hxxps://lmo[.]onlinemals[.]club/?username=example@email[.]xyz

Analysis

max time kernel
340s
max time network
425s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lmo.onlinemals.club/[email protected]

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 23 IoCs

pid	Process
2624	BraveBrowserSetup.exe
1444	BraveUpdate.exe
2260	BraveUpdate.exe
2676	BraveUpdate.exe
2872	BraveUpdateComRegisterShell64.exe
2904	BraveUpdateComRegisterShell64.exe
2392	BraveUpdateComRegisterShell64.exe
2436	BraveUpdate.exe
1100	BraveUpdate.exe
2636	BraveUpdate.exe
1524	brave_installer-x64.exe
1516	setup.exe
2532	setup.exe
2012	setup.exe
2824	setup.exe
2136	BraveUpdateOnDemand.exe
2124	BraveUpdate.exe
2112	BraveUpdate.exe
2184	brave.exe
2784	brave.exe
1608	brave.exe
1016	brave.exe
1064	brave.exe

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\106.1.44.112\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\106.1.44.112\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{732CBB71-7E4C-45C5-84B5-A379D61419E8}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\106.1.44.112\\notification_helper.exe\""	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Control Panel\International\Geo\Nation	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
2624	BraveBrowserSetup.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
2260	BraveUpdate.exe
2260	BraveUpdate.exe
2260	BraveUpdate.exe
1444	BraveUpdate.exe
2676	BraveUpdate.exe
2676	BraveUpdate.exe
2676	BraveUpdate.exe
2872	BraveUpdateComRegisterShell64.exe
2676	BraveUpdate.exe
2676	BraveUpdate.exe
2904	BraveUpdateComRegisterShell64.exe
2676	BraveUpdate.exe
2676	BraveUpdate.exe
2392	BraveUpdateComRegisterShell64.exe
2676	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
2436	BraveUpdate.exe
1444	BraveUpdate.exe
1100	BraveUpdate.exe
1100	BraveUpdate.exe
1100	BraveUpdate.exe
2636	BraveUpdate.exe
2636	BraveUpdate.exe
2636	BraveUpdate.exe
2636	BraveUpdate.exe
1100	BraveUpdate.exe
2636	BraveUpdate.exe
1524	brave_installer-x64.exe
1516	setup.exe
1516	setup.exe
2012	setup.exe
2012	setup.exe
2012	setup.exe
2012	setup.exe
1412	Process not Found
1412	Process not Found
1412	Process not Found
1516	setup.exe
1516	setup.exe
2636	BraveUpdate.exe
2136	BraveUpdateOnDemand.exe
2124	BraveUpdate.exe
2112	BraveUpdate.exe
2112	BraveUpdate.exe
2112	BraveUpdate.exe
2112	BraveUpdate.exe
2184	brave.exe
2784	brave.exe
1412	Process not Found
1412	Process not Found
2184	brave.exe
1016	brave.exe
1064	brave.exe
1608	brave.exe
1016	brave.exe
1064	brave.exe
1608	brave.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_rewards\_locales\es\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_el.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_am.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\am.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\el.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\et.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\ja\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_rewards\_locales\ca\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\vi\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_rewards\_locales\sw\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_is.dll	BraveBrowserSetup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\es-419.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\hi.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\chrome_proxy.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.112\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_sl.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdate.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_bg.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\106.1.44.112\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\de.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_rewards\_locales\vi\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdate.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_ms.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateBroker.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\ca\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\ko\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_sk.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\gu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\ro\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdateBroker.exe	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_vi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_en.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_el.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_no.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\chrome_100_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\es_419\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\Dictionaries\en-US-10-1.bdic	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\fi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_en-GB.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_gu.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_te.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_sl.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\fr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\hr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\sk.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_rewards\_locales\en_GB\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_th.dll	BraveBrowserSetup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\lt.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\no\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_extension\_locales\pl\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\resources\brave_rewards\_locales\ta\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_lv.dll	BraveBrowserSetup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateOnDemand.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\chrome.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\Locales\fa.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1516_455556620\Chrome-bin\106.1.44.112\vulkan-1.dll	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveCrashHandler.exe	BraveBrowserSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\onlinemals.club\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "372979692"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{837C0131-4FF4-11ED-AF38-FE72C9E2D9C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\onlinemals.club	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90725f6a01e4d801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c00000000020000000000106600000001000020000000352f911ca8827364d1966aa1d06d5538a6920b93e898fad22a05da39c8d94213000000000e800000000200002000000072d4817775e57730520e0f2c74039c4078a493980e99b82f3288b4bc0a9ae3c7900000000004e188454c4cc693133f7a25c332d4dcf8e3938d3d5b3aea66ea3ab41743e879949c442263ec4430277c3c0fd8f8f53e70d544cb3e01a9383107e6c9bef33dddd3ac6f40e614bfcbdb6852972525fc16595295f963101f567b740e77732832a9d557f85eaf21823c3a3ef5ea7d845e0fc78c0b46cadab9aedeb5626db91e89c3213f6540ff84a5be91e4b475aaa5ab400000005adade7b1c74d2082c5e75ade055e96ce58915ee91a2c34ef7165a3d1e8c5ff4e4eabd9f15353cd79141fb69e9a64a13122db092ba231affccc7fdcbcbd5a2e3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c000000000200000000001066000000010000200000001619714f95a91705a8c380d63ccf023046d282d21af583c766eb189f55b48fb8000000000e80000000020000200000003df5cdd08cb7294285b1e54485c637b41ad2c3df2eafa12db8e529c65cb37e7e200000000d71d6e3950d9331d1290088a267a6886fcc4362df94f26b7f4816ba8b9785d240000000e51c2d90e255b10a3a25cb3ee414b4188ec7ed15b322d615aab1f3a83979aee27e0da6ddb6ccd78c1057148c3b30c74a828de198292b33047847b301f5c3854c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B7965C30-7D58-4D86-9E18-4794256409EE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\ProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F53AB0BF-6506-4CD3-A2E7-90655D9A26A6}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine.dll"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ = "IGoogleUpdate3"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\ = "ServiceModule"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\VersionIndependentProgID\ = "BraveSoftwareUpdate.Update3WebMachine"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\VersionIndependentProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\NumMethods\ = "16"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A9D7221-2278-41DD-930B-C2356B7D3725}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ = "IAppBundle"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\BraveUpdateOnDemand.exe\""	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\LocalServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\BraveUpdateOnDemand.exe\""	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\BraveHTML	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ = "IApp"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ = "Google Update Process Launcher Class"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\ = "Update3COMClass"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\Application\ApplicationDescription = "Access the Internet"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods\ = "10"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\LocalServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\goopdate.dll,-3000"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine\CurVer\ = "BraveSoftwareUpdate.OnDemandCOMClassMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\LocalServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32\ = "{732CBB71-7E4C-45C5-84B5-A379D61419E8}"	BraveUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1596	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
2488	chrome.exe
2500	chrome.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1100	BraveUpdate.exe
1100	BraveUpdate.exe
2124	BraveUpdate.exe
2124	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe
1444	BraveUpdate.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeDebugPrivilege	1444	BraveUpdate.exe
Token: SeDebugPrivilege	1444	BraveUpdate.exe
Token: SeDebugPrivilege	1444	BraveUpdate.exe
Token: 33	1524	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	1524	brave_installer-x64.exe
Token: SeDebugPrivilege	1100	BraveUpdate.exe
Token: SeDebugPrivilege	2124	BraveUpdate.exe
Token: SeDebugPrivilege	1444	BraveUpdate.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe
Token: SeShutdownPrivilege	2184	brave.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2020	iexplore.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2020	iexplore.exe
2020	iexplore.exe
944	IEXPLORE.EXE
944	IEXPLORE.EXE
944	IEXPLORE.EXE
944	IEXPLORE.EXE
2020	iexplore.exe
944	IEXPLORE.EXE
944	IEXPLORE.EXE
944	IEXPLORE.EXE
944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 944	2020	iexplore.exe	27
PID 2020 wrote to memory of 944	2020	iexplore.exe	27
PID 2020 wrote to memory of 944	2020	iexplore.exe	27
PID 2020 wrote to memory of 944	2020	iexplore.exe	27
PID 1696 wrote to memory of 1764	1696	chrome.exe	30
PID 1696 wrote to memory of 1764	1696	chrome.exe	30
PID 1696 wrote to memory of 1764	1696	chrome.exe	30
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1116	1696	chrome.exe	31
PID 1696 wrote to memory of 1596	1696	chrome.exe	32
PID 1696 wrote to memory of 1596	1696	chrome.exe	32
PID 1696 wrote to memory of 1596	1696	chrome.exe	32
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33
PID 1696 wrote to memory of 1152	1696	chrome.exe	33

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://lmo.onlinemals.club/[email protected]
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6524f50,0x7fef6524f60,0x7fef6524f70
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1188 /prefetch:2
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3300 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1592 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 /prefetch:8
  2⤵
  PID:804
- C:\Users\Admin\Downloads\BraveBrowserSetup.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:2624
- - C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"
    3⤵
    - Executes dropped EXE
    - Sets file execution options in registry
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1444
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2260
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2676
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Registers COM server for autorun
        Loads dropped DLL
        Modifies registry class
        
        PID:2872
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Registers COM server for autorun
        Loads dropped DLL
        Modifies registry class
        
        PID:2904
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Registers COM server for autorun
        Loads dropped DLL
        Modifies registry class
        
        PID:2392
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTMzIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4RDNGNzQ3MC1BNTQ3LTQwNTgtODJCNy1CODcxNzc1NDU3QzZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RDlFNjA4MkItMkQ4MS00MkY3LUEyRjctMDA1RkM3QzI4NzAwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjEzMyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI0MjU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2436
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{8D3F7470-A547-4058-82B7-B871775457C6}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1172,14495418484212829007,9429116688897813701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:816

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2636
- C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\brave_installer-x64.exe" --do-not-launch-chrome
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1524
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome
    3⤵
    - Executes dropped EXE
    - Modifies Installed Components in the registry
    - Registers COM server for autorun
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    PID:1516
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=106.1.44.112 --initial-client-data=0x144,0x148,0x14c,0x118,0x150,0x13f7c1938,0x13f7c1948,0x13f7c1958
      4⤵
      Executes dropped EXE
      PID:2532
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2012
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{A963DB55-0F85-46B7-8ABD-17F427873DD6}\CR_4E31B.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=106.1.44.112 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13f7c1938,0x13f7c1948,0x13f7c1958
        5⤵
        Executes dropped EXE
        
        PID:2824
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTMzIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4RDNGNzQ3MC1BNTQ3LTQwNTgtODJCNy1CODcxNzc1NDU3QzZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MkY0MDIwRkMtNTk2Ri00RTJBLThDRTItRTU4QUU4OEU0Q0Y1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDYuMS40NC4xMTIiIGFwPSJ4NjQtcmVsIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDEyNzM5IiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS94NjQtcmVsL3dpbi8xMDYuMS40NC4xMTIvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSItMSIgZG93bmxvYWRfdGltZV9tcz0iODkwMSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3g2NC1yZWwvd2luLzEwNi4xLjQ0LjExMi9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTA2NTU4MjU2IiB0b3RhbD0iMTA2NTU4MjU2IiBkb3dubG9hZF90aW1lX21zPSIxNjQ2MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzM4OSIgZG93bmxvYWRfdGltZV9tcz0iMzAwNjgiIGRvd25sb2FkZWQ9IjEwNjU1ODI1NiIgdG90YWw9IjEwNjU1ODI1NiIgaW5zdGFsbF90aW1lX21zPSIzMTQyNCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2124

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2136
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2112
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:2184
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=106.1.44.112 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef465b768,0x7fef465b778,0x7fef465b788
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2784
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1608
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1584 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1016
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1064
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7369391439387454320 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2304 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:1
      4⤵
      PID:2480
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7369391439387454320 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2376 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:1
      4⤵
      PID:1376
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7369391439387454320 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:1
      4⤵
      PID:2620
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1360,i,713342977275737554,7700252129358003386,131072 /prefetch:2
      4⤵
      PID:2388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveCrashHandler.exe

Filesize
293KB

MD5
f2e33507b35e1f5ee265242c6828845e

SHA1
242dfb83fbd6af315ddb0fcd9f7f0642cd0aef52

SHA256
8907482beb4a9c5b58c07f1d5475d4a7413f782b48485cf4f7ce2bdf53b23494

SHA512
6997944f2e282c6e7929231890ad7107a1a1cbe3e607a686edf20e02a59f21fc0bdbfe87870cce39975ce1978a1b9dec82bd612e9fd0b27a8ef8048057535fc7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveCrashHandler64.exe

Filesize
386KB

MD5
27bc53794bc5794eb4c2b58809abf191

SHA1
c40ef04938dfb77c79aef2470c076ac479b8bf05

SHA256
008dad3083638c6ab9da8243f2aa4bc5353f93e181aabd5ac810e75806c4175e

SHA512
30f1994166019caa96798e65957c0969073850f055d6de3ed65b2dde3131b130d783d1c0bd7655a6f17c2266e4914d325e9a422e6f082a5c12d9fbc7a218eea5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdate.exe

Filesize
170KB

MD5
44238ee5edfe2fb8c5255f08b564f024

SHA1
6947b6a584b5078f970567109e3d6dd0ed9533d4

SHA256
a2406ceaec49b97922dd13911e0b5fe85f1b13905b5418f671b269b1c8c63623

SHA512
8aa0e2319218163068e68f38b1720ac6c88f32fce77fb637e9bda715bc59b7eab9cb1a70480b00b82c3344c2430fc238f3e230b79d56d4ff10e278bd0cdf53d8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdate.exe

Filesize
170KB

MD5
44238ee5edfe2fb8c5255f08b564f024

SHA1
6947b6a584b5078f970567109e3d6dd0ed9533d4

SHA256
a2406ceaec49b97922dd13911e0b5fe85f1b13905b5418f671b269b1c8c63623

SHA512
8aa0e2319218163068e68f38b1720ac6c88f32fce77fb637e9bda715bc59b7eab9cb1a70480b00b82c3344c2430fc238f3e230b79d56d4ff10e278bd0cdf53d8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdateComRegisterShell64.exe

Filesize
188KB

MD5
b68552b8e81eac11ff97849cf89d576d

SHA1
eb127bb827070a4d83466058f84824b12341db9d

SHA256
0c7fc0d31c170b6471a9e367fad9df901458148b885eb88fcb0dc3251705c20e

SHA512
4221a598762fe7ef4d644a4b90a802bcc8889b06d912368ab0e8691d9c1004e50988b23fbce7ef0379b105d3a4d310bc0455e3c14463e5c8ae8dc3e7c4a483e8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdateCore.exe

Filesize
217KB

MD5
0c003b2d3cd818e2329a8a04a99d32ff

SHA1
ae6151d3685eb578a5d3cff4f366d925d4406dc2

SHA256
1692cb6886f166e615fe9ca767278c7c9a09ec4db6c404a71d033e580065fdda

SHA512
3ac92e9777048ca3405cb9c6a28b42628dfc104dca4536643d79fff6004bcdc87d50d6a842cc1c896b89cc4ca0e702c7917fa4e5a999e2733d6d79628ff07545

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdate.dll

Filesize
1.1MB

MD5
d8d0e376e7bbc8fd426c5236bd627953

SHA1
9cc2209bc0619cbf973ea29cb813010420fbfb33

SHA256
e5770fa800ebf0958e9630f75afed884f288902210d2caea37967331a9b8889c

SHA512
d94a2dad5567ef6ba974aff0d09231897427b4a8742250ede0696960afa7760391c6bf22e3ee19d884ad0fe4886c808446495bedc2af3b8d3cbeba866c0a7d61

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_am.dll

Filesize
51KB

MD5
46dde6afb3eaed426b849e1d33bb8ee2

SHA1
74c6856cdb4fb5681adc9b311117f92d42c3bf57

SHA256
1c0e33dd5f92872fb0475482339191f197e81e3c2ac056ca457c662bfce73358

SHA512
ef7ba0f4a7e5fa43db229499eeed2dc708cba98cbe97556775eadf3476676be3d3a700f97e0f2e501c2ff3a26bd8b899872eb42fff2f326c792bd0aa58a170ef

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_ar.dll

Filesize
50KB

MD5
a4cc3d76d57aa4100088b5a8c3223f56

SHA1
eda4de6f74c690157a9ff7a0e198b6dfaade971d

SHA256
34e085dd1f0304e2d269fca9b10bf4d75bf64104e5a11609a7a090d4f12b1e33

SHA512
c130c9cd5902e527794618202d0f9ec1f4dfbaa501f63bed555bf0444d33ac1934a6f402e3ce11fdee420a80fb6b60834cd6e620315741de355ed013dd41373e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_bg.dll

Filesize
53KB

MD5
f23640af2d1d6ffd7ba01c8c5d434e1d

SHA1
dc0e42b0327de04d37a767d562d2d2165736af7b

SHA256
ff12f5c778568819ac46391b0c02c56963f92bbfad5f65ad4fe1d7b827174e98

SHA512
a76142daff8cf5bb8e89e972ade385a45dc882e40e170af9c890806807e56f9c2b2713af019c4ccd9f69f4ddd28697282cebdebd30177d1ee24b778ea72ef35d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_bn.dll

Filesize
53KB

MD5
9e9dccfc70cea6566ef0cf632a249048

SHA1
d7fd534a202cbe10f2731b9a6f38dc85b2d63c99

SHA256
7d06038b1bbb71245cfffa2633648deb527e85ff09bef2cf8441da9102ec70e1

SHA512
85c6c852b5f508cc86140738e739ccaa09f1a1513ac11e67fd7b54cd2f181cef2ef03495d6fd11a4ece887cf908a6cc43c972292ff60f4306a7507907fb81026

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_ca.dll

Filesize
53KB

MD5
5f5cb84304f54cfd38f8806f96b8f43a

SHA1
c9d9f15fbc0a719f96ab8625ed78d11992a5532c

SHA256
7bcf8313ee81e8d6947e5634d6f35370d519f42ea7bebc42e4ec80770ccf2be8

SHA512
9301f45fdc57340907c6c27570d323ae4c71d5beea72dd44a001fb0f5f34c3ce3a4c40699f2b499b31e4b0f97549411a0a53bf6af7ace4ece3aa1098e5cdbefe

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_cs.dll

Filesize
52KB

MD5
d33ce51d5e10bd53ebc21428731f7a00

SHA1
276acd0085bf0d4414ed36ed1f7fd542f64653f3

SHA256
c3ef0038cc57953c89ce9d9787f3d900432b2a4408fc6daddc5c07b5124b9a75

SHA512
a18871af1956c9508ab437380b0cbfd69ff0d9c8aa049b367835b6f8b2d5dfcf7477c286d63c6e23bae97c8e2366d8c769ba443f9932ec13820d451296774551

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_da.dll

Filesize
52KB

MD5
2238932cafbc4b08e10204681c54ccc9

SHA1
bd18e5a87f8dd101b8298ab85f6ae570d58abec5

SHA256
c3c48372fab3c32c91b73e6f9657a33c453c4cf0bdebfb3d7b545bd3a9e9c9e3

SHA512
259474cd6a76234405f23ae830af329a064bc08938573756551ae1bf41f67a323952d51191c2e302f5115c91d5635030363ad76b1a8811a8580cdca63e45382f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_de.dll

Filesize
54KB

MD5
faa9e7fc951c26629eb7d5675c8a83d6

SHA1
1978967115aa47d5405a97e2755a927df93afd16

SHA256
a650363132e2bf721b24fd492da43d956f9afeb55b70ba5a3e7d006cf6eac02f

SHA512
628fc55803a4a361df304ce88d4637fb739c98ad841f431951ed50c2f09e216b54cd2f90003e0db7342234ccc1c1c94b93d03d4f3ca6cb286b0b40e72986a54f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_el.dll

Filesize
54KB

MD5
13047a2b04a99bcae2eb2acf0a689ad8

SHA1
4dff0438cc51ba7f5671308c77ea9cb292937282

SHA256
a4a96aaa6c6892d142283c4e9c8a498c9504c00fd4e3f7e471fca9f23421f684

SHA512
caf2334afc068515a902a89fc3b7f89ea346518ee7827d59820a87fa812d7091f002c1d7d9e970badcf97245ebf96f1ef0b8dcc94994a0935c7c1fa33c363214

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_en-GB.dll

Filesize
51KB

MD5
74cd24a46e1125e3c4c9c4a2582522d9

SHA1
ab064ab52405228c91c5fa16663ccdccae551c5c

SHA256
ffcd3005cd93b40b325930c4412e6130c5493f455112a7d9b48e3a8e329cb924

SHA512
903f75523283265340383eb8e3aefab672cf487f27e00b6ea1ac04412a510d27f72e091fbca8d2a94b6346a5e95dd38b11a9310ceef98df7d08917a09cc8b1e3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_en.dll

Filesize
52KB

MD5
2bca7d12703b78820074366012ef6696

SHA1
df0e29c7a0b807b578e9308d46d06f38e4e5c63b

SHA256
97afda41365b146a78f0ac99166cc2c5b268f09a8dc11ef465926b147c14987d

SHA512
d4a31449d0739299a4ebf76f62246346962369b7fe7cfc5cec57e239b6a709d69009078352a530f2c2a73af9cdeeafa9eb76728e5023ebeea77127405648a248

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_es-419.dll

Filesize
53KB

MD5
863589d734804acf7aa214a3ca0442c7

SHA1
3a9669385be519f0125178f795bbf0d63f4b064d

SHA256
bc93cf543ac39d283df3a8508684403df6417b6071f665dfd477e9a16ba5c96d

SHA512
14b0eb8e7a3eb702757101115e73785a9546027a6bce2fe26827c6f160ac673615beb9ccd28c0017ab767b3b9a8ac4b0fff674eaccd470f90ca56f131599b21f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_es.dll

Filesize
54KB

MD5
f764113388d3d10e1b63c8f80e336253

SHA1
a2902c060f8eac62d2f7b93fa19a87bd98b53af7

SHA256
53a5ebe84a25a3824062fd1e90c75d9ff10c835f3405bac79ab3d9d461f76fac

SHA512
afda291b8a9bc896d655dc815092fa2ea27e685bc8f863d15a6db7d2a619d2665ac52d47f13120ed9c67bb427c067831b0bf5be3f2d0589bc60c40f0e1de07d8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_et.dll

Filesize
52KB

MD5
22a0cde280f756e4ff5aa88338e6d30c

SHA1
743852bbf849785764d2c1db520d0d4b213a907a

SHA256
9e68ed726a8dbd60ff5b30deb0aa5b9e600aa7a02ef0ab30a6b36602b2423ef6

SHA512
a5e31d6ac7a19cf437f9417f66515f6e04f62343a903c0b07d312216835d5214cba8216586c48fa7105af5379ae958b62d3adf4a33e9d1c06b179234478abfc6

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_fa.dll

Filesize
51KB

MD5
d4149fd52b05764adcb91223adab97e4

SHA1
66308d10889edecbb9ec7592c72dcb0aa8548eff

SHA256
09be6bd16c4dc42be146f18c40dd9b38ad687744d43444c0bf6ac317a72b6c2c

SHA512
b2816f9dabe797aab54d0dc82fdea1bc9a136a78e999ccfd817c3053f01bc4a3932811d67bd25b8938bd9b51541b875f7572230f29159a88395751a2a1eb2eac

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_fi.dll

Filesize
52KB

MD5
9e849a72f138753b8c8ac24f1853f77b

SHA1
2abe668390cf4b1f420c8e9c4adba2baefbeed59

SHA256
8b5550dfa0db4d0305bf5a9c9a4f9ad3d8ba9e07cdc9d3c7af5051547513c05f

SHA512
2ba25f645963ffa1c5a9ccc590262f905dac9ef9d58be3a9ebcf53ea22a6a48fb3dde431eca5242872f22ee603b56d595fe42e95cf01f0d1a9bbc4e4a9c66cd7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_fil.dll

Filesize
53KB

MD5
7a9a76149525a098651ff7e54dba113c

SHA1
356c6819283bfec4ca6e2c7e344620de0492b581

SHA256
58cc8eede95ddafed0f4a56dacfff61938e91225bba14e919b15d63236056d7e

SHA512
b3e4b0b082fb1286ce92606fe55db2c09b3aa3d7683896ae142aa2fe8e62932d9d08505abc568c9d186df2bf0f118af8dc88e9f8a30c430240fadd223e4f9f35

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_fr.dll

Filesize
54KB

MD5
409bd2fd0766c83b4d579aefecfb450e

SHA1
a16feaf9b9bc2c16c61939dc31a8e87f9e293ede

SHA256
7fe9a4d451958af5daf33d332fc2b40e7d72e870e4b8eafff895b8cea9a9787c

SHA512
1b15ec218f7171cc10567208d6af1b74b3e57d7f9f424c9c48eec37fadf1d8414d2fe3070225e3bfc4f456eeb7ddca4de11ce8477ce575e35ecb71390ffd9a2f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_gu.dll

Filesize
54KB

MD5
f8ccc59c9d1990822a01db6499052b51

SHA1
680ad72513cb7657c9517a69425d3c08f26df61b

SHA256
c2c01fe6b7db462ffae390de8d2b1f878ab59cd54b41cf922cec1754eb212d15

SHA512
fe5c0523f282837d6a4c7b1b5731a56ae8fb282be03a3529197774710da4bce179326e527cd7912f8b66ec2470a489a68f6d947926900241d5eff83caa92f7b1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_hi.dll

Filesize
52KB

MD5
4eca421a1e6c15e24beaeea9148288c7

SHA1
7ee0d9e20db6c1c8a3fb65d2a7f2f9b2b9c88f10

SHA256
9d83f385b4073cec13fbf89c0f48a392138099bd20bbb0a61a6f71da500177b1

SHA512
cfb428ceeeeea0d44c4063ba19a2d924171fbda0fd3fe83f40a22ecb706b2180cf133b6bda40eb5e656c946c543e9c31377737daf2917f152878c7a52a5371a4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_hr.dll

Filesize
53KB

MD5
23929b5012f3e42cb1b3932926b898d7

SHA1
588f78d49c2634ffff9be9634f0d400de1d99bd8

SHA256
6bc261b6d5841d4a06b54affb29bf80ccc76a17521daeaede9e91bec67a2523d

SHA512
05fc18ee8c31189a49bd891e8b106e93774c26b0dac6d5f3030cf8ab31a9af7e1449c5cef8127634047c896c7444022da89e521b84f0293f00e51874d7239310

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_hu.dll

Filesize
53KB

MD5
59f769cef38abc9cc1c9ec6bc429b206

SHA1
59a1d2ac1ae89aed6cf859eb8925ad399dfc43ff

SHA256
ea9d928600073f7a0f37ad6ef9d4726ba46c4f4a2a924e246c5944326667d69c

SHA512
e7779772f0db1124988f24fd9b5874af287e886ca13efed06cdd80d90b91ec3e1419af2f7c5741ee25eac1c5c49363f2db5965717c5b796af0401f90b478a66e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
60KB

MD5
d15aaa7c9be910a9898260767e2490e1

SHA1
2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

SHA256
f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

SHA512
7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D68E5609518B6FE59F64EA0F1EC00EB4

Filesize
503B

MD5
58bccd8cc226f4d8d8a1f976ac40bf9a

SHA1
65f22d25b9cfda613d6209d265e1b8eebb6dbc86

SHA256
3b862ab1ef1306e47ddb46b16960d3884839c13579da390d3dc5e6380f58a476

SHA512
6041a4bb982289c1beb2770cb551fcaac55375822d618df21a525526ac199d44e8e84f1ecfc0f251a696149c300cb344e1511065d61b57a8b0862f5e46cf52ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
ed81323492de52cdfdb0cf753105e5be

SHA1
84e9e3df249dab397ad19c6129be2ef4ae1777c3

SHA256
4e5ae695347a9f9235db6a12811159d25e3b4f6b38d5126772d5e65d09cb304f

SHA512
5d783c9dbc2056496797aa618f73acf0ebabc829b218c69cf5c9f3161cf99f5f23cfe78ac7e67db75309622df45fdbdbf216560f4738f1da59dc985e48298986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64f28de8421ccf76c7a697061b7639fc

SHA1
20c0677ab5d281c85782d9690a2e13919642fe1b

SHA256
bc9bc41a898a5c3dad0658cb340dd445aeb5fdc19db194d3e7e6381ee7828cd3

SHA512
2f1ec6a7862d8486bb66e5c274debea9261f12af6deca0d104b99dc9c47f37f25c4a83c5d80184ff7577345347c6d7f27c8cd81c95d1e3f132d1f19b9eab440f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D68E5609518B6FE59F64EA0F1EC00EB4

Filesize
560B

MD5
8783bd0d14239eb09199d7e1628fc537

SHA1
4c53ab419257966b03c534830bda14753f3ad894

SHA256
5753acb4751b59547a84f9ba700b6d3e24a15265fe638d11fe5c950138faa89a

SHA512
00469e7e94cc994680223e207c8ce73e9ad4fce3ace59b0df0f448a58b7726b56ed6c86248f40f1b573bd238a437876320300fdadee670775401c4d813a3e647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5a339365f4f5d313369b496823fe0fc3

SHA1
7c165c2ec105d267ddfd8d55a6cba7a3d2429377

SHA256
281884e5916768bbf3a17b1cd00936a9ca9e40b44d8b413b8ed14b079f8fc9dd

SHA512
808032f49b69f2b60586e1723a5702bb7d1d8c8a9a58424caae74d6f0cf5f22d51544c34e515d4825779186fe2de5449e5bfb3aa38ae6ac4df5700db5f021ba3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2628J1FN.txt

Filesize
606B

MD5
f959b9b22143c8226e477e8c2c8d3734

SHA1
b8acabcff6c515e6a620f7735d5a217d11b7abc6

SHA256
6960f9e381fd7d045c092476cd058a37e9ae874876bb46ef135c56738de2f7c5

SHA512
784948f78f5c115554281b662311d308e7ec84e2acf5faf5ec652f156944966e3a4f41a0233c028f52acb71d7bd20ea251d478a5ebc7978b62d4f9193a4feea9

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup.exe

Filesize
1.2MB

MD5
d2b722a074f80d1439e494950117e6d2

SHA1
4c54053442c1f523dfc8a0087140e5a855b3472f

SHA256
daebb130682f1367e0d315350667efff16d98ba05f7c8e7c4b0cb18fe9d0ed1e

SHA512
c9585f2067c6b6e621c8c3d7401c09727f7adbe44ee6f435631cc4f1abc2a257019a4be8c17cca2ceccf7a57852666ffc1b9a5a2c8ff1ce8f5b09d88e9149990

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup.exe

Filesize
1.2MB

MD5
d2b722a074f80d1439e494950117e6d2

SHA1
4c54053442c1f523dfc8a0087140e5a855b3472f

SHA256
daebb130682f1367e0d315350667efff16d98ba05f7c8e7c4b0cb18fe9d0ed1e

SHA512
c9585f2067c6b6e621c8c3d7401c09727f7adbe44ee6f435631cc4f1abc2a257019a4be8c17cca2ceccf7a57852666ffc1b9a5a2c8ff1ce8f5b09d88e9149990

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\BraveUpdate.exe

Filesize
170KB

MD5
44238ee5edfe2fb8c5255f08b564f024

SHA1
6947b6a584b5078f970567109e3d6dd0ed9533d4

SHA256
a2406ceaec49b97922dd13911e0b5fe85f1b13905b5418f671b269b1c8c63623

SHA512
8aa0e2319218163068e68f38b1720ac6c88f32fce77fb637e9bda715bc59b7eab9cb1a70480b00b82c3344c2430fc238f3e230b79d56d4ff10e278bd0cdf53d8

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdate.dll

Filesize
1.1MB

MD5
d8d0e376e7bbc8fd426c5236bd627953

SHA1
9cc2209bc0619cbf973ea29cb813010420fbfb33

SHA256
e5770fa800ebf0958e9630f75afed884f288902210d2caea37967331a9b8889c

SHA512
d94a2dad5567ef6ba974aff0d09231897427b4a8742250ede0696960afa7760391c6bf22e3ee19d884ad0fe4886c808446495bedc2af3b8d3cbeba866c0a7d61

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_en.dll

Filesize
52KB

MD5
2bca7d12703b78820074366012ef6696

SHA1
df0e29c7a0b807b578e9308d46d06f38e4e5c63b

SHA256
97afda41365b146a78f0ac99166cc2c5b268f09a8dc11ef465926b147c14987d

SHA512
d4a31449d0739299a4ebf76f62246346962369b7fe7cfc5cec57e239b6a709d69009078352a530f2c2a73af9cdeeafa9eb76728e5023ebeea77127405648a248

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM317D.tmp\goopdateres_en.dll

Filesize
52KB

MD5
2bca7d12703b78820074366012ef6696

SHA1
df0e29c7a0b807b578e9308d46d06f38e4e5c63b

SHA256
97afda41365b146a78f0ac99166cc2c5b268f09a8dc11ef465926b147c14987d

SHA512
d4a31449d0739299a4ebf76f62246346962369b7fe7cfc5cec57e239b6a709d69009078352a530f2c2a73af9cdeeafa9eb76728e5023ebeea77127405648a248

Download Submit
memory/2012-120-0x000007FEFBAB1000-0x000007FEFBAB3000-memory.dmp

Filesize
8KB

Download
memory/2624-66-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download