672bc983bf929385824a42f2723bfd5b921238a78ad17aa539816ffe023f4f7e

Analysis

max time kernel
150s
max time network
138s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
17/12/2022, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

the-sims-4-ks_v2.17.302.15.51.exe
Size

1.4MB
MD5

530400b4965407720f063ce6195d40ea
SHA1

dc066c8fd5a694e4a97599502321fa2245c1bfc7
SHA256

672bc983bf929385824a42f2723bfd5b921238a78ad17aa539816ffe023f4f7e
SHA512

de4ca2e8497e53c6c09877ca6b50daba9d2ef61f300eb1e00c1f63a3cfdb36300f5000d9650855f96b17e53a4548fdc1406ff82687925bfe1c3adff0a909c79f
SSDEEP

12288:NYzUMOYHE8ysNMGY4FP8tSkHleTae+gHaEH0O:NYA8nMe54lMae+gaM0O

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 21 IoCs

pid	Process
112	BraveBrowserSetup-KOM473.exe
1864	BraveUpdate.exe
1596	BraveUpdate.exe
1684	BraveUpdate.exe
536	BraveUpdateComRegisterShell64.exe
1388	BraveUpdateComRegisterShell64.exe
1628	BraveUpdateComRegisterShell64.exe
1620	BraveUpdate.exe
1332	BraveUpdate.exe
1764	BraveUpdate.exe
1700	saBSI.exe
1756	brave_installer-x64.exe
1572	setup.exe
1912	setup.exe
924	setup.exe
956	setup.exe
1164	BraveUpdate.exe
1604	BraveUpdateOnDemand.exe
108	BraveUpdate.exe
972	brave.exe
540	brave.exe

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\108.1.46.144\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\108.1.46.144\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\108.1.46.144\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Control Panel\International\Geo\Nation	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
112	BraveBrowserSetup-KOM473.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1596	BraveUpdate.exe
1596	BraveUpdate.exe
1596	BraveUpdate.exe
1864	BraveUpdate.exe
1684	BraveUpdate.exe
1684	BraveUpdate.exe
1684	BraveUpdate.exe
536	BraveUpdateComRegisterShell64.exe
1684	BraveUpdate.exe
1684	BraveUpdate.exe
1388	BraveUpdateComRegisterShell64.exe
1684	BraveUpdate.exe
1684	BraveUpdate.exe
1628	BraveUpdateComRegisterShell64.exe
1684	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1620	BraveUpdate.exe
1864	BraveUpdate.exe
1332	BraveUpdate.exe
1332	BraveUpdate.exe
1332	BraveUpdate.exe
1764	BraveUpdate.exe
1764	BraveUpdate.exe
1764	BraveUpdate.exe
1764	BraveUpdate.exe
1332	BraveUpdate.exe
1700	saBSI.exe
1700	saBSI.exe
1700	saBSI.exe
1764	BraveUpdate.exe
1756	brave_installer-x64.exe
1572	setup.exe
1572	setup.exe
924	setup.exe
924	setup.exe
1244	Process not Found
924	setup.exe
1244	Process not Found
1244	Process not Found
1244	Process not Found
924	setup.exe
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1572	setup.exe
1572	setup.exe
1764	BraveUpdate.exe
1244	Process not Found
1244	Process not Found
1164	BraveUpdate.exe
1604	BraveUpdateOnDemand.exe
108	BraveUpdate.exe
108	BraveUpdate.exe
108	BraveUpdate.exe
108	BraveUpdate.exe
972	brave.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	the-sims-4-ks_v2.17.302.15.51.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV	the-sims-4-ks_v2.17.302.15.51.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_am.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_de.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\et\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\hu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\en_US\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\pt_BR\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_pt-BR.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_nl.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\am.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\cs.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_de.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\libGLESv2.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\mojo_core.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\ru\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ta.dll	BraveBrowserSetup-KOM473.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\fa\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\ja\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\pt_PT\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\fil\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_es.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ca.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_sk.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_id.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_ko.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_no.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\fr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\sl.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\psmachine_64.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_zh-CN.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_zh-TW.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\gu.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\ms.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\it\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\bn\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_fil.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_et.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\Locales\ro.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\gu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\te\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.144\Installer\chrmstp.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_el.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_sl.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\d3dcompiler_47.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\sk\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\zh_CN\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\ar\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\es_419\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\th\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_iw.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdateOnDemand.exe	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ro.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\goopdateres_bg.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateSetup.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\chrome_wer.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\de\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\it\messages.json	setup.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUT9C03.tmp	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_rewards\_locales\sk\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_en-GB.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ms.dll	BraveBrowserSetup-KOM473.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\he\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1572_1709705275\Chrome-bin\108.1.46.144\resources\brave_extension\_locales\hi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_cs.dll	BraveBrowserSetup-KOM473.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine\ = "Google Update Broker Class Factory"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\Application\ApplicationDescription = "Access the Internet"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4AC4417C-F417-4069-A2B4-A1367266BF09}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\Elevation	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B7965C30-7D58-4D86-9E18-4794256409EE}\1.0\0\win64	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ = "IAppVersionWeb"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ = "IAppCommandWeb"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\VersionIndependentProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\AppID = "{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ = "IApp2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods\ = "17"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\VersionIndependentProgID\ = "BraveSoftwareUpdate.Update3COMClassService"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32\ = "{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32\ = "{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc\ = "BraveUpdate Update3Web"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc.1.0	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\BraveFile\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc\CurVer	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ = "IPolicyStatus"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync.1.0\CLSID\ = "{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.133\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32\ = "{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ = "IAppCommandWeb"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\CLSID\ = "{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods\ = "12"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA72156-49DF-4A2A-AEF4-303FF4EBE73A}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ = "ICoCreateAsyncStatus"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods\ = "43"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B7965C30-7D58-4D86-9E18-4794256409EE}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	BraveUpdateComRegisterShell64.exe

Modifies system certificate store 2 TTPs 17 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	the-sims-4-ks_v2.17.302.15.51.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	the-sims-4-ks_v2.17.302.15.51.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	the-sims-4-ks_v2.17.302.15.51.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	the-sims-4-ks_v2.17.302.15.51.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	the-sims-4-ks_v2.17.302.15.51.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1864	BraveUpdate.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1700	saBSI.exe
1700	saBSI.exe
1700	saBSI.exe
1700	saBSI.exe
1700	saBSI.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe
1752	the-sims-4-ks_v2.17.302.15.51.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1752	the-sims-4-ks_v2.17.302.15.51.exe
Token: SeShutdownPrivilege	1752	the-sims-4-ks_v2.17.302.15.51.exe
Token: SeDebugPrivilege	1864	BraveUpdate.exe
Token: SeDebugPrivilege	1864	BraveUpdate.exe
Token: SeDebugPrivilege	1864	BraveUpdate.exe
Token: SeRestorePrivilege	1700	saBSI.exe
Token: SeBackupPrivilege	1700	saBSI.exe
Token: 33	1756	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	1756	brave_installer-x64.exe
Token: SeDebugPrivilege	1332	BraveUpdate.exe
Token: SeDebugPrivilege	1164	BraveUpdate.exe
Token: SeDebugPrivilege	1864	BraveUpdate.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe
Token: SeShutdownPrivilege	972	brave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 112 wrote to memory of 1864	112	BraveBrowserSetup-KOM473.exe	29
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1596	1864	BraveUpdate.exe	30
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1864 wrote to memory of 1684	1864	BraveUpdate.exe	31
PID 1684 wrote to memory of 536	1684	BraveUpdate.exe	32
PID 1684 wrote to memory of 536	1684	BraveUpdate.exe	32
PID 1684 wrote to memory of 536	1684	BraveUpdate.exe	32
PID 1684 wrote to memory of 536	1684	BraveUpdate.exe	32
PID 1684 wrote to memory of 1388	1684	BraveUpdate.exe	33
PID 1684 wrote to memory of 1388	1684	BraveUpdate.exe	33
PID 1684 wrote to memory of 1388	1684	BraveUpdate.exe	33
PID 1684 wrote to memory of 1388	1684	BraveUpdate.exe	33
PID 1684 wrote to memory of 1628	1684	BraveUpdate.exe	34
PID 1684 wrote to memory of 1628	1684	BraveUpdate.exe	34
PID 1684 wrote to memory of 1628	1684	BraveUpdate.exe	34
PID 1684 wrote to memory of 1628	1684	BraveUpdate.exe	34
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1620	1864	BraveUpdate.exe	35
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1864 wrote to memory of 1332	1864	BraveUpdate.exe	36
PID 1764 wrote to memory of 1756	1764	BraveUpdate.exe	39
PID 1764 wrote to memory of 1756	1764	BraveUpdate.exe	39
PID 1764 wrote to memory of 1756	1764	BraveUpdate.exe	39
PID 1764 wrote to memory of 1756	1764	BraveUpdate.exe	39
PID 1756 wrote to memory of 1572	1756	brave_installer-x64.exe	40
PID 1756 wrote to memory of 1572	1756	brave_installer-x64.exe	40
PID 1756 wrote to memory of 1572	1756	brave_installer-x64.exe	40
PID 1572 wrote to memory of 1912	1572	setup.exe	41
PID 1572 wrote to memory of 1912	1572	setup.exe	41
PID 1572 wrote to memory of 1912	1572	setup.exe	41
PID 1572 wrote to memory of 924	1572	setup.exe	42
PID 1572 wrote to memory of 924	1572	setup.exe	42
PID 1572 wrote to memory of 924	1572	setup.exe	42
PID 924 wrote to memory of 956	924	setup.exe	43
PID 924 wrote to memory of 956	924	setup.exe	43
PID 924 wrote to memory of 956	924	setup.exe	43
PID 1764 wrote to memory of 1164	1764	BraveUpdate.exe	45

C:\Users\Admin\AppData\Local\Temp\the-sims-4-ks_v2.17.302.15.51.exe
"C:\Users\Admin\AppData\Local\Temp\the-sims-4-ks_v2.17.302.15.51.exe"
1⤵
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Users\Admin\AppData\Local\Temp\_files\BraveBrowserSetup-KOM473.exe
"C:\Users\Admin\AppData\Local\Temp\_files\BraveBrowserSetup-KOM473.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:112
- C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"
  2⤵
  - Executes dropped EXE
  - Sets file execution options in registry
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:1596
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Registers COM server for autorun
      Loads dropped DLL
      Modifies registry class
      PID:536
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Registers COM server for autorun
      Loads dropped DLL
      Modifies registry class
      PID:1388
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Registers COM server for autorun
      Loads dropped DLL
      Modifies registry class
      PID:1628
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTMzIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins2ODQ4MEFBOC0wMDdBLTRDMjYtQjFDMS05NjI4MThENjA5NkZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MDgwNjA0RTctMTQ2My00RTE3LTg0NjMtMkY4NDJBQUM1RDhDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjEzMyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyNTI3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1620
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{68480AA8-007A-4C26-B1C1-962818D6096F}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1332

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\brave_installer-x64.exe" --do-not-launch-chrome
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome --brave-referral-code="KOM473"
    3⤵
    - Executes dropped EXE
    - Modifies Installed Components in the registry
    - Registers COM server for autorun
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1572
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=108.1.46.144 --initial-client-data=0x144,0x148,0x14c,0x118,0x150,0x13f60b0d0,0x13f60b0e0,0x13f60b0f0
      4⤵
      Executes dropped EXE
      PID:1912
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:924
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{5F7822FE-195C-49C8-900F-8EE268200427}\CR_E26F4.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=108.1.46.144 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13f60b0d0,0x13f60b0e0,0x13f60b0f0
        5⤵
        Executes dropped EXE
        
        PID:956
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTMzIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins2ODQ4MEFBOC0wMDdBLTRDMjYtQjFDMS05NjI4MThENjA5NkZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzFCMUEwQTAtMTVFQy00OUE2LTgyMDEtN0EwNTA0NDAyOTFFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDguMS40Ni4xNDQiIGFwPSJ4NjQtcmVsIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDEyNzM5IiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4yLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UveDY0LXJlbC93aW4vMTA4LjEuNDYuMTQ0L2JyYXZlX2luc3RhbGxlci14NjQuZXhlIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iLTEiIGRvd25sb2FkX3RpbWVfbXM9IjU2OTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4yLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UveDY0LXJlbC93aW4vMTA4LjEuNDYuMTQ0L2JyYXZlX2luc3RhbGxlci14NjQuZXhlIiBkb3dubG9hZGVkPSIxMDQ1MjgxNzYiIHRvdGFsPSIxMDQ1MjgxNzYiIGRvd25sb2FkX3RpbWVfbXM9IjE2MTYxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI1OTI4IiBkb3dubG9hZF90aW1lX21zPSIyNDQ0NSIgZG93bmxvYWRlZD0iMTA0NTI4MTc2IiB0b3RhbD0iMTA0NTI4MTc2IiBpbnN0YWxsX3RpbWVfbXM9IjE4NjU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1164

C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe" /affid 91088 PaidDistribution=true
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1700

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1604
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:108
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:972
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=108.1.46.144 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7feed4c9ea8,0x7feed4c9eb8,0x7feed4c9ec8
      4⤵
      Executes dropped EXE
      PID:540
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1336 --field-trial-handle=1372,i,5116689837032363204,3472612867159491368,131072 /prefetch:2
      4⤵
      PID:316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveCrashHandler.exe

Filesize
293KB

MD5
182abb7e89598924d538e898cd8e8f0d

SHA1
352306847731d4e81a3bf0c0f2fde74664185215

SHA256
1821fddb2b084dcf66850577e70914301f7428c755b66565cc3df1fe9d46afcb

SHA512
bbd74e0e7f5b2d266ded3685cd6877734f77979d0b050a3803c493874abebedb3206993ffa5379b3b50f57d1ff6e15dd8eaef33a1eb03d8020440d672ccc5475

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveCrashHandler64.exe

Filesize
386KB

MD5
ce28091a95a31de0f996b6619a153c4c

SHA1
d479115ffd52b0efda0fda5840f53b54aa3bcea3

SHA256
cd8d70522f59856bb65df27e3f5f88bf0ba1648d0524abd29ceb20234a4f43dc

SHA512
530976f97f6950dbc3a09d75bbab1d5d978c66a3f248a44cc6850d444aaeb2b0563117f91d638cdfe51944e47b369cb40f2bf94cc6560ab863099b31a915e338

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdate.exe

Filesize
170KB

MD5
ef5b72b0fd46d5bb0283599a1fbfdc4a

SHA1
e518cac6769c16417d8469131164f8d031c3c67d

SHA256
d959fe723fe9daedbecc0a516f30393ed4716833cbbda091f7aa8161f965ddd1

SHA512
632af716b77583f3cbac9ff378ce7583239d7f6fc4848bb70af225559c9c9bcadd2ecbe12cba33b018c32b1e12fde58d27134902cb476c1edca09703f538cc79

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdate.exe

Filesize
170KB

MD5
ef5b72b0fd46d5bb0283599a1fbfdc4a

SHA1
e518cac6769c16417d8469131164f8d031c3c67d

SHA256
d959fe723fe9daedbecc0a516f30393ed4716833cbbda091f7aa8161f965ddd1

SHA512
632af716b77583f3cbac9ff378ce7583239d7f6fc4848bb70af225559c9c9bcadd2ecbe12cba33b018c32b1e12fde58d27134902cb476c1edca09703f538cc79

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdateComRegisterShell64.exe

Filesize
188KB

MD5
f1df930b15990600390f8ec0450c440b

SHA1
16eece280c94d98696e396d630b803d08072ab7f

SHA256
c69ddf652c637a12e34f2e3250c3ac180a3afa1668907060b9cf00bba9ee1d6e

SHA512
4f1fd60533235411f3b6974ab002e39b4903449d0e8b78b22f7d0aa739b94d95071e80abea8d60fd3b979cd09616bdb46edc486dba515688eacac577a0151915

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdateCore.exe

Filesize
217KB

MD5
d6fe2e8caf73ff1d05ec7c3780a1b6cf

SHA1
9b84cb1c3d5b6e37448c22cac70a13fa620c4d66

SHA256
96de0884df36ffc4b73ab0d6ee8d5b7fba3253495b795a93d713d2fa0a720e26

SHA512
7cca67b95a11d4788547c457d3da77748b4dd33de7995eb7a7eadd13928f6be3cb77268d93ce3b977f6a5c9113a00f37fcc4c295e1c719f0fa69a15bcbd759e5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdate.dll

Filesize
1.1MB

MD5
96ed71447f9ee845baadd13498b3b07a

SHA1
62a41a3ca1962c3d98ed18a22277aa6dc39a44bf

SHA256
00b1a415f5fff2ebfa79cb4060312648dbf521b53a576bf237a421055f15ee6e

SHA512
f7de4a4d1c4114c3fe89c5f79a27450abae5e094314d5da7825bd3b1d2960cfb3bad9a13bb6eede8ff77baa74101434b3a65d01a8e66750066e4e02cb29a5984

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_am.dll

Filesize
51KB

MD5
322a6dbeb2ecb04d43c8d888f9768df1

SHA1
127df46631ce105f06ac353250573a4aafcf91db

SHA256
2f985daeddf10b121dcf1bd02982df3531358d8a2dbd3399c7a864489dfee063

SHA512
f31c2895faefb9d59c52a46609b6d782b622a199a6649b93b3cd6675378f1f8b59977fee449bbd857cdca106fa50ae1aa956cf2634ef137b75adfea58660ad1b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ar.dll

Filesize
50KB

MD5
b236b61d7cdd3bc4d486c3c7b3e30f16

SHA1
2d99166767ec6403f06bc66ba20f2ec224fd862c

SHA256
3c651b378ce619232f69d3cad9a729e1ec24d40e79266b5374642d675a23de28

SHA512
d69daf631a24da431c4b234efa4821d85501ae485c9e11b7e60e02453d7c3477d7a6d0f20d3b4de13c642aaac15cac774c5e7abd58517becc3528c84081137af

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_bg.dll

Filesize
53KB

MD5
378c6e0276fa6eea489312e077c260bf

SHA1
bb4d93edf380dc0de00eb8c472843c2b533261e6

SHA256
bec61c2231fde4472580b03eeed014acfc5aa322a1ec7f4915b6b1e2f10f8e26

SHA512
7be73b909a3735dac7c608f7ab398d6ea1bfba886be7d336545e969f8877d3eaf0a53dc3fae89c6771c80c3f70e71eb2b048dbc8ed811c6d9713ab3dd315e450

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_bn.dll

Filesize
53KB

MD5
d7e18efcb785555abdac1516ee45f32b

SHA1
324751e9e9a7c3724b46d8e43f6154011dd11d45

SHA256
55b5a8cb768d2054bc9cb3452c1fae84d53ba006f0462b4b9d9af10dce56788a

SHA512
fad08ec7e2a42266eb794940673e6f58dbec08015ae1d8fff0729d173e9b11338fa61995261c3889e68aecd787ec8bda89c51cf3026aa3eac40021f0426fad26

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ca.dll

Filesize
53KB

MD5
12cbee65036d6ef4573009df46d204ab

SHA1
f7d574e2a5cb9becbd92441602f4727afc4e492d

SHA256
588678818eda50e8de04ccec3cd29a3b447a233358273c67d53277cc68652275

SHA512
80e5923c3a43a1c422d2f1ed5fc526e32567fc608ce89e700a48ea6baa34dd7bac191961638713730b28838d6c9cdedb5af742ea43d7926601b42c27fab5147d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_cs.dll

Filesize
52KB

MD5
e37d17c6ec34f69e189bfcc96ac9912e

SHA1
11c9da579448df594f2977a4fde1a7aaccf8a37f

SHA256
40dfa1d9e035f1131b888620059a6993a22a71d5fad161913781ba28c8121dea

SHA512
a16b1c67dc774f9e34c37d8012d2481f3ec08243674bcb3f01316f67d2e03b743522e82213ee795d0a98767220caccaa9510e6596662ccc08ef10cd7d5e6f9e0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_da.dll

Filesize
52KB

MD5
3bdd740d19b15a4d56264feeaa6b5441

SHA1
490bb38920fc07b5289e80f2e83d2af6b20d7f42

SHA256
e1c4ad801d03118233f8374310e39d732a0ca588726b5445cf6aea56aa135b83

SHA512
288552464c09908ef0085af49cff34ae72ea3e3fbf368449163e89c83e30a5b9941058c19a8e865ea4df1ef067eedcb27ae677a690df5d8e1023f7a97f2430b8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_de.dll

Filesize
54KB

MD5
013fddf355e1475eafc126fd261c3a1b

SHA1
509453cba295ccdcb217cba77eae9eac88a67fb1

SHA256
e8688ad6526e895b95dc6572437fb146911e82cc032bed2acda04852549e7f82

SHA512
7f36c096f0ceb7d16191eb91a2bc5a5a002ef92bf60be378ebd5f970c81c93b84e7014005482e1a186871a1fbe5d03909d4ce62089c7060aa0f376454d233fa5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_el.dll

Filesize
54KB

MD5
de1728dd5431f03d9ff1ab90f2123549

SHA1
998c995f7a473974e6827f9deae7fc841de1f992

SHA256
347b2c5fbad1f39000949d209c9923143b251adef181dfabe0e2d68c96c7893b

SHA512
e87354d86d35f8112336bf55ccdc2c798cf75f367f0b6ba6765315bb58c58e524f10bfbf2948e196529c926a8b3078566d21bae46014386a6ba2538b9b1d0dc2

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_en-GB.dll

Filesize
51KB

MD5
017c2065c9e79e4255b72f04800290c9

SHA1
fed0e8dcb48881db245c92883d03b5d016b55cdc

SHA256
364a2878b4beb65da6f1bf697f7b65849c6c906231adb34d4df3858e4586734a

SHA512
e99464af48e40963afd2c8f254f08383cce6fc4960213acda6dc1951e6380e7f9e48a99a630ea3b7179fe473c7fbe6700522cd23c27d92ffc2237d7302eeeaea

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_en.dll

Filesize
52KB

MD5
64a7aa7b32fed7b0585d087ef47bef32

SHA1
a54321a97fed51626018295deab9fe6162056658

SHA256
45149cc046b244e7a12f1af4b119799f9cf1fe142115cb1a3d7b1eec7d2f1634

SHA512
7fb125b48e241335806c5e09d69b1a44d71cbeb2de099591e16217c882c2fca638100c83bf93076874d74dcc836b1cb6299055e8a241dfb008ddd55c5525f36a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_es-419.dll

Filesize
53KB

MD5
bc0b301bbd25cf685a89e4c6d3e9ffb8

SHA1
0c5d5653a1d0e5c4e53a16d8fc3e505b38794660

SHA256
cd285ea8c0096ce51864bcdc23a4ed52a5b4913c534c1d99bfbe7fdade6802bd

SHA512
dc7984a765f5b2f25518346d56830064fbfdc19023f53028979fd379320d3e5e9ddb0f5518c7627d1bcca66eacaad746f0d9b37f713d4da23d5ef7442eef94a2

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_es.dll

Filesize
54KB

MD5
ec6a9cbd3b32c35ecc9d3394b018aad2

SHA1
5eb701d8bc273d9c39b6c15b41b644d372df7e66

SHA256
abab38dc98f564713f47b72febfa828920a13e927737e930728abf28bf249235

SHA512
45548ccb6fbb3008461b68ee2cf7e269c57998b4f9d8e359a7d195f368ebb761a8e4f5eddef60c485a99bc07a0c3ecaa58eb1dfa96af07fd9c8fed9ed7086147

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_et.dll

Filesize
52KB

MD5
32e37de30f4cb4d27c6ef6688060f299

SHA1
6175453ac6748c7307afd8d24b97ed7af6ef9834

SHA256
392934521ce8279a65d3beb2d5237e96b3a2413c935436326c7fcd429dfe3bca

SHA512
75ec8c432fa4441e096b26c5644a692540ac0a1bc36891998f54608391605d2cedc9c21226f1e907ec2e505cc0a3e7763b527444241c50079bd1d9cfa978af5f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_fa.dll

Filesize
51KB

MD5
ae45fd62a7e7fd2dbf9d2a5e119c2e8b

SHA1
f59847a57170187c621117648fa0fb9fa90d05e5

SHA256
c6898764c7c34fe39e51656c169fd23ec48a2e3876e2beb16a8e3c49e53aebe1

SHA512
42b1db305c4b6050883ec7fedc42a9d64302249d4e142062caa569d7775c3c2bc7d9a3323d27d7ab28988ca80c96c00bd3d56a3a85c9d026e7e56311c60ca5fd

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_fi.dll

Filesize
52KB

MD5
22ec28c82d386ad1d33331ca75d30cb1

SHA1
88352e723012ac7fc35827d234d963577d2ab444

SHA256
81f59a55a074258aaa170805aad03da7a97a58a53e604693c6cc1b3b05af798a

SHA512
15851b3ab59c37d3acabeb3a3635571215d4f4476b8d36135f2dc1d1403a22092191c3cd5d257eab4930781ddbf4e42f935e8cc2a8f08db8928ea5c6671b02d7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_fil.dll

Filesize
53KB

MD5
98436b01f617c13a996cbe330c0a7f9b

SHA1
3ca7c391c8b18239b4f6ce5a0834cd3ab0c2ade0

SHA256
492d40f066c528086b55b8c5cf2d7c3b87c4eae0caf35a0080f74d13ad7e4447

SHA512
2bcaf51e68b1db296a5be470f24eab996ad6c3ba0f4542cc38b1730e19129e7f4b10c2c724d441615dc5b61cf6558a29df5a6f558b5f85f9dd2970b75e65e9d9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_fr.dll

Filesize
54KB

MD5
ef73ea3aec1297b9066b36bf6d5c0efa

SHA1
797e248836f3172b6dd7fe2c3cf6d4e18a8d9738

SHA256
d5a771a022eff22b6a30848d3e972bfa722c4422c8c00f14db747629533963ee

SHA512
a12670b46f916ad11c5aec2fe8321a2c5946c74bd1313ac921d84ede6c769c568011cd5a7744b5454ac922ab28e293e086a2ce3346bd8b57cdff9ea15689cf56

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_gu.dll

Filesize
54KB

MD5
cc684e0459b8b32128d68d8e4cc1bc9e

SHA1
c75c301e476b50878d95f8029d97a8a1824e36f3

SHA256
92c3a9b96033db27915b07f7bddae356877826343d0040f2e1daea15e7865da0

SHA512
949312eda82c0e45b6af93998b90ec6787ce213dedf3a75c7a4812e639d02d2cfd55f363fde7eb19e31ff6173273735941cefa2f67bc71817b774e9c1af89645

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_hi.dll

Filesize
52KB

MD5
5c93279833526d012dafc3363466604f

SHA1
79cda737fa5e464b89186e317a175563a4ffa57f

SHA256
2bfdc59180ae6866def9d234d3f24ceb4df77a3c3307e949c90dd2ee3a378ff5

SHA512
26b80d749d20f044e2d3c7b6d84d9d231a57e316763ada990224c7ee40e6f05eab10ca0fbc04b6146cc7819e4d93d3ef950191f1a96e8874f0edec02bf6de3c8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_hr.dll

Filesize
53KB

MD5
41c2925f5506e70af25f7cdf376314c8

SHA1
bf9a3bf3aaac412a039ea211358d0412d50e2b11

SHA256
24b07d3301da63fb0edb14f7434239ad5c011461d083bbed406bbc1065879d61

SHA512
1f6bea932036d44f995dd2cdabbdfb21c21b05f925bb0fdcf7167738cde5e9a6c1f54eed80a591311bc7c80b8fd0e0c8752a102ac6e5baedd5b4d3903b9fae18

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_hu.dll

Filesize
53KB

MD5
004309b925c3e60da3638ab2a109f337

SHA1
8ded1f2d5a72ca6618aaf32f558f53b27242bccb

SHA256
68954c7a8c0cf14993d5a48c7ebf101d6c871c94738a1393523f435f8f799da9

SHA512
0207a50230712fa525fdda68554acde62a455429dc307def6eeb283bcd5001d6aa9218df4774e796141a19d53287e3b7a4cad9863223bfff3c67e419beba7167

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_id.dll

Filesize
52KB

MD5
936b6530cdfc473bcc672e97023783a7

SHA1
a6615acda7eafd4155ff5e4e881067e8940c93f0

SHA256
278d02432fb357c3a4eb93495ef56be0b4ca922eadb0b5d11fd8fb868f294ff2

SHA512
2a9ef7cac84424b41ad68d5fc7c1f4a2eaa8f2cfee4e10d209113210089971984cae454c9319e56a94249bdad5342e8d0bcec6d76c8d23f5cb92f2616aa6c045

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_is.dll

Filesize
52KB

MD5
b9f44d95d208956d1131c6d85c2d1642

SHA1
8365f7af9a8d28eefd7540f9a3393c21f90d93b7

SHA256
dfc633e056a296f300213ffadec489943b7e01039133256fc8d72be432e7147b

SHA512
fdb966ba48d6160a55628a8020d55accd5617e5c8b9df5a9a507598e74f6f6bd960d37c0a9aa29d0182e78da3742c7e7ea0aeb4a614bb3cd7ff0f6c69a72ee3d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_it.dll

Filesize
54KB

MD5
694493e1677c1b3d45c82502a6a953de

SHA1
79ac701aa5026cd5d39a380361e409d90c0a1f9e

SHA256
04261cf13c454274b24536cb110fcfce0c98ce869ad269e514f051ad6979aa85

SHA512
04435dbd4ed14969a0535277a5b400132be141aeb9288dc074d94765452884069e40cd5a8e1d944b5f528e8443c0964abfa9f74b995197c82204aaaf3e63ed32

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_iw.dll

Filesize
50KB

MD5
e6f4b076bd15a333c4b2940ad486f1a8

SHA1
f129c94f0e9d7da5bced587635581d6adf14fe59

SHA256
1281b6604a8351b4dba72dd8baa0ce81f2a3edd7ce839d8e0ac582c3e4334f4c

SHA512
b760ea237f2bc195bc320083c08af85a19ec2741b08d538c566d061d10683f44d846497bdf48bccfc900b994faa67985a79f2ebc94670045a0903bb1fe4343e9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ja.dll

Filesize
49KB

MD5
1cc258d16372d0ad5af8dde1fad09c61

SHA1
bd226089a54a9fb5dda0b8465c3af6f6f6602632

SHA256
9ab845d7930e1ffa37915e8391c6774531cf88278a49d2fab33aacf711520e36

SHA512
cb2461498f7586004ed5cd33be30b08f786eaa58813a5fa59d260e64ebabf445e71f299d910f65a9521f59054a6668b2ae988788b4e77d72364b54055b50fd29

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_kn.dll

Filesize
54KB

MD5
354a66cd6b192c0523bb93cf9a5a58c8

SHA1
aabf3693129aeac183995879fb75271b453bc932

SHA256
a8f1fe8be2a1f4bca22681a2bf5a3d93ceccfb5c590e9c8f17672a2dc414fa80

SHA512
f7e3f9884202c6f4547cad2edd97a3c287d7f71a653505526d4a0d732e281ba6cc0148a68e2334f6ab85442c688e4de50f41f639acf77721b6112c15676e792e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ko.dll

Filesize
48KB

MD5
ccb8e8e4cf1e88da91d78701baabd38f

SHA1
add4ae22ff654bb9e65d4295d43134699e92cca9

SHA256
6002d3f6d92a99dc2249b8250a07351e55069bf1b09f166c5a523c037dd091ea

SHA512
2e7b851d090198a073fb0c1a5ebe2e2920aa046c483c0090bb538623f78732d856cf5b36e0bbd2b9e8c555db8b31f275170dc263efe3c9b5396c69dc915b85a4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_lt.dll

Filesize
52KB

MD5
bd7384119dde9f81f15a765edb18e8d8

SHA1
e906d13a5e254704a4246dc3b7b713a27db0a281

SHA256
57616fddbc1c4b5972a28d5bd48341f0777119b51539b22bc4e3d8819e0ad7e8

SHA512
66e8978e9ce4797a7f0206f87d89a39bbd364bc77afdc0bf5828cc3526f94c90923127177b1ba1bffc190cf26a58ba217d13de74e4303d5ebec53240d4cbe34b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_lv.dll

Filesize
53KB

MD5
96208fca56aca6e434ba384a9483d346

SHA1
6d02422cf38e6754764bcf1d506adbac90a8e56c

SHA256
06514f038bb3ce611934795825be7e258f8fb7036b6ed0ea3956dbee7dcba01a

SHA512
c4f7ac1c04a2043b2e3538b99b82ca7c0076ca4a5c5297a1eb7a4128ec04175b315e102fcbc36fb517d6b39165f50826f3c054c4975f9d1d1a386e78de859c97

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ml.dll

Filesize
55KB

MD5
ee51150a698ad2adae9e164027b96b4d

SHA1
778449f5d63c4abb48a1029633e452d799aaeaea

SHA256
8e6932ac216754d6321b0b3d5ee236273c4fab99acb25cd6652a9cd2f11190e5

SHA512
405735dbb39b3314b95e68521bfa820466230690d6acb319c36bf457d9bdf603dfe8a9ada1aeef3b25d691669fdced38978d5ece0790bb962d8e990ba8620306

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_mr.dll

Filesize
53KB

MD5
d2910b0ec172009052158e56fadf14a7

SHA1
2dd3bc92163419fc5496edebeaedcdb5fd0e6d23

SHA256
38db20aa946f913c3522bc33170f71bfbed365db0c28111fbeb18ca206f6c3ff

SHA512
9d89a2cac697adef7e83d3c96f076a8d5c0e8ba4edc8185c9a1531646dd74d08eb0e73fe0877a9bfcb56bd171572182fe6b53c35795202b777e69167549defb1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ms.dll

Filesize
52KB

MD5
ff1bf25aad551159ece6f391a18ed892

SHA1
78cd1abbd3f322956054a81a3f606a31a1584378

SHA256
c9fba33056f166ffbfa6f19b1a9e261354fd2006fd25bb415732f31cd307c545

SHA512
743094683f7916fb3605dc8ae5827a90c43fc0a2b7cf4d63a57f57624ff959d5f95e6e84beca58973b724058409e1da94c15d61dfcde274c8a7e039cfc8b8f27

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_nl.dll

Filesize
53KB

MD5
0d7c06b00af9347b584db0d8546e007d

SHA1
ec9c2bea01eda5d718c8314e73b7fbaafd0c80a1

SHA256
e7f42ced78c0cf6974212be32d8bdbe39b5f6021a37fd46ed3cf5bc5f5a01e4d

SHA512
564d12cdbf7726b819bf474e3602230d6253387f2a19dfd75a74003d616b079f4f6e760587a1ef3d1783b92c1d90c7386158e49d77bb70c644fdd10587fcbedf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_no.dll

Filesize
52KB

MD5
15dd9ce65ac86c5e523ec49a21461db5

SHA1
fdb950ee27c9b5af4bfc5977cb4a479cc1422f06

SHA256
c51fdc033c353db4f7220deae7849a734feef95bbb263dd8935a928a94680895

SHA512
00e855298f93b32496124254b41493f277b183e3e5016ce035511e56dc31956e00953aba7cc38cb4b5288ae9608a2440669105db16edd4ef946b134194b1594c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_pl.dll

Filesize
53KB

MD5
f2550879d87a78ec88f1b3883344762e

SHA1
e84d94885423260ad769c3c53db53b90bd1fb037

SHA256
e17ac1bd121c4a9cd7d0ac76ac7f25b767d1f94e67ff520756091969579a0858

SHA512
13e97560946d168250289dfb7d76c9dd32665608e23716c8b9ad5baed4f457e24ba9f3de9a75e872c0f397957c5d74beceb5ac4d6e742f8cb59be859ead82b15

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_pt-BR.dll

Filesize
52KB

MD5
a1db46ce82769677e8e7bb0c4ba2aad0

SHA1
2c4e38ffacee8dcdf84476d329c89b27db474fcf

SHA256
27eadef13ea2dc1cf04353e44b7ee743cb8643a214f93b47fb4c1ad5b40c8ed2

SHA512
8baec599f46f15d31dc1af20f76f05fd3c4fedc020d87fc408357ee4e2c4bd2afd5691ddc72f2c880bc200faadf66cffa61031ee9bbf28b816193ef03e76c49b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_pt-PT.dll

Filesize
53KB

MD5
41a596efcfad420addedfe6b65d68827

SHA1
0d51295b38c3eb5844c9cd4c9f8cd37d68e696a5

SHA256
0b9016debf3be0f538e7b62b8ab949da8fbea4a17a7fac9429baa09b2715adfe

SHA512
b247ff30739959833bb9248b195554cb6dcdb4cddee3f2d6b650958d65deee1ec66cf14d2f065b7d5d38ff852da1b6b8160a346559cec3c3017f5c164becf26e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ro.dll

Filesize
53KB

MD5
968dfb59b501d3e362e68ab3d16541da

SHA1
e3cee8f34e8724fd37192ee3343fc2415cfcf871

SHA256
c14a164ffce799fcd1ee39ce3dd776388544d75ec16612cd66e75886c9e2bd1c

SHA512
7317625135211250f7244d8ffdc6c733b439e50a82ddc7319f599f369539895606f9b477b0a1eef69176f94df288075337451acee0af403c13fc437dec8862fc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ru.dll

Filesize
52KB

MD5
1fdf9cf4801a47785d8a02b1a03d3c03

SHA1
6585b080c92804bebcb5bb082d7700c73691249c

SHA256
aa82da9ccfbb588751a6bff58529d19057e1b5b63985c8d4db6ebc379ebd3e46

SHA512
819a85c9407db06192dd0495f55b0ac9d499b7cdd4a355a2aa3562f9f6ea2d87d662bda29588eed06c054f114d753087e90f901778032e99df609a16b7757749

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_sk.dll

Filesize
52KB

MD5
1da1bb718429a745684146d436156862

SHA1
5aa2ae3f7355602a5247b89fc72925719cf38af8

SHA256
bf0067fd94caef77b132f33ddff610f68df67434b45347a2b54fc3442534cb2b

SHA512
d24e2f01e7a2854afb2ce6d2bf3c4a71fbe5da5eb3b882ed7fc8adc358e99ec0109fa7c47d0aa2d36fc59baff53bf417538b3a83b260b8047b53f5c9f5d7e060

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_sl.dll

Filesize
53KB

MD5
2db52c397b970eec2a7501cbbb72f95a

SHA1
736b9eed4bd89b9737bad8a2d9dfbe0d7c2f2436

SHA256
12276a1ced668ab44b3bd4f9efef38bc9836d619290795e3c6aae73848a57031

SHA512
d63753a2bf6d6e8d53639baeeaff47a034fc3a95395ce148162b3f72932cf4b5f763c992655d4b8356fd9e190e20a2936e3d845590df705c7b36f9934ffe49af

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_sr.dll

Filesize
52KB

MD5
fa6333aea07ec487a55ed207e3911d6a

SHA1
28ba8d132f7d3cf9fba9aebfe2f7def111320af4

SHA256
94c774a99b481a80c2f0ea0bb5c03efb590343da9d4bf394e8485154e85431a5

SHA512
8f8f26f27bfb7b284ed8d270998a4a8f6df3c344275bdf33646d235d407decb3d2176851df343b7e4db286331b6011e5935f8cebe4264dae606361dd149f02db

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_sv.dll

Filesize
52KB

MD5
254b8585b4809c237979b17f874ddb00

SHA1
0979ebc69f966ebb75bd1897a7df952ff1076214

SHA256
9e68b8437434eb8f080bf3c28a355f4215b2d2361fe9c2ced7f36a0089b8cfeb

SHA512
143536bb1a05c00135440a0bb92ec1f2069a65051edcb60f5c4a1ad77767d9e218b7c3a70784cb69c3225faa896c18fabcb322650987b71b7030c985cac44609

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_sw.dll

Filesize
54KB

MD5
ce980f7900cbc2792d93752a4c848f52

SHA1
1b95f60f152342fdcccedec76b6e6df0985b5186

SHA256
c39415653d267ad6b333e93ae206b92fa797f94d6162f94cf12f7dd181700702

SHA512
efed68a0fe21b57e2a4914716044009f9f91a942a9b7a309cb948890ae7a473b4c20fa043d48cdfbd5df3a9beb1eeb3333496e29324068177076561220b4e4bc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ta.dll

Filesize
54KB

MD5
fea93f5b6b2bee00bdf7094ea134de46

SHA1
a8cd6401ac416762839e4d2c319e2cf85cd94442

SHA256
7720143aba6ad9c47c82f1e6a67df370268fb5583269d83fef7db4406c208e0a

SHA512
4b238af212da3443afb94904da5b74e72477650b16745d8b820dd3e6094326a04e8478039321f73cca9e32d81c28b3f5babcd7a612927f7b12ba98a90ce40c4e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_te.dll

Filesize
54KB

MD5
f14fb02275d060f2792c3e4ecab89210

SHA1
c9124ce99da0d9d40f5a85fee768e7db87b13722

SHA256
20b693ea54b7a4cd2e2f9ee502dbd209426444ea9c56142b65fc1c1b74fd9f3b

SHA512
72f32e21b0b79fe254d5f68caf443b7dceeb95a42a27ce698f4b6cdc909e5c0615f42bdcdb9eb0b59dd404272aa53220dbd4f5eb59a90156ccb508d1698f0153

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_th.dll

Filesize
51KB

MD5
d66f9031b543c2bda20cc42a97555260

SHA1
3df7d0cd4c00e3349c94e152abe475d3eb0d751d

SHA256
10cb0513bae14bb47e25af38cc0d517fa6c0e8ed9fe31cdb7c1224e61d7e495a

SHA512
c0f92c55892d4ae7150c6def3d27fb372245cde5f3112173688783b062a4a8d2b0367e0ac0b746aa85271d72531f0a7ddcb6141ca81cdb286074ed6200700527

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_tr.dll

Filesize
52KB

MD5
7cde36754df47055df3210903d5307e5

SHA1
c63f286fc557ee8a27616bfdeb89445f3e8aea1c

SHA256
c44aae31bf2bacd019d62e3f8a89ab9061f2b08b45bec3a62cc093de0ba0d264

SHA512
30d76d3540acfc7d088cd19c9259b77f43ea4339cc131f5d6a5709e8b0fe1045d8c1c6d6ffc2bf097144004b588070e96e0224ce853050bdd54f9dd7e2e7469c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_uk.dll

Filesize
52KB

MD5
dd3232e5778218e221ca02087d9d3893

SHA1
a0f5dc845d025e86f4f3c911aa01e87571734634

SHA256
5747f38b98ddc7b64d5269556a3f4494df37697f2f7882140fe63c2fa078016d

SHA512
8f9cad81e892a6d829190d691bc40d26bcb96a9fc9f56b8400309d964bf17d70f6360c2f8f21e2b37e926736fbc57a04b3bffb037342ed0abbd776d6a417e67d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_ur.dll

Filesize
52KB

MD5
a1470aa631ce1148072fa30a05341f77

SHA1
8aa6adb4b40a1a1656d03d62f1bd3113fed765f4

SHA256
452cc38da4c827a8cd43317fcd5141a38bf016a55a51f747cc08a1a03fbb51df

SHA512
fb547ea516bbb127aa1c4e72cb10feaa47293ca01c67d998497ffdc3c64970c16462eeb074b30dcddf4bb10bbfd544bc7cc3e72976289c573d874cf9f76e36b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_files\BraveBrowserSetup-KOM473.exe

Filesize
1.2MB

MD5
7d97b69effadd61cb25b989b88d06ee5

SHA1
51350ec81abd194edf14cea05e46f6570dec7396

SHA256
2f3ef3f533fc60a39c29b520e1b533137a29facbabf4033a54ee9a4e90614552

SHA512
dcfbde3ce74fab00890b0d0dff4f4e1b1a0e137317e3e1dbdd487a12452f89d64cfc2238efb26668cfeb714fad18ddf0aed8c5b2768b1b9162c66bc6b97df9f2

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\BraveUpdate.exe

Filesize
170KB

MD5
ef5b72b0fd46d5bb0283599a1fbfdc4a

SHA1
e518cac6769c16417d8469131164f8d031c3c67d

SHA256
d959fe723fe9daedbecc0a516f30393ed4716833cbbda091f7aa8161f965ddd1

SHA512
632af716b77583f3cbac9ff378ce7583239d7f6fc4848bb70af225559c9c9bcadd2ecbe12cba33b018c32b1e12fde58d27134902cb476c1edca09703f538cc79

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdate.dll

Filesize
1.1MB

MD5
96ed71447f9ee845baadd13498b3b07a

SHA1
62a41a3ca1962c3d98ed18a22277aa6dc39a44bf

SHA256
00b1a415f5fff2ebfa79cb4060312648dbf521b53a576bf237a421055f15ee6e

SHA512
f7de4a4d1c4114c3fe89c5f79a27450abae5e094314d5da7825bd3b1d2960cfb3bad9a13bb6eede8ff77baa74101434b3a65d01a8e66750066e4e02cb29a5984

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_en.dll

Filesize
52KB

MD5
64a7aa7b32fed7b0585d087ef47bef32

SHA1
a54321a97fed51626018295deab9fe6162056658

SHA256
45149cc046b244e7a12f1af4b119799f9cf1fe142115cb1a3d7b1eec7d2f1634

SHA512
7fb125b48e241335806c5e09d69b1a44d71cbeb2de099591e16217c882c2fca638100c83bf93076874d74dcc836b1cb6299055e8a241dfb008ddd55c5525f36a

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM9C02.tmp\goopdateres_en.dll

Filesize
52KB

MD5
64a7aa7b32fed7b0585d087ef47bef32

SHA1
a54321a97fed51626018295deab9fe6162056658

SHA256
45149cc046b244e7a12f1af4b119799f9cf1fe142115cb1a3d7b1eec7d2f1634

SHA512
7fb125b48e241335806c5e09d69b1a44d71cbeb2de099591e16217c882c2fca638100c83bf93076874d74dcc836b1cb6299055e8a241dfb008ddd55c5525f36a

Download Submit
memory/112-59-0x0000000075C41000-0x0000000075C43000-memory.dmp

Filesize
8KB

Download
memory/924-143-0x000007FEFC2E1000-0x000007FEFC2E3000-memory.dmp

Filesize
8KB

Download
memory/1752-55-0x000000001B030000-0x000000001B04A000-memory.dmp

Filesize
104KB

Download
memory/1752-54-0x0000000001110000-0x000000000126E000-memory.dmp

Filesize
1.4MB

Download
memory/1752-57-0x000000001B057000-0x000000001B076000-memory.dmp

Filesize
124KB

Download
memory/1752-56-0x000000001B057000-0x000000001B076000-memory.dmp

Filesize
124KB

Download