                                                                                                                                                        • Instruction ID: ae87d013f2e8d3c407103da3c220e6bac3eaf0a287bb9c9ab3291f0d1b4795e3
                                                                                                                                                                        • Opcode Fuzzy Hash: 4531e4ce760006a77428897dbd85ff8fe8cad863be8fe4213413207ff16dbe8c
                                                                                                                                                                        • Instruction Fuzzy Hash: 5631C421E1BE4291EF569B06E80057A63D4FF0ABA4F994635DD5D8F391EF3CE8448382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64,?,?,?,00007FF6AF3DC7F7), ref: 00007FF6AF3C490A
                                                                                                                                                                        • GetSecurityDescriptorOwner.ADVAPI32(?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64,?,?,?,00007FF6AF3DC7F7), ref: 00007FF6AF3C492F
                                                                                                                                                                        • GetSecurityDescriptorGroup.ADVAPI32(?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64,?,?,?,00007FF6AF3DC7F7), ref: 00007FF6AF3C494A
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64,?,?,?,00007FF6AF3DC7F7), ref: 00007FF6AF3C4969
                                                                                                                                                                        • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64,?,?,?,00007FF6AF3DC7F7), ref: 00007FF6AF3C498D
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C398C: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FF6AF3C48DC,?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64), ref: 00007FF6AF3C399F
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C398C: GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FF6AF3C48DC,?,?,?,?,?,00000000,{BC6A0F04-AE75-459F-B879-2C961515B78A},?,?,00007FF6AF3C4A64), ref: 00007FF6AF3C39CA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$Control$DaclGroupLengthOwnerSacl
                                                                                                                                                                        • String ID: {BC6A0F04-AE75-459F-B879-2C961515B78A}
                                                                                                                                                                        • API String ID: 3861522036-3018252608
                                                                                                                                                                        • Opcode ID: 90996acdad46c6f23af04041736365e3660843971acb62b1c051bf6e1fab5218
                                                                                                                                                                        • Instruction ID: e67aafba4fdfd3bddcde9a00e5731fa97d91a2a57db66df0bc1c62607bacf78c
                                                                                                                                                                        • Opcode Fuzzy Hash: 90996acdad46c6f23af04041736365e3660843971acb62b1c051bf6e1fab5218
                                                                                                                                                                        • Instruction Fuzzy Hash: 8531F772A16E66D9EB50DF61D8400FC2770FB84B88B401432EE0E9BA58DF38D94AC3C1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                        • Opcode ID: 670b23c2b37053ce103d8fd91cad6098a8464180aee0e7c03d294e5127d66fa2
                                                                                                                                                                        • Instruction ID: 58e03fb0c08fa25019424ae18c489159300c48327ba148b58e067a763a36c09d
                                                                                                                                                                        • Opcode Fuzzy Hash: 670b23c2b37053ce103d8fd91cad6098a8464180aee0e7c03d294e5127d66fa2
                                                                                                                                                                        • Instruction Fuzzy Hash: 16216A20A0EA4281FBA4A771E55917963D25F96BA0F044634E8AE8F7C6DE2CAC014382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                        • Opcode ID: bdd2e3f12c948121e102ea426856f12ac4024ba02006095291c303f7d72784b3
                                                                                                                                                                        • Instruction ID: 1745eda0a3beb9fa4c47795a174d4167896da6e0d05aa3b29885ab372c2f81b1
                                                                                                                                                                        • Opcode Fuzzy Hash: bdd2e3f12c948121e102ea426856f12ac4024ba02006095291c303f7d72784b3
                                                                                                                                                                        • Instruction Fuzzy Hash: DC117C21B29A4186E3909B56A848369B7A0FF88FE4F040234EA1ECBB94DF3CD414C785
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(?,?,?,00007FF6AF3CA929,?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA894
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF6AF3CA929,?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA8AC
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF6AF3CA929,?,?,?,00007FF6AF3DC807), ref: 00007FF6AF3CA8C3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: CreateEventExW$CreateMutexExW$kernel32.dll
                                                                                                                                                                        • API String ID: 667068680-2423819206
                                                                                                                                                                        • Opcode ID: 885516d5f7488e12c3aef22709a0316917a25330b9149976f9265729175c02d6
                                                                                                                                                                        • Instruction ID: 74f766babb40c5c162be6c306ab9655814d5cafcd4e2af7899c56b045b54fe97
                                                                                                                                                                        • Opcode Fuzzy Hash: 885516d5f7488e12c3aef22709a0316917a25330b9149976f9265729175c02d6
                                                                                                                                                                        • Instruction Fuzzy Hash: B8F0E221D1BF1382FF649B24A85837027A0EF54750F480036C90E8A2A2EF7CB49AC392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CloseEnterHandleLeaveUnregisterWait$_invalid_parameter_noinfo_noreturn$DeleteDisconnectMutexNamedPipeReleaseSleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1474101561-0
                                                                                                                                                                        • Opcode ID: 5a876420e640cbd04400d4f5a90e695885b2272cc31273fff518298defbe5b32
                                                                                                                                                                        • Instruction ID: 4a89b5778f21e19a54f6757d6c2894277f8ff6ef000fffd1c14628f327400146
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a876420e640cbd04400d4f5a90e695885b2272cc31273fff518298defbe5b32
                                                                                                                                                                        • Instruction Fuzzy Hash: AE51AF32B1AE4286EB10DB25D4543BD6361EF44B98F400531EA5D8BB96DF3CE59AC382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: GetProcessHeap.KERNEL32(?,?,?,00007FF6AF3C1009), ref: 00007FF6AF3C152E
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C1563
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C15CC
                                                                                                                                                                        • GetSidLengthRequired.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C2077
                                                                                                                                                                        • InitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C2096
                                                                                                                                                                        • GetSidSubAuthority.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C20CA
                                                                                                                                                                        • IsValidSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C20E5
                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C20F4
                                                                                                                                                                        • CopySid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6AF3C210E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footerLength$AuthorityCopyHeapInitializeProcessRequiredValid
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 910760405-0
                                                                                                                                                                        • Opcode ID: 63474374e5023abd4441dc486b76ab7138e45e60b8cba90f3504e95eae357d87
                                                                                                                                                                        • Instruction ID: a407d44f9a138c1e62a46b86f81702d0d8d007bb66f2e295ddfe8a9c8f6c55e8
                                                                                                                                                                        • Opcode Fuzzy Hash: 63474374e5023abd4441dc486b76ab7138e45e60b8cba90f3504e95eae357d87
                                                                                                                                                                        • Instruction Fuzzy Hash: 10419822A0AF9282EB54AB25E45476D2790FF45B44F844134D78DCB791DF3CF81AC792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$Group$AbsoluteControlCopyErrorInitializeLastLengthMakeValid
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4238204200-0
                                                                                                                                                                        • Opcode ID: a9dc0135024c874b4ad4fcf7736e87ad24989ce2adf823ac763ef31559c9b21e
                                                                                                                                                                        • Instruction ID: 89113a8c1ff62172e1854106343e8264c1a785d25a47174b5088dffa162f1497
                                                                                                                                                                        • Opcode Fuzzy Hash: a9dc0135024c874b4ad4fcf7736e87ad24989ce2adf823ac763ef31559c9b21e
                                                                                                                                                                        • Instruction Fuzzy Hash: 26314211B0FE5342FB45AB62A45837E5390AF85B80F584434DA4ECF782DE2CF85A83C2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 3523768491-393685449
                                                                                                                                                                        • Opcode ID: 502c55ec703be86fb96c8f3282faa81b82038a2f01b8c19e0097d070bcb541bf
                                                                                                                                                                        • Instruction ID: a186cb5597b580d6befd742d7e92ca59b2cf43c519e4c112ecafa9bcb6f130cb
                                                                                                                                                                        • Opcode Fuzzy Hash: 502c55ec703be86fb96c8f3282faa81b82038a2f01b8c19e0097d070bcb541bf
                                                                                                                                                                        • Instruction Fuzzy Hash: 35E19476D09B828AE7609F24D4803AD37E0FF5A748F154135DA8D8B796CF38E985C782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000,00007FF6AF3E6EFB,?,?,?), ref: 00007FF6AF3EDF57
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000,00007FF6AF3E6EFB,?,?,?), ref: 00007FF6AF3EDF8D
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000,00007FF6AF3E6EFB,?,?,?), ref: 00007FF6AF3EDFBA
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000,00007FF6AF3E6EFB,?,?,?), ref: 00007FF6AF3EDFCB
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000,00007FF6AF3E6EFB,?,?,?), ref: 00007FF6AF3EDFDC
                                                                                                                                                                        • SetLastError.KERNEL32(?,?,00000004,00007FF6AF3E6E85,?,?,?,?,00007FF6AF3EE1A2,?,?,00000000,00007FF6AF3E6EFB,?,?,?), ref: 00007FF6AF3EDFF7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                        • Opcode ID: 0b7dd0973cb4e4acef62b62042a53779b5c9ab694ecf2b2fe2e586fae1d51979
                                                                                                                                                                        • Instruction ID: 4dedeb1ee94ca489b69dd364d33d550b4447c942e754cc6d4debb1147149b3aa
                                                                                                                                                                        • Opcode Fuzzy Hash: 0b7dd0973cb4e4acef62b62042a53779b5c9ab694ecf2b2fe2e586fae1d51979
                                                                                                                                                                        • Instruction Fuzzy Hash: 47115E20B0EA4282FB64A775E5551BD63D19F46BB0F044634E86EDF7D6DE2CE8124382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCriticalDeleteFreeHandleLibrarySection
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 165238876-0
                                                                                                                                                                        • Opcode ID: 24e9ef4c95291f649e97243fa3c83a2b652486d7b261923466b9887711fe2aa2
                                                                                                                                                                        • Instruction ID: dfbe1622a070c274097cd825be717f68174714daf3e3569e124bc36cc99b7bab
                                                                                                                                                                        • Opcode Fuzzy Hash: 24e9ef4c95291f649e97243fa3c83a2b652486d7b261923466b9887711fe2aa2
                                                                                                                                                                        • Instruction Fuzzy Hash: D1011E11A0AD4281EF949B75D8593782395EF40B38F080731CA3F8E1E1DF2C9449C392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSectionValue$CloseEnterLeaveQuery
                                                                                                                                                                        • String ID: Timings
                                                                                                                                                                        • API String ID: 1881569888-3816324337
                                                                                                                                                                        • Opcode ID: 925390c054118a2f6fbbb9d5c7affbaf040017868b126cb13bb1fa602bd8450b
                                                                                                                                                                        • Instruction ID: 85c9c5796db839eb752cc62e000bc8252649c772cf51993ff87a0467c13a9c87
                                                                                                                                                                        • Opcode Fuzzy Hash: 925390c054118a2f6fbbb9d5c7affbaf040017868b126cb13bb1fa602bd8450b
                                                                                                                                                                        • Instruction Fuzzy Hash: E7515932B05E429AEB50DF35D4802AD33B5FB48B8CF404532EA4C9BA69DF38D665C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footerPrivateProfile$HeapProcess
                                                                                                                                                                        • String ID: LogFileWide$LoggingSettings$MaxLogFileSize
                                                                                                                                                                        • API String ID: 2570437202-2181087832
                                                                                                                                                                        • Opcode ID: 47b631fcef20c13d5b47733b7d1337db8b154f2ef7e5393d8019d7dea6a855ee
                                                                                                                                                                        • Instruction ID: a5662200b8db08de102052e886ec799f87a9e5c8dff0b9c6ecd70fa50afc0a96
                                                                                                                                                                        • Opcode Fuzzy Hash: 47b631fcef20c13d5b47733b7d1337db8b154f2ef7e5393d8019d7dea6a855ee
                                                                                                                                                                        • Instruction Fuzzy Hash: 7141B362A0AF5182EB449B19D4402A83360FF45B84F588035DF4D8BB96DF7CE5AAC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSectionValue$CloseEnterLeaveQuery
                                                                                                                                                                        • String ID: Counts
                                                                                                                                                                        • API String ID: 1881569888-3214611213
                                                                                                                                                                        • Opcode ID: e278f23090bda36fcedc452ea8b1270bde0998d6ef09fd2aca2233757f4eb9af
                                                                                                                                                                        • Instruction ID: 9e489746399436c4f5743099ce583365c001170d0070ca0a030ff3a1a5a40f36
                                                                                                                                                                        • Opcode Fuzzy Hash: e278f23090bda36fcedc452ea8b1270bde0998d6ef09fd2aca2233757f4eb9af
                                                                                                                                                                        • Instruction Fuzzy Hash: 8931BE33A05E128AEB608F25D8807AD7BA5FF44B98F144532EB1D8BA58DF38D595C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressGuidsHandleModuleProcRegisterTrace
                                                                                                                                                                        • String ID: RtlCaptureStackBackTrace$kernel32.dll
                                                                                                                                                                        • API String ID: 3926896046-94782561
                                                                                                                                                                        • Opcode ID: 65fb25f617f3e0eaa6c95712d7f47439fd53bb0767354d6f5072d727e84d9ba3
                                                                                                                                                                        • Instruction ID: 8945359b634a2010a0ed1a9eb81a9425ad09067141245167533f7e2a782fd462
                                                                                                                                                                        • Opcode Fuzzy Hash: 65fb25f617f3e0eaa6c95712d7f47439fd53bb0767354d6f5072d727e84d9ba3
                                                                                                                                                                        • Instruction Fuzzy Hash: 26315C32A1AF4291EB008F01E5843A973A4FB58794F444135DB8D8BB65EF7CE1AAC745
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCreateHandleModuleProc
                                                                                                                                                                        • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                        • API String ID: 1964897782-2994018265
                                                                                                                                                                        • Opcode ID: 0fae9b88fbbf5963f78704fc8bd05f7ed7ff72946a3ace3e9342f14fa3b3cec0
                                                                                                                                                                        • Instruction ID: 67fe484e0febf28f9e1880b20f3db72fa87d3c6d76ed548756b107c98cf62421
                                                                                                                                                                        • Opcode Fuzzy Hash: 0fae9b88fbbf5963f78704fc8bd05f7ed7ff72946a3ace3e9342f14fa3b3cec0
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A21303261DB8182EBA0CB15F44876AB7A0FB98BD4F144535EA8D4BB98CF7CD084CB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageProcess$CurrentDispatchSizeWorking
                                                                                                                                                                        • String ID: [CrashHandler::RunUntilShutdown]
                                                                                                                                                                        • API String ID: 636188758-3731342378
                                                                                                                                                                        • Opcode ID: 2de8aa91ebe3a1cd7ff5c9897d42852d15e118dfcaa551d386bd37af383a190c
                                                                                                                                                                        • Instruction ID: 13fdaedf2a9833fc7d8da7098329f6b13e4cee8facba257eec604ede0c6665cd
                                                                                                                                                                        • Opcode Fuzzy Hash: 2de8aa91ebe3a1cd7ff5c9897d42852d15e118dfcaa551d386bd37af383a190c
                                                                                                                                                                        • Instruction Fuzzy Hash: F011C622E1DE9281E7609F34E45017E6360EF95398F105330E6AEC95E5DE2CF5898B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 914ebbb0b8a07545555ccfb10d4771a25022c63bfbd00e2d908c72e00b3c78dc
                                                                                                                                                                        • Instruction ID: f5c5ea53dca395c25bd470f4e7ac3c6008cb6286e75db0d5e7482edd641a16fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 914ebbb0b8a07545555ccfb10d4771a25022c63bfbd00e2d908c72e00b3c78dc
                                                                                                                                                                        • Instruction Fuzzy Hash: 34B18022E0FE8681EB659A51D4406796BD0EF46B84F0D84B5DE8D8F795DF3CEC818382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCreateCurrentFileHandleProcessQueryThreadVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1837238986-0
                                                                                                                                                                        • Opcode ID: bf68f761db20bbb550b6ad8fa8fae57e7333c9367dc015c1de4579481e8fda18
                                                                                                                                                                        • Instruction ID: e08917df1d9ae3487565b38bd9e66dcea55592497a8091be03a5d235c53b7d3f
                                                                                                                                                                        • Opcode Fuzzy Hash: bf68f761db20bbb550b6ad8fa8fae57e7333c9367dc015c1de4579481e8fda18
                                                                                                                                                                        • Instruction Fuzzy Hash: AB515832B15B858AEB60CFA5E4407AD73A0FB89B98F500139DE9D87B58DF39D015CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,?,?,?,?,?,00007FF6AF3C4396), ref: 00007FF6AF3C3518
                                                                                                                                                                        • InitializeSecurityDescriptor.ADVAPI32(?,?,?,?,?,?,?,?,?,00007FF6AF3C4396), ref: 00007FF6AF3C3545
                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,?,?,?,?,?,?,?,00007FF6AF3C4396), ref: 00007FF6AF3C3589
                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,?,?,?,?,?,00007FF6AF3C4396), ref: 00007FF6AF3C35ED
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C36A0: GetSecurityDescriptorControl.ADVAPI32 ref: 00007FF6AF3C36D4
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C36A0: MakeAbsoluteSD.ADVAPI32 ref: 00007FF6AF3C3745
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C36A0: GetLastError.KERNEL32 ref: 00007FF6AF3C374B
                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AF3C3678
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$Dacl$AbsoluteControlErrorInformationInitializeLastMake_invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 558418638-0
                                                                                                                                                                        • Opcode ID: 1c81209eb163855ea707ca1008daa87baa9ddfbb4bd60c9c5c39e93b95d4a93a
                                                                                                                                                                        • Instruction ID: 31a9ce34e8442b2fde3c1c92f8284c20fb884539bebcd8afccbb59f7adcdb28e
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c81209eb163855ea707ca1008daa87baa9ddfbb4bd60c9c5c39e93b95d4a93a
                                                                                                                                                                        • Instruction Fuzzy Hash: 22519411B0FE5746FB54AB62E4557BA5390AF84B80F444534DA8E8F792DE3CF80A83C2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$Event$MutexNamedObjectPipeRegisterSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 503818757-0
                                                                                                                                                                        • Opcode ID: e8be88726d25e61757538d092d1e4f4295a13fd578f2dda3f602cf28c9737c38
                                                                                                                                                                        • Instruction ID: f62ac36428b004ec855355cff96721de00438b44aa7d92147b9e2bc9315716a5
                                                                                                                                                                        • Opcode Fuzzy Hash: e8be88726d25e61757538d092d1e4f4295a13fd578f2dda3f602cf28c9737c38
                                                                                                                                                                        • Instruction Fuzzy Hash: 42217C32A0AB4282EBA0CF24E44876933E4FB44B58F540635DA5E8B7A4DF7CD549CB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                        • Opcode ID: 4559e979cee99ad3202dd1ca49153a7b78be08e0391a3dd72d6bc232f62872fc
                                                                                                                                                                        • Instruction ID: 022fb6dbbe71552e2baa2e68bc79867a18a323e12c4777d428f93a5dbb6e6e71
                                                                                                                                                                        • Opcode Fuzzy Hash: 4559e979cee99ad3202dd1ca49153a7b78be08e0391a3dd72d6bc232f62872fc
                                                                                                                                                                        • Instruction Fuzzy Hash: 19312C72A16E418AEB858F78C45833833A0FF44F6AF144635CA1D8B298CF7DD498C391
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1158139820-0
                                                                                                                                                                        • Opcode ID: c1fcca831fdc7b4fdac7227dc5082d5f88f60b74ff57f137026ac2b9f84d60af
                                                                                                                                                                        • Instruction ID: e845fbaf00a19d18fea8a4847e10bf2a67cbcfc5cc1f4df800c3eb10a4b789ef
                                                                                                                                                                        • Opcode Fuzzy Hash: c1fcca831fdc7b4fdac7227dc5082d5f88f60b74ff57f137026ac2b9f84d60af
                                                                                                                                                                        • Instruction Fuzzy Hash: 86212622A15D82C9EB409F71D8405EC6360FF84B8CB445132EA0E8EA68DF38D98AC381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                        • Opcode ID: ec3b6d68eee0a75696e1636716fc4043ca254a3c31bb067f8149a313a900c3d2
                                                                                                                                                                        • Instruction ID: a9e4f07029808c6db3dab76210e1e1e4e93218da1dc457a1fc82150088a6f464
                                                                                                                                                                        • Opcode Fuzzy Hash: ec3b6d68eee0a75696e1636716fc4043ca254a3c31bb067f8149a313a900c3d2
                                                                                                                                                                        • Instruction Fuzzy Hash: F8117322E5EF1315F7E81128E4553B913506F543B4F544634F96EDE3D7CE5DA8424382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF6AF3E69E3,?,?,00000000,00007FF6AF3E6C7E,?,?,?,?,?,00007FF6AF3E6C0A), ref: 00007FF6AF3EE02F
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6AF3E69E3,?,?,00000000,00007FF6AF3E6C7E,?,?,?,?,?,00007FF6AF3E6C0A), ref: 00007FF6AF3EE04E
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6AF3E69E3,?,?,00000000,00007FF6AF3E6C7E,?,?,?,?,?,00007FF6AF3E6C0A), ref: 00007FF6AF3EE076
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6AF3E69E3,?,?,00000000,00007FF6AF3E6C7E,?,?,?,?,?,00007FF6AF3E6C0A), ref: 00007FF6AF3EE087
                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6AF3E69E3,?,?,00000000,00007FF6AF3E6C7E,?,?,?,?,?,00007FF6AF3E6C0A), ref: 00007FF6AF3EE098
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                        • Opcode ID: 5a2b12227b5ecaabacdd975910f6d0b7eecf27287c88f1b3dc50a22e46226377
                                                                                                                                                                        • Instruction ID: 70c8676997f6e63278289fd699714eb5b40d7cb162fdbf5ce6a11e2e6fd4de18
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a2b12227b5ecaabacdd975910f6d0b7eecf27287c88f1b3dc50a22e46226377
                                                                                                                                                                        • Instruction Fuzzy Hash: 35116D20A0AA0281FB58A326E551179A3D26F467B0F094234E96D8A7D6DE2CEC814283
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Value
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                        • Opcode ID: 82497b8119d5a0b31ac008964d70d335fac3c110e5b0f92fd9b9fca13558d8de
                                                                                                                                                                        • Instruction ID: c44178a9e8dc978c6b774384e9d4aa1156d8fdae464807fbaef906d66ea95620
                                                                                                                                                                        • Opcode Fuzzy Hash: 82497b8119d5a0b31ac008964d70d335fac3c110e5b0f92fd9b9fca13558d8de
                                                                                                                                                                        • Instruction Fuzzy Hash: 0611DA20E0FA0781FB68A675A4151B923D15F46B60F584634E97EDE2C7DE6CBC424292
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CurrentEnterLeaveObjectReleaseSemaphoreSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3216651733-0
                                                                                                                                                                        • Opcode ID: bc488492d43b6404f89926563663e48656c67e9489511e3e3b244299e986b2c7
                                                                                                                                                                        • Instruction ID: eba880d82680127c4c3ea1a8e9402f0745d22a1e17d8049f4cc0c88988c3fe5a
                                                                                                                                                                        • Opcode Fuzzy Hash: bc488492d43b6404f89926563663e48656c67e9489511e3e3b244299e986b2c7
                                                                                                                                                                        • Instruction Fuzzy Hash: 9B112A36515F8186D3808F22E8842A877B4FB89F94F594135DF998BB58CF38D1A2C750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                        • Opcode ID: b1fbea4c26fbcf10115f60c2098238cf3ad8c83df5f2274e33d8f656c1e7ee97
                                                                                                                                                                        • Instruction ID: 726af71319cf993e09bb877d043aa612badb314b99b964c95132aa694c196d85
                                                                                                                                                                        • Opcode Fuzzy Hash: b1fbea4c26fbcf10115f60c2098238cf3ad8c83df5f2274e33d8f656c1e7ee97
                                                                                                                                                                        • Instruction Fuzzy Hash: C511DB63A16E418BFB959F60D45833833A0FF58F2BF150638CA4A8D148CF7D9488C395
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$UnregisterWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1214919099-0
                                                                                                                                                                        • Opcode ID: ede31367e17b51e40145b0f02b470ed1be03d839bbfc902b3582de13aaa96d01
                                                                                                                                                                        • Instruction ID: b31f5dd8ed8b2ba996d2013e164bdb4aa9915562fd3499608caeed1ecbcd2d30
                                                                                                                                                                        • Opcode Fuzzy Hash: ede31367e17b51e40145b0f02b470ed1be03d839bbfc902b3582de13aaa96d01
                                                                                                                                                                        • Instruction Fuzzy Hash: D701EC25A07D4581EF959F65D86433823A0AF44FB5F040730CD3E8E5D4CF2D9454C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalEnterSectionTick$Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1544504822-0
                                                                                                                                                                        • Opcode ID: 3d07d22620a16215637f06dd2328e086ed856596ac4d167f57539fe5039ba4ea
                                                                                                                                                                        • Instruction ID: 474b3e422e549e9b6558ca5c7a5332ac57b53a09664b36e471f51a11c5d0332d
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d07d22620a16215637f06dd2328e086ed856596ac4d167f57539fe5039ba4ea
                                                                                                                                                                        • Instruction Fuzzy Hash: EFF09025A1EE5282EB548F61A65803D6364EF44B84F044034DA5ECF614DF3CF48BE382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                        • Opcode ID: f2cb75e24f13a1365d822fafd9c328d94e232b4648f87bdab5b78ded230df72c
                                                                                                                                                                        • Instruction ID: ce47e0d8374582bd497218aa1835f8fc7e5eceb74325bd72feb7a3d22fa4e83a
                                                                                                                                                                        • Opcode Fuzzy Hash: f2cb75e24f13a1365d822fafd9c328d94e232b4648f87bdab5b78ded230df72c
                                                                                                                                                                        • Instruction Fuzzy Hash: 6F514737A09B859AEB20CF65D0803AD77A0FB49B88F144126EF4D5BB58DF38E895C741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                        • Opcode ID: 7941ca6a5573bedfd41da94ef5ea2e4882e329866d9c731d05987271093f8137
                                                                                                                                                                        • Instruction ID: 82077ce8f136e9af16f6fb855982c9b9591a3f3bc91cfb3e08e3c317541c204b
                                                                                                                                                                        • Opcode Fuzzy Hash: 7941ca6a5573bedfd41da94ef5ea2e4882e329866d9c731d05987271093f8137
                                                                                                                                                                        • Instruction Fuzzy Hash: 7A517D32A0AA8286EFA48F25D94436977E1FF56B84F144135DA5CCBB95CF3CE850C782
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentFileNamedPipeProcessTransactWrite
                                                                                                                                                                        • String ID: P
                                                                                                                                                                        • API String ID: 2658254330-3110715001
                                                                                                                                                                        • Opcode ID: b4e8dfc342dcb7ea96102fc739f899bb49904b1e1a8be309b4a39dc03229b309
                                                                                                                                                                        • Instruction ID: 86fb747559199d1b88b4d4ae971f2ccbdbdc1e793b4e1d45211080e9b97c10f0
                                                                                                                                                                        • Opcode Fuzzy Hash: b4e8dfc342dcb7ea96102fc739f899bb49904b1e1a8be309b4a39dc03229b309
                                                                                                                                                                        • Instruction Fuzzy Hash: 93413073A14B81DAE710CF65E8401AD77B4F799748F24023ADB8857B08DF78D591CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF6AF3E082F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 389471666-631824599
                                                                                                                                                                        • Opcode ID: 2ed6821e24b6c577ace6c1403d092075f7fb6945efedcfe8689216400b5fe402
                                                                                                                                                                        • Instruction ID: dca7fe00562715713dd1fcbf4676f3df7c37972b82e7e4a35e45e45a1a672bee
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ed6821e24b6c577ace6c1403d092075f7fb6945efedcfe8689216400b5fe402
                                                                                                                                                                        • Instruction Fuzzy Hash: C2118832A16F82A6F7449B22E6543B933A0FF04344F404034CA0DCAA91EF3CE5B8C792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentMessagePostTerminateThread
                                                                                                                                                                        • String ID: [CrashHandler::Shutdown]
                                                                                                                                                                        • API String ID: 1968212778-2933495623
                                                                                                                                                                        • Opcode ID: bc61ddf30e5c567bb0cbb5c072b5c762185cecb3643f336f0f51f58e6b6e0b1c
                                                                                                                                                                        • Instruction ID: 0d421fd6f9188b93dac0aaccab5c4bf30ceddad4accf5a5e9f98ea824e8c594a
                                                                                                                                                                        • Opcode Fuzzy Hash: bc61ddf30e5c567bb0cbb5c072b5c762185cecb3643f336f0f51f58e6b6e0b1c
                                                                                                                                                                        • Instruction Fuzzy Hash: 9701D6B2A1D95286E7608F30E84467933A0FF58788F001134D98DCE655DF7CE159CB96
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • Unexpected exception in: omaha::Logging::InternalLogMessageMaskedVA, xrefs: 00007FF6AF3C8615
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugOutputString
                                                                                                                                                                        • String ID: Unexpected exception in: omaha::Logging::InternalLogMessageMaskedVA
                                                                                                                                                                        • API String ID: 1166629820-3049550389
                                                                                                                                                                        • Opcode ID: e8e34ab34d5287aa8d28c6c05f58bc92062088e8f7dd15318491bbbabe0b481f
                                                                                                                                                                        • Instruction ID: 19df91f4fc3bcc410c986790e69491f962775162dcd13e497a50bf8512c55553
                                                                                                                                                                        • Opcode Fuzzy Hash: e8e34ab34d5287aa8d28c6c05f58bc92062088e8f7dd15318491bbbabe0b481f
                                                                                                                                                                        • Instruction Fuzzy Hash: BEE01222A0AD82D1E791EB11F8596A96320FF88764F814033CE4E97665CF3CD8C7C741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                        • Opcode ID: 1f69bd69c61c8f08434413f058c6037658336bb09e04a55197050696475b74b7
                                                                                                                                                                        • Instruction ID: 23db5f23a8bbb50e51f00ddf472b38a37986fe38af5019142f5e41a08b57f46f
                                                                                                                                                                        • Opcode Fuzzy Hash: 1f69bd69c61c8f08434413f058c6037658336bb09e04a55197050696475b74b7
                                                                                                                                                                        • Instruction Fuzzy Hash: 0BD1F132B09E8189EB50CF7AD4402AC3BB5FB45B98B544276CE5D9FB99CE38D406C781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ContinueDebugEvent.KERNEL32(?,?,?,?,?,?,00000000,00007FF6AF3CDD16), ref: 00007FF6AF3D0BD6
                                                                                                                                                                        • DebugActiveProcessStop.KERNEL32(?,?,?,?,?,?,00000000,00007FF6AF3CDD16), ref: 00007FF6AF3D0BDF
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00007FF6AF3CDD16), ref: 00007FF6AF3D0C96
                                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6AF3D0EF9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Debug$ActiveCloseContinueEventHandleProcessStop_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2119201233-0
                                                                                                                                                                        • Opcode ID: ef7eebb80d36cc87be8eb4e073976034a483deede4730b54fe1dd3770749b895
                                                                                                                                                                        • Instruction ID: 4304440a9a2c13e76111f5b2fa4347027209ef8c172eab7b1544563dd2721d61
                                                                                                                                                                        • Opcode Fuzzy Hash: ef7eebb80d36cc87be8eb4e073976034a483deede4730b54fe1dd3770749b895
                                                                                                                                                                        • Instruction Fuzzy Hash: F8A15DA2706E8596EF54CB26C09416967E1EB45FC4F488836CF5D4F7A9CF28E861C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6AF3F3F5C), ref: 00007FF6AF3F40DF
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6AF3F3F5C), ref: 00007FF6AF3F4169
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                        • Opcode ID: 78b15ff5b129d6a0ad761ffc071f03d9f3b3525b7a524f56fab16ca600774d85
                                                                                                                                                                        • Instruction ID: e28376dd49d4c5a19f4d53ac0b078fbb78f7f1a82c87d236408a4387e32de208
                                                                                                                                                                        • Opcode Fuzzy Hash: 78b15ff5b129d6a0ad761ffc071f03d9f3b3525b7a524f56fab16ca600774d85
                                                                                                                                                                        • Instruction Fuzzy Hash: 2C91F162E1AE52A5FBA08B65D4402BD2BA0FF44788F448136DE0EDF695CF39D481C392
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AbsoluteMake$ControlDescriptorErrorLastSecurity
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3769124138-0
                                                                                                                                                                        • Opcode ID: 239108e08711b059195f7754581099309f91a96cca9d9aee3593647fb29d6c4d
                                                                                                                                                                        • Instruction ID: c31c4d28d2ebb5bd3d100c431e452df5ba0024272f3dec666708cd68b6ea36b4
                                                                                                                                                                        • Opcode Fuzzy Hash: 239108e08711b059195f7754581099309f91a96cca9d9aee3593647fb29d6c4d
                                                                                                                                                                        • Instruction Fuzzy Hash: C451B136A0AF528AE754AF62E4400BE27A4FF45788F140434EE4D9BB54DF38E84EC781
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalInitializeMemoryProcessReadSection$CurrentThread_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 351639922-0
                                                                                                                                                                        • Opcode ID: c7c239abad01f465c2440eacb7a5b7e973ee2f1cc721df77a4d731abcc52c981
                                                                                                                                                                        • Instruction ID: d42328c7a3153fb6872d7c3e115678bfcb0d4162ab132fcd0a42e18b8b250d7a
                                                                                                                                                                        • Opcode Fuzzy Hash: c7c239abad01f465c2440eacb7a5b7e973ee2f1cc721df77a4d731abcc52c981
                                                                                                                                                                        • Instruction Fuzzy Hash: AF515672B06B418AEB40CF66E4847AD33A5FB49B88F40453ADE5D9BB89CF38D415C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CloseEnterHandleLeaveUnregisterWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 776973864-0
                                                                                                                                                                        • Opcode ID: 8a1c0d2596c73e07f95aa8c7b5edfda6c2edc8e9694752bad26f2873e48a029f
                                                                                                                                                                        • Instruction ID: 71309c6e655f28dbc9df5e715625dab294bc34e5d6b7c9817876fa2fa66e9998
                                                                                                                                                                        • Opcode Fuzzy Hash: 8a1c0d2596c73e07f95aa8c7b5edfda6c2edc8e9694752bad26f2873e48a029f
                                                                                                                                                                        • Instruction Fuzzy Hash: F2216132A06F8286EB809F25E44437963A0FB45BA8F145631DA6D4B6C9DF3DD885C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Trace$Enable$ErrorFlagsHandleLastLevelLogger
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 101358600-0
                                                                                                                                                                        • Opcode ID: c0ee924b4af7cf8975581f4c8b67e29f840838dbaafd765f2442093c57d36131
                                                                                                                                                                        • Instruction ID: 226ffda234348c20107d7d8345e5690d7d9d553790f46a88f85b2ccfe8797fe0
                                                                                                                                                                        • Opcode Fuzzy Hash: c0ee924b4af7cf8975581f4c8b67e29f840838dbaafd765f2442093c57d36131
                                                                                                                                                                        • Instruction Fuzzy Hash: DA118272E0AF5282E7684B65956843827A0FF08B40F444139DA9E8BB51DF38F87AC741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00007FF6AF3E0725
                                                                                                                                                                        • ResetEvent.KERNEL32(?,?,?,?,?,00007FF6AF3E0063,?,?,?,?,00000101,00007FF6AF3DFA67), ref: 00007FF6AF3E0752
                                                                                                                                                                        • SetEvent.KERNEL32(?,?,?,?,?,00007FF6AF3E0063,?,?,?,?,00000101,00007FF6AF3DFA67), ref: 00007FF6AF3E0760
                                                                                                                                                                        • WaitForMultipleObjects.KERNEL32(?,?,?,?,?,00007FF6AF3E0063,?,?,?,?,00000101,00007FF6AF3DFA67), ref: 00007FF6AF3E078E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$CurrentMultipleObjectsResetThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 177514408-0
                                                                                                                                                                        • Opcode ID: 7c58d38e87d029880f7afd1fca33a4a9262ab0a9d4671f9e236c0ec755c7c181
                                                                                                                                                                        • Instruction ID: b3440fc6d8a9f61efc1e69f430b1f1541ce538b33307d437154aed0b8246bf27
                                                                                                                                                                        • Opcode Fuzzy Hash: 7c58d38e87d029880f7afd1fca33a4a9262ab0a9d4671f9e236c0ec755c7c181
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C11B266B0AF0292E7509B26E54456E63A0FF46BC4B444436DB8C8BB54DF3CE925CB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2793162063-0
                                                                                                                                                                        • Opcode ID: 690b9b2cf59aba5e1ebe1e5f30a856e2cd8551dbc08a9fa82f3cfde17c89164f
                                                                                                                                                                        • Instruction ID: f69c6746d8b57e80c3acfba0ebba20743e439b705a9ddd145ead5f88ba074a07
                                                                                                                                                                        • Opcode Fuzzy Hash: 690b9b2cf59aba5e1ebe1e5f30a856e2cd8551dbc08a9fa82f3cfde17c89164f
                                                                                                                                                                        • Instruction Fuzzy Hash: 50110732609A8196E735CF21E5453EAB3A1FBC8744F404225D68D8BB64EF3CE214CB45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateEventProcess$OpenTimes
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2811004771-0
                                                                                                                                                                        • Opcode ID: 6dfdb88d1910b059ccab038d80bad7fb2d54660d2b8a350e983d2e58154681ac
                                                                                                                                                                        • Instruction ID: 18387bc5ba76e052cbbc151346eb5d25841e2184a60fa6e7ec88317344864c22
                                                                                                                                                                        • Opcode Fuzzy Hash: 6dfdb88d1910b059ccab038d80bad7fb2d54660d2b8a350e983d2e58154681ac
                                                                                                                                                                        • Instruction Fuzzy Hash: 41117C32A0AB8283EB64CF24E440A6A73A5FF44B40B444439DA4D8BB58EF3DE444CB80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6B73
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6B7F
                                                                                                                                                                        • CharLowerW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6BA6
                                                                                                                                                                        • CharLowerW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AF3D6F57), ref: 00007FF6AF3C6BB1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CharLowerlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1209591262-0
                                                                                                                                                                        • Opcode ID: aa0147426467c38abdfdc9c0d88cea79544838ad1c80ace1fb4ca96ded2a0854
                                                                                                                                                                        • Instruction ID: b78c401cddaf8065e8e920cd2a708edfb2c3b30d9074c3e266ecb269309e48d5
                                                                                                                                                                        • Opcode Fuzzy Hash: aa0147426467c38abdfdc9c0d88cea79544838ad1c80ace1fb4ca96ded2a0854
                                                                                                                                                                        • Instruction Fuzzy Hash: DF018022A16E51C5E7609F13A9480B9B361FB44F80B590035DA4E9BB54DF3CF59AD341
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __except_validate_context_record
                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                        • API String ID: 1467352782-3733052814
                                                                                                                                                                        • Opcode ID: 0feba6bf34ec17f95c45eda56023208adf8b18f2b64ec2e546217ffdcc799545
                                                                                                                                                                        • Instruction ID: 352175b097f7556c69164990d9625af236f4a1dee7cc5efbdef0e78fcf0f6fa0
                                                                                                                                                                        • Opcode Fuzzy Hash: 0feba6bf34ec17f95c45eda56023208adf8b18f2b64ec2e546217ffdcc799545
                                                                                                                                                                        • Instruction Fuzzy Hash: 8471B27250AA8186DBA18F15D44077D7BE2FF06B85F148236DA4DCBA85CE3CE855CB82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: GetProcessHeap.KERNEL32(?,?,?,00007FF6AF3C1009), ref: 00007FF6AF3C152E
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C1563
                                                                                                                                                                          • Part of subcall function 00007FF6AF3C14B8: _Init_thread_footer.LIBCMT ref: 00007FF6AF3C15CC
                                                                                                                                                                        • _cwprintf_s_l.LIBCMT ref: 00007FF6AF3DBF08
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF204: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF6AF3DBF7A), ref: 00007FF6AF3DF220
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF204: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF6AF3DBF7A), ref: 00007FF6AF3DF234
                                                                                                                                                                          • Part of subcall function 00007FF6AF3DF204: RegSetValueExW.ADVAPI32 ref: 00007FF6AF3DF296
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalInit_thread_footerSection$EnterHeapLeaveProcessValue_cwprintf_s_l
                                                                                                                                                                        • String ID: Software\BraveSoftware\%ws\UsageStats\Daily$Update
                                                                                                                                                                        • API String ID: 409045410-2053433969
                                                                                                                                                                        • Opcode ID: 0ac48735cd59e1526e8bf26ef97c88fd66a126e651d674c44b71a058ddb48502
                                                                                                                                                                        • Instruction ID: ab0392e67fcf9ef6fc9f2652f4a4ecbcf65cf25e40d372fac3bfdc57a73f1e6f
                                                                                                                                                                        • Opcode Fuzzy Hash: 0ac48735cd59e1526e8bf26ef97c88fd66a126e651d674c44b71a058ddb48502
                                                                                                                                                                        • Instruction Fuzzy Hash: 86516972F0AF0289FB00DFA5D0802AC63E8EB54788B54493ADA4C9BB59DF38D555C382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6AF3D68C9
                                                                                                                                                                          • Part of subcall function 00007FF6AF3D68D0: EnterCriticalSection.KERNEL32 ref: 00007FF6AF3D6916
                                                                                                                                                                          • Part of subcall function 00007FF6AF3D68D0: EnterCriticalSection.KERNEL32 ref: 00007FF6AF3D6925
                                                                                                                                                                          • Part of subcall function 00007FF6AF3D68D0: LoadLibraryW.KERNEL32 ref: 00007FF6AF3D693B
                                                                                                                                                                          • Part of subcall function 00007FF6AF3D68D0: LeaveCriticalSection.KERNEL32 ref: 00007FF6AF3D694B
                                                                                                                                                                          • Part of subcall function 00007FF6AF3D68D0: GetProcAddress.KERNEL32 ref: 00007FF6AF3D6960
                                                                                                                                                                          • Part of subcall function 00007FF6AF3D68D0: LeaveCriticalSection.KERNEL32 ref: 00007FF6AF3D6971
                                                                                                                                                                        • CreateFileW.KERNEL32 ref: 00007FF6AF3D67F3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressCreateFileLibraryLoadProc_invalid_parameter_noinfo_noreturn
                                                                                                                                                                        • String ID: -full.dmp
                                                                                                                                                                        • API String ID: 1098636168-2448600480
                                                                                                                                                                        • Opcode ID: 91651d563b3246c994f0c6227aaa4aecb61bf8c857f547a118c69e7aea75da01
                                                                                                                                                                        • Instruction ID: 3ed77731c5acce2a4c87ed2bb400ff7f5759d78eabfc19209dfdae25ba86780f
                                                                                                                                                                        • Opcode Fuzzy Hash: 91651d563b3246c994f0c6227aaa4aecb61bf8c857f547a118c69e7aea75da01
                                                                                                                                                                        • Instruction Fuzzy Hash: 2E519F72B16E5184FF10CF66E8456AC23A1FB44798F500631DE2D9BAD9DF38D551C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AF3E760E
                                                                                                                                                                          • Part of subcall function 00007FF6AF3EDA1C: HeapFree.KERNEL32(?,?,?,00007FF6AF3F0EAE,?,?,?,00007FF6AF3F0EEB,?,?,00000000,00007FF6AF3F18A4,?,?,?,00007FF6AF3F17D7), ref: 00007FF6AF3EDA32
                                                                                                                                                                          • Part of subcall function 00007FF6AF3EDA1C: GetLastError.KERNEL32(?,?,?,00007FF6AF3F0EAE,?,?,?,00007FF6AF3F0EEB,?,?,00000000,00007FF6AF3F18A4,?,?,?,00007FF6AF3F17D7), ref: 00007FF6AF3EDA3C
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6AF3E0E55), ref: 00007FF6AF3E762C
                                                                                                                                                                        Strings
                                                                                                                                                                        • C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe, xrefs: 00007FF6AF3E761A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                        • String ID: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe
                                                                                                                                                                        • API String ID: 3580290477-3939075466
                                                                                                                                                                        • Opcode ID: 56ea2a8b7dc207f0dd7386e4fdd5b9eb505ce4b3f1bb63942077a5a4be4b39e5
                                                                                                                                                                        • Instruction ID: 9997a111262b1b97ccdf316840aaa3dfba32a0c810279a1e1995fa8df7092fff
                                                                                                                                                                        • Opcode Fuzzy Hash: 56ea2a8b7dc207f0dd7386e4fdd5b9eb505ce4b3f1bb63942077a5a4be4b39e5
                                                                                                                                                                        • Instruction Fuzzy Hash: F2415832A0AB5286EB14DF25E8400B877E4EF46BC4B444035EA5E8BB95DF3DE8518382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                        • String ID: U
                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                        • Opcode ID: cd0374ef9f693ab4504edd4426acb3f3cee46bc228aa7428fceb98f1d52ed594
                                                                                                                                                                        • Instruction ID: d2abf168a74c09f96e5f9e96066b6b478e66b2a24608cb6384d3e9ac7096e4d6
                                                                                                                                                                        • Opcode Fuzzy Hash: cd0374ef9f693ab4504edd4426acb3f3cee46bc228aa7428fceb98f1d52ed594
                                                                                                                                                                        • Instruction Fuzzy Hash: B641A322B1AA4181DBA09F65E4443AAB7A0FF98794F444131EE4ECB798DF3CD441C791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,00000000,?,?,00000000,00007FF6AF3CDC92), ref: 00007FF6AF3D49C7
                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,00000000,00007FF6AF3CDC92), ref: 00007FF6AF3D49DF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Time$FileMemoryProcessReadSystem
                                                                                                                                                                        • String ID: ptime
                                                                                                                                                                        • API String ID: 2224735610-1897943179
                                                                                                                                                                        • Opcode ID: 850a37e8c3f523b04893a50dbc9116eee47ea37be1f5412615140988834f6ba6
                                                                                                                                                                        • Instruction ID: 9edcccc77b1fc3777f7491e9de6c797b6e1ae7bc9cf87a0489cf0e9287d0d677
                                                                                                                                                                        • Opcode Fuzzy Hash: 850a37e8c3f523b04893a50dbc9116eee47ea37be1f5412615140988834f6ba6
                                                                                                                                                                        • Instruction Fuzzy Hash: D531AF73B16B4587EB54CF2AE4142A967A4FB89BC4F104036EE4D9B768DE3CD442CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _cwprintf_s_l
                                                                                                                                                                        • String ID: %s %s$GOOGLE_UPDATE_NO_CRASH_HANDLER
                                                                                                                                                                        • API String ID: 2941638530-4242625067
                                                                                                                                                                        • Opcode ID: 17b348bee6a1a2b8ac5efe3e64b348f9824bf001bd9f38209e923afec9425b8a
                                                                                                                                                                        • Instruction ID: 466748a333c614762828e015d656e64dd05e0122e3044a355c3f169ac5366f71
                                                                                                                                                                        • Opcode Fuzzy Hash: 17b348bee6a1a2b8ac5efe3e64b348f9824bf001bd9f38209e923afec9425b8a
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F21CA22F07E5299EB00EB75C4401EC23A1EF50BA4B440635EE2D9BBD9DE78D506C3C1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _cwprintf_s_l
                                                                                                                                                                        • String ID: /%s %s$recover
                                                                                                                                                                        • API String ID: 2941638530-1154540743
                                                                                                                                                                        • Opcode ID: 7797e53c4af6c362db3a87417ce0de92a9ce2f5cfa8e3acedd7d150a104025e8
                                                                                                                                                                        • Instruction ID: 8b45791c0f6bcf7dedd2f5167f8c27fed4e0cce1e8635d2c18460888a95cc1ac
                                                                                                                                                                        • Opcode Fuzzy Hash: 7797e53c4af6c362db3a87417ce0de92a9ce2f5cfa8e3acedd7d150a104025e8
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A118C62A1AF4682EB40AB29E44016C63A0FF84FA4B440631EB6E4B7D6DF3CD495C381
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AF3F8E46), ref: 00007FF6AF3E68C4
                                                                                                                                                                        • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AF3F8E46), ref: 00007FF6AF3E690A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                        • Opcode ID: ff7d4aa99bb344fe3e9df4e8536e6a43f0a3b47f5854d0305bf64a73f59ff241
                                                                                                                                                                        • Instruction ID: 107e8c321853a601d1e2278407cf7b6075a6e430b17955bc7c8a824fdd472ad7
                                                                                                                                                                        • Opcode Fuzzy Hash: ff7d4aa99bb344fe3e9df4e8536e6a43f0a3b47f5854d0305bf64a73f59ff241
                                                                                                                                                                        • Instruction Fuzzy Hash: F9114C32A19F4182EB608F15E44426977E4FF88B94F184235DE8C4BB59DF3CD951CB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                        • String ID: **SehSendMinidump**
                                                                                                                                                                        • API String ID: 4086329628-2587082360
                                                                                                                                                                        • Opcode ID: 7db0207c8cfd7e219d25c06f6920a3ef9649ef505fc04402bc9b60da5db5c2fa
                                                                                                                                                                        • Instruction ID: 32552889c6b90eba92eb4849aa77bde29a5b634864546fd85bcfc16ea33ea9c5
                                                                                                                                                                        • Opcode Fuzzy Hash: 7db0207c8cfd7e219d25c06f6920a3ef9649ef505fc04402bc9b60da5db5c2fa
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B011B71A09A83CAE750CF65E8806A837A1FF44BA8F104035D60DCFB64DF38E485C741
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebugObjectOutputSingleStringWait
                                                                                                                                                                        • String ID: LOG_SYSTEM: [%s]: Could not acquire logging mutex %s
                                                                                                                                                                        • API String ID: 3023325665-3861772780
                                                                                                                                                                        • Opcode ID: 1e4ad7ee9ad4daf55b29391804f7cce1b89d85d3d7a20b0fa291a3ff711c5046
                                                                                                                                                                        • Instruction ID: 46ed4a35c43e24913966673693cdea489aa7293a9c881e57b87d833b94692fbb
                                                                                                                                                                        • Opcode Fuzzy Hash: 1e4ad7ee9ad4daf55b29391804f7cce1b89d85d3d7a20b0fa291a3ff711c5046
                                                                                                                                                                        • Instruction Fuzzy Hash: 27F0A921E0BA5382FF549B6694842782750AF25B84F042031C91E8F2D0EE2CE48A9382
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • __C_specific_handler.LIBVCRUNTIME ref: 00007FF6AF3F8F58
                                                                                                                                                                          • Part of subcall function 00007FF6AF3E202C: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF6AF3E2057
                                                                                                                                                                          • Part of subcall function 00007FF6AF3E202C: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6AF3E20EC
                                                                                                                                                                          • Part of subcall function 00007FF6AF3E202C: RtlUnwindEx.KERNEL32 ref: 00007FF6AF3E213B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000010.00000002.2198490495.00007FF6AF3C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6AF3C0000, based on PE: true
                                                                                                                                                                        • Associated: 00000010.00000002.2198443056.00007FF6AF3C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198545273.00007FF6AF3FD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198574683.00007FF6AF415000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        • Associated: 00000010.00000002.2198607622.00007FF6AF419000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_16_2_7ff6af3c0000_BraveCrashHandler64.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: C_specific_handlerCurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                        • String ID: csm$f
                                                                                                                                                                        • API String ID: 3112662972-629598281
                                                                                                                                                                        • Opcode ID: 141e14dfe4d045b3b58d804001e7b69849d64010a6120a3a726934369993c539
                                                                                                                                                                        • Instruction ID: 4a39c166248532d5127893f03ba74b71219593a3984a837e558045b3056b7324
                                                                                                                                                                        • Opcode Fuzzy Hash: 141e14dfe4d045b3b58d804001e7b69849d64010a6120a3a726934369993c539
                                                                                                                                                                        • Instruction Fuzzy Hash: 85E03031D09B8285EBA86B21B18117C27A1AF5A754F148131EA488E78ACE78D891C742
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%