ecc5104b96c45e5d6be078f582c42df0f6421d9f8e0e4e851764cc6f643c49e4

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2023 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetup.exe
Size

1.3MB
MD5

0cc96db68a2c8ac22f8b9c04643b9536
SHA1

055181333fafc1e528b4bc21e763d2c86ddaa3cf
SHA256

ecc5104b96c45e5d6be078f582c42df0f6421d9f8e0e4e851764cc6f643c49e4
SHA512

843ac0a944d7673cff95e9e9afe6c64a87084411d5eb050eadc19779b968b65c756081000c92a79a3fbad896e246b0f766e045abd8a267bcb2b433ff93f7c747
SSDEEP

24576:7ahOAxa1I/3evD4ivg9otp2naFe53is7yscRG/BwPhZAsIrEDE3ePTZO8xMACQn7:2hOZC/eb4io+pSaFW3iuyhUwpZAzgDEI

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

BraveUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

brave.exebrave.exeBraveUpdate.exebrave.exebrave.exebrave.exebrave.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	BraveUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	brave.exe

Executes dropped EXE 54 IoCs

Processes:

BraveUpdate.exeBraveUpdate.exeBraveUpdate.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave_installer-x64.exesetup.exesetup.exesetup.exesetup.exeBraveUpdate.exeBraveUpdateOnDemand.exeBraveUpdate.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exechrmstp.exechrmstp.exechrmstp.exechrmstp.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exe

pid	process
4228	BraveUpdate.exe
3916	BraveUpdate.exe
1652	BraveUpdate.exe
4384	BraveUpdateComRegisterShell64.exe
1280	BraveUpdateComRegisterShell64.exe
2812	BraveUpdateComRegisterShell64.exe
2916	BraveUpdate.exe
112	BraveUpdate.exe
3636	BraveUpdate.exe
1880	brave_installer-x64.exe
2128	setup.exe
3560	setup.exe
1160	setup.exe
3688	setup.exe
3240	BraveUpdate.exe
432	BraveUpdateOnDemand.exe
4068	BraveUpdate.exe
1340	brave.exe
3592	brave.exe
948	brave.exe
3156	brave.exe
1300	brave.exe
672	brave.exe
3928	brave.exe
3440	brave.exe
1424	brave.exe
3048	brave.exe
4452	brave.exe
4424	brave.exe
2604	brave.exe
4580	brave.exe
3880	brave.exe
1796	brave.exe
1616	brave.exe
4236	brave.exe
220	chrmstp.exe
2536	chrmstp.exe
4904	chrmstp.exe
5012	chrmstp.exe
856	brave.exe
4892	brave.exe
3652	brave.exe
1444	brave.exe
4972	brave.exe
2128	brave.exe
4032	brave.exe
5100	brave.exe
3080	brave.exe
2204	brave.exe
4800	brave.exe
4064	brave.exe
2256	brave.exe
4368	brave.exe
4660	brave.exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
4228	BraveUpdate.exe
3916	BraveUpdate.exe
1652	BraveUpdate.exe
4384	BraveUpdateComRegisterShell64.exe
1652	BraveUpdate.exe
1280	BraveUpdateComRegisterShell64.exe
1652	BraveUpdate.exe
2812	BraveUpdateComRegisterShell64.exe
1652	BraveUpdate.exe
2916	BraveUpdate.exe
112	BraveUpdate.exe
3636	BraveUpdate.exe
3636	BraveUpdate.exe
112	BraveUpdate.exe
3240	BraveUpdate.exe
4068	BraveUpdate.exe
4068	BraveUpdate.exe
1340	brave.exe
3592	brave.exe
1340	brave.exe
948	brave.exe
948	brave.exe
948	brave.exe
948	brave.exe
948	brave.exe
948	brave.exe
948	brave.exe
3156	brave.exe
3156	brave.exe
1300	brave.exe
1300	brave.exe
672	brave.exe
672	brave.exe
3928	brave.exe
3928	brave.exe
3440	brave.exe
3440	brave.exe
1424	brave.exe
1424	brave.exe
3048	brave.exe
3048	brave.exe
4452	brave.exe
4452	brave.exe
4424	brave.exe
4424	brave.exe
2604	brave.exe
2604	brave.exe
4580	brave.exe
4580	brave.exe
3880	brave.exe
3880	brave.exe
1796	brave.exe
1796	brave.exe
1616	brave.exe
1616	brave.exe
4236	brave.exe
4236	brave.exe
856	brave.exe
856	brave.exe
4892	brave.exe
4892	brave.exe
3652	brave.exe
3652	brave.exe
1444	brave.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

BraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exesetup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

setup.exebrave.exeBraveUpdate.exeBraveBrowserSetup.exe

description	ioc	process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2128_1798803413\Chrome-bin\109.1.47.186\Locales\cs.pak	setup.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\BZMg4HyyHVUJkwh2yuv6duu4iQUaXRxT6sK1dT7FcaZf.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\DEAdry5qhNoSkF3mbFrTa6udGbMwUoLnQhvchCu26Ak1.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\9DdtKWoK8cBfLSLhHXHFZzzhxp4rdwHbFEAis8n5AsfQ.png	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateCore.exe	BraveUpdate.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\MAHCOIN.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\debounce.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\github\_locales\te\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\twitter\_locales\fr\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\nexum.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\4kmVbBDCzYam3S4e9XqKQkLCEz16gu3dTTo65KbhShuv.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\github\_locales\el\messages.json	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\goopdateres_pt-PT.dll	BraveUpdate.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\Greaselion.json	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdate.exe	BraveBrowserSetup.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\9axWWN2FY8njSSQReepkiSE56U2yAvPFGuaXRQNdkZaS.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\chainlink.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\twitter\_locales\vi\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\FOAM.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\guppyrZyEX9iTPSu92pi8T71Zka7xd6PrsTJrXRW6u1.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\dia.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\twitter\_locales\sw\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\USDx.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\DODO.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\github\_locales\ta\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\skl.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\stasis-eurs.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\FeGn77dhg1KXRRFeSwwMiykZnZPw5JXW6naf2aQgZDQf.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\ABxCiDz4jjKt1t7Syu5Tb37o8Wew9ADpwngZh6kpLbLX.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_959113202\hyph-en-us.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\psuser_64.dll	BraveBrowserSetup.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\parsiq.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\starbase.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\idle.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\enigma.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\clv.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\twitter\_locales\hr\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_428696758\1\scripts\brave_rewards\publisher\reddit\_locales\gu\messages.json	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\4DrV8khCoPS3sWRj6t1bb2DzT9jD4mZp6nc7Jisuuv1b.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\Camp.png	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2128_1798803413\Chrome-bin\109.1.47.186\chrome_wer.dll	setup.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\EqWCKXfs3x47uVosDpTRgFniThL9Y8iCztJaapxbEaVX.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\B3Ggjjj3QargPkFTAJiR6BaD8CWKFUaWRXGcDQ1nyeeD.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\mln.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\4pk3pf9nJDN1im1kNwWJN1ThjE8pCYCTexXYGyFjqKVf.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\75dCoKfUHLUuZ4qEh46ovsxfgWhB4icc3SintzWRedT9.png	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2128_1798803413\Chrome-bin\109.1.47.186\chrome_elf.dll	setup.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\mAAPL.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\ATSPo9f9TJ3Atx8SuoTYdzSMh4ctQBzYzDiNukQDmoF7.png	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2128_1798803413\Chrome-bin\109.1.47.186\chrome.dll.sig	setup.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\DJafV9qemGp7mLMEn5wrfqaFwxsbLgUsGVS16zKRk9kc.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\9eaAUFp7S38DKXxbjwzEG8oq1H1AipPkUuieUkVJ9krt.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\CCAQZHBVWKDukT68PZ3LenDs7apibeSYeJ3jHE8NzBC5.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_959113202\hyph-et.hyb	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_1065338838\588a5b97-8302-4254-bfbe-774373e1598c.jpg	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\5Ro6JxJ4NjSTEppdX2iXUYgWkAEF1dcs9gqMX99E2vkL.png	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\goopdateres_hi.dll	BraveUpdate.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\sora-val.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\3LmfKjsSU9hdxfZfcr873DMNR5nnrk8EvdueXg1dTSin.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\rare.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\halodao-rnbw.png	brave.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1340_165995331\images\usds.png	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2128_1798803413\Chrome-bin\109.1.47.186\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateOnDemand.exe	BraveUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

brave.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

brave.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133202015411884368"	brave.exe

Modifies registry class 64 IoCs

Processes:

BraveUpdate.exeBraveUpdateComRegisterShell64.exeBraveUpdate.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exesetup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\ProgID\ = "BraveSoftwareUpdate.CoCreateAsync.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher.1.0\CLSID\ = "{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService.1.0\CLSID\ = "{08F15E98-0442-45D3-82F1-F67495CC51EB}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods\ = "8"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass\CurVer	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.135\\goopdate.dll,-1004"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ = "IPackage"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc\CLSID\ = "{3A9D7221-2278-41DD-930B-C2356B7D3725}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\Application\ApplicationCompany = "Brave Software Inc"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\VersionIndependentProgID\ = "BraveSoftwareUpdate.ProcessLauncher"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\ProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AAC778E0-4BE5-421E-949C-9F7E4AE6D479}\InprocHandler32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\VersionIndependentProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ = "IPackage"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc.1.0	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}\InProcServer32\ThreadingModel = "Both"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc\CLSID\ = "{13B35483-DF37-4603-97F8-9504E48B49BF}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ = "ICoCreateAsyncStatus"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{A51DFEE5-1FBE-4EF8-B751-1C5FECA423B6}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}	BraveUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

BraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave.exe

pid	process
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
112	BraveUpdate.exe
112	BraveUpdate.exe
3240	BraveUpdate.exe
3240	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
4228	BraveUpdate.exe
1340	brave.exe
1340	brave.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

brave.exe

pid process

1340 brave.exe
1340 brave.exe
1340 brave.exe
1340 brave.exe
1340 brave.exe

pid	process
1340	brave.exe
1340	brave.exe
1340	brave.exe
1340	brave.exe
1340	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BraveUpdate.exebrave_installer-x64.exeBraveUpdate.exeBraveUpdate.exebrave.exe

description	pid	process
Token: SeDebugPrivilege	4228	BraveUpdate.exe
Token: SeDebugPrivilege	4228	BraveUpdate.exe
Token: SeDebugPrivilege	4228	BraveUpdate.exe
Token: SeDebugPrivilege	4228	BraveUpdate.exe
Token: 33	1880	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	1880	brave_installer-x64.exe
Token: SeDebugPrivilege	112	BraveUpdate.exe
Token: SeDebugPrivilege	3240	BraveUpdate.exe
Token: SeDebugPrivilege	4228	BraveUpdate.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe
Token: SeCreatePagefilePrivilege	1340	brave.exe
Token: SeShutdownPrivilege	1340	brave.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

setup.exebrave.exechrmstp.exe

pid process

1160 setup.exe
1340 brave.exe
1340 brave.exe
1340 brave.exe
4904 chrmstp.exe

pid	process
1160	setup.exe
1340	brave.exe
1340	brave.exe
1340	brave.exe
4904	chrmstp.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BraveBrowserSetup.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave_installer-x64.exesetup.exesetup.exeBraveUpdateOnDemand.exeBraveUpdate.exebrave.exe

description	pid	process	target process
PID 2696 wrote to memory of 4228	2696	BraveBrowserSetup.exe	BraveUpdate.exe
PID 2696 wrote to memory of 4228	2696	BraveBrowserSetup.exe	BraveUpdate.exe
PID 2696 wrote to memory of 4228	2696	BraveBrowserSetup.exe	BraveUpdate.exe
PID 4228 wrote to memory of 3916	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 3916	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 3916	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 1652	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 1652	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 1652	4228	BraveUpdate.exe	BraveUpdate.exe
PID 1652 wrote to memory of 4384	1652	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1652 wrote to memory of 4384	1652	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1652 wrote to memory of 1280	1652	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1652 wrote to memory of 1280	1652	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1652 wrote to memory of 2812	1652	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1652 wrote to memory of 2812	1652	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 4228 wrote to memory of 2916	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 2916	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 2916	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 112	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 112	4228	BraveUpdate.exe	BraveUpdate.exe
PID 4228 wrote to memory of 112	4228	BraveUpdate.exe	BraveUpdate.exe
PID 3636 wrote to memory of 1880	3636	BraveUpdate.exe	brave_installer-x64.exe
PID 3636 wrote to memory of 1880	3636	BraveUpdate.exe	brave_installer-x64.exe
PID 1880 wrote to memory of 2128	1880	brave_installer-x64.exe	setup.exe
PID 1880 wrote to memory of 2128	1880	brave_installer-x64.exe	setup.exe
PID 2128 wrote to memory of 3560	2128	setup.exe	setup.exe
PID 2128 wrote to memory of 3560	2128	setup.exe	setup.exe
PID 2128 wrote to memory of 1160	2128	setup.exe	setup.exe
PID 2128 wrote to memory of 1160	2128	setup.exe	setup.exe
PID 1160 wrote to memory of 3688	1160	setup.exe	setup.exe
PID 1160 wrote to memory of 3688	1160	setup.exe	setup.exe
PID 3636 wrote to memory of 3240	3636	BraveUpdate.exe	BraveUpdate.exe
PID 3636 wrote to memory of 3240	3636	BraveUpdate.exe	BraveUpdate.exe
PID 3636 wrote to memory of 3240	3636	BraveUpdate.exe	BraveUpdate.exe
PID 432 wrote to memory of 4068	432	BraveUpdateOnDemand.exe	BraveUpdate.exe
PID 432 wrote to memory of 4068	432	BraveUpdateOnDemand.exe	BraveUpdate.exe
PID 432 wrote to memory of 4068	432	BraveUpdateOnDemand.exe	BraveUpdate.exe
PID 4068 wrote to memory of 1340	4068	BraveUpdate.exe	brave.exe
PID 4068 wrote to memory of 1340	4068	BraveUpdate.exe	brave.exe
PID 1340 wrote to memory of 3592	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 3592	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe
PID 1340 wrote to memory of 948	1340	brave.exe	brave.exe

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2696

C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"
2⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4228

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3916

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateComRegisterShell64.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4384

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateComRegisterShell64.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1280

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateComRegisterShell64.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2812

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3M0FGRDExQS0wMjQ1LTQwM0UtQjZDMi1FMkI3NzJGMzYxMjN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7Mzc0M0JBRTQtMTMzNS00NENELTgyM0QtRTc1NTM3Nzg3N0JEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjEzNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNzM1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2916

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{73AFD11A-0245-403E-B6C2-E2B772F36123}"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:112

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3636

C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\brave_installer-x64.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\brave_installer-x64.exe" --do-not-launch-chrome
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1880

C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2128

C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff646af9710,0x7ff646af9720,0x7ff646af9730
4⤵
- Executes dropped EXE
PID:3560

C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
4⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1160

C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{43F09E20-E0EC-4B42-9806-D7606CE8B16D}\CR_5A788.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff646af9710,0x7ff646af9720,0x7ff646af9730
5⤵
- Executes dropped EXE
PID:3688

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3M0FGRDExQS0wMjQ1LTQwM0UtQjZDMi1FMkI3NzJGMzYxMjN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7Njk3MzIyNkMtQzU2OS00OUYzLTg5MzgtODUwMjlEMDBCNjcwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMS40Ny4xODYiIGFwPSJ4NjQtcmVsIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3g2NC1yZWwvd2luLzEwOS4xLjQ3LjE4Ni9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTA1NzY2NzA0IiB0b3RhbD0iMTA1NzY2NzA0IiBkb3dubG9hZF90aW1lX21zPSI4MTg4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyOTciIGRvd25sb2FkX3RpbWVfbXM9IjEwMDE2IiBkb3dubG9hZGVkPSIxMDU3NjY3MDQiIHRvdGFsPSIxMDU3NjY3MDQiIGluc3RhbGxfdGltZV9tcz0iMTc5MDYiLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3240

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.135\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:432

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4068

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1340

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc1c687b68,0x7ffc1c687b78,0x7ffc1c687b88
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3592

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:948

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2308 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3156

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2572 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1300

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9044284880272027142 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3104 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:672

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=9044284880272027142 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3928

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9044284880272027142 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3800 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3440

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9044284880272027142 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=4324 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1424

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3048

C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
4⤵
- Executes dropped EXE
PID:220

C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7b4b79710,0x7ff7b4b79720,0x7ff7b4b79730
5⤵
- Executes dropped EXE
PID:2536

C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\master_preferences" --create-shortcuts=1 --install-level=0
5⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4904

C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7b4b79710,0x7ff7b4b79720,0x7ff7b4b79730
6⤵
- Executes dropped EXE
PID:5012

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4452

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4424

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2604

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4580

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3880

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1796

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1616

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4236

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:856

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6524 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4892

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3652

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1444

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6356 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:4972

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5632 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:2128

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6636 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:4032

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9044284880272027142 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5220 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5100

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6928 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:3080

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=924 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:2204

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5556 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:4800

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1832 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:4064

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2008 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:2256

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:4368

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=2076,i,11083545383900758369,6020593323563704673,131072 /prefetch:8
4⤵
- Executes dropped EXE
PID:4660

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveCrashHandler.exe

Filesize
293KB

MD5
db89409db176786d18f45894b8b72873

SHA1
aa0cb571cd5d0930b548296c14f36c5e04a200ea

SHA256
acad5f8918b6494660c3ecaf9ceb503ba420276cdd62faca99acf94c070deb41

SHA512
7cc4634cc5857f60b3a8444290a78445465b663cf363df51d3e0f9c40e96cd2fd8b6b3932a73b50fbc51a25c7f6214864fdcf9ab573e46a345a544ad46f33389

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveCrashHandler64.exe

Filesize
386KB

MD5
08eed6e22611effe2cf5ffeff4bb98e1

SHA1
498101ed1c2220154e3cadc32763361ffb96c239

SHA256
3a2a7c041504680b55e0fb1b4661152da982d79b3c36e4afd93ced407ffb4813

SHA512
7e5940a4cabcc562c6ebaa279725f63c2e26b30c794b641d3dcb64978037becf253a93479011d6b78e557763287d383ad1ac2f4aeb773d7f848319c34bf1b6fa

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveCrashHandlerArm64.exe

Filesize
360KB

MD5
09808928330c3cad3c5e6d38487d275a

SHA1
aad98f2555045176d51aa92cd8e73254e5d703be

SHA256
c5ecbd3eda4bd90030e88180833594632c1be495933bb072508633c839fb832c

SHA512
91a13d69a49f179ddea9f8acbe9b4c78cc994d43e434781c46cb58f944b1d7267fb1216542cf6000066c14ecaac10482747d1f30f8b28005a4b7d9876b1e5696

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdate.exe

Filesize
170KB

MD5
6abcc089198580990bf0cfe5fc600c76

SHA1
cb513561d1f592888c94a79f62b1969d3f36f468

SHA256
e85d021214b468d49ebad516a6bd483342c1fd373ebd8a65f28a62de80dc4168

SHA512
8e3f99088e67bcdbe30591acd56342e55a84707d7978e44fb4f719bfb103eb8c9457a166218e8d0eab60f7c9eb60df877c0c1dd88c3cdb0995d29de220360b31

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdate.exe

Filesize
170KB

MD5
6abcc089198580990bf0cfe5fc600c76

SHA1
cb513561d1f592888c94a79f62b1969d3f36f468

SHA256
e85d021214b468d49ebad516a6bd483342c1fd373ebd8a65f28a62de80dc4168

SHA512
8e3f99088e67bcdbe30591acd56342e55a84707d7978e44fb4f719bfb103eb8c9457a166218e8d0eab60f7c9eb60df877c0c1dd88c3cdb0995d29de220360b31

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdateComRegisterShell64.exe

Filesize
188KB

MD5
1c56fe66948040b8851ff1687f3ff07b

SHA1
2fcac761af9c7f25966a5131f458c99308f20ebd

SHA256
4b6dd93ec34b62ae963292573e6ea5ed9f560b75c0249c582fcc44e8fa0a073d

SHA512
44b87eb81be617a02844603160eb6deb94f5cf973879c32af02450534c9ab7e9405f8a843a0edc83d9db56f2d5f3a268acfc298b85ef8cb5157b714ae121ee99

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
148KB

MD5
ef6712f6be099491c35f4e91bfd4e873

SHA1
d7f7480e8bce889d5f63f2e428ab11f70520a04a

SHA256
1138c0d6d2495a2c9400380e923b6f53d1ab932f67303e2a5a11bde8bde5301f

SHA512
096d11fa19bfb9322af0bd8cf0eb48e086fd4f0eeba3943e1ff87615aa0d314f7c30785a54dc4ca0a8e2720b4f5f20f01ce52787bc6e9871fa3315c70e67718a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\BraveUpdateCore.exe

Filesize
217KB

MD5
21821145c6e06dd24f9c4c8257d24824

SHA1
7eb05ed16a6db68563459095d0ba348209e7e9a2

SHA256
ff50b7756468cf2074aa41bda8d46082871df615dbfa7306440ace783aab2c46

SHA512
556d7d30a169048b8dd8f7efc33a42f29b45847a6d51560c50dd6c6d09dd62ffb86573d1a3e99141202ee7f66172471fa0fb84c34cfb902f38f837c41c03332d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdate.dll

Filesize
1.1MB

MD5
1452daef18c7b988e6fda9606ff6cb60

SHA1
4818c9f3d47ec9736ba83474ebd2b0dedec0fb3b

SHA256
e48f273c5bdd68518cf2c2400b15939e16f2cd86b13977546510388f38ee0534

SHA512
b9894b865d603c35c4e513f5c6002a48b4309fe773a5164ae15891ac1dae9fabd01591e8c9da3d56a4bf063e8d022b9665c1d9f0a1176b8cea36650dfb4a1c85

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdate.dll

Filesize
1.1MB

MD5
1452daef18c7b988e6fda9606ff6cb60

SHA1
4818c9f3d47ec9736ba83474ebd2b0dedec0fb3b

SHA256
e48f273c5bdd68518cf2c2400b15939e16f2cd86b13977546510388f38ee0534

SHA512
b9894b865d603c35c4e513f5c6002a48b4309fe773a5164ae15891ac1dae9fabd01591e8c9da3d56a4bf063e8d022b9665c1d9f0a1176b8cea36650dfb4a1c85

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_am.dll

Filesize
51KB

MD5
948915c8c5b64680c824bb5108defe48

SHA1
f0d5d54e3b9afb336fa9939f450c4148b40c1b3f

SHA256
8f8696c7e9ba3245ebd4b9de193e42fd68e4d7603edd2a36fcb3f34927550047

SHA512
5b74fc6885cd602d30695a3d9afaaf07739d2033e39c1a4377e27a949ce8dbc5b9465cce4af51536c6a73bf224a98cbd20a9f1ab6b8eb171ce3d8833da3c9d6b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ar.dll

Filesize
50KB

MD5
b911aea1af9fdffc00a7686a5c400972

SHA1
f1724286cc64e43db22c93e131ef3f32d04538b7

SHA256
a35afbbfcb8cb8a417501153fe831167950dd0329118100a583b3959d922e3c3

SHA512
27b723eddb27abbf8a33a35a2acb1406807719a8fbc9a3d463e48ecac5c16db7e5226174d7b132d4ac5d5e59983444364a8480b384d8a0cbf2068f377ad12d8c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_bg.dll

Filesize
53KB

MD5
569b8b4ffc1c0a92c3a3e8ba976b1196

SHA1
2d1debcc900b2f2db3ed6cc96e88918ed544b473

SHA256
0ad7c95a22edcaa1b3a6bfdebfe3d47dd7341371b7a3b7b0bce37e400ff64c48

SHA512
81297bc2df8ce9d0c03deecf7eaee94476a9a36e31060855202326e86161f969653b1a467b766afac9eb5dbd4464f2873d4d38af60b82d36b496aeeeaa4e1038

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_bn.dll

Filesize
53KB

MD5
fd64e8b4926a07963505cd3a862229c2

SHA1
ff8012c29ce16f9537096d02289bcd52bd2e6044

SHA256
53ffe362b6197f9d9598653681cb07cb9b5146c574b9ab75d7e9957ec85da924

SHA512
f6d300840c8343fb688fc98be56720b05535dc13d35ecbfe0e2580ea8b612ce0a2535facd21ef5293ae9da9b3ae831452b36e5aa8f307c8cc86cf107399a9d40

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ca.dll

Filesize
53KB

MD5
b320e6d7b7b1acd8ddaede3d64e194e3

SHA1
e6cd22884727fa7024e0ed194e458f331c7e820c

SHA256
897d54428955bf8d644bfc366ffdd0bec5b23b7a850293dfa9ad1678c78c6aac

SHA512
8d1c4c0d644a27cd111297f1440cfa34ec92748540055981f4bd93e420f7c35d8660b44a907d58f3ae8704b07b536e65a54ba795ba9e2ad61fb5fb8c9dc021b7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_cs.dll

Filesize
52KB

MD5
bafb2fa982d543086f7f4a088d6d1f68

SHA1
769bc83f4cd27b23f9eeb30a628ac91cdab65eb6

SHA256
d2f983d2fbb4d0439367864f0d08447deb245e9fa8f761251ec089d642821152

SHA512
64eb2d12185660701108faf5e452501fa3a9505e84a530a78e7ca14420be2d3a21014b1e06d5b44e7ed2c54017b02f7c5104ad541dfb8115317beebfce71b59d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_da.dll

Filesize
52KB

MD5
4e3fea264768cee809b2b21f6467b1b7

SHA1
9cd2cfc1321c817706a74edcb2614a5d4e97369b

SHA256
b89285ff1fe7b7de4e82cd93a26e36f9f93761e0a65e56c6b6ba82148b4a14fe

SHA512
b333046d12ebfa096f146757401fb6bd8a5881226b7a05ac90cbbd51cc2164ea595610e2d478a0d0042174b10a5dd291f8c9017cb35ccbe18732178345e2830d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_de.dll

Filesize
54KB

MD5
408515b21cf56b8741fc87bc836f6619

SHA1
686dcfc632fdfd06254ec5b04bf7717b76a6a154

SHA256
654050bbee8c4db832f3a1cf3403b992e546bd7391b0705c72a097050132f7e1

SHA512
ca177230a9066d5a629b1ba931a8b68448db11ac3a3028b35bdf88a67c531c78f93fe2fae50a9a006adf6ebbb5c124b0e7b6f4893fe51b41e52b3a9978100752

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_el.dll

Filesize
54KB

MD5
f131ba39cec9fb05c1304997480c35d0

SHA1
956fde48ba92cce758eb21cb3ac290093e5c06b7

SHA256
b99c9ee1b8667ae52ecf2b380b7dd8c4d85e36fbac1ec75ef53fb02cb2530e00

SHA512
97cf070f606141842ff7e036b942f2543a5da508152c9bda5ed76901369ce806c97f59636aa27b2c41738f829012613dc0d6c09ffde6fa753c121f70b1f6c086

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_en-GB.dll

Filesize
51KB

MD5
56061871a166ddeef9257c1f00906466

SHA1
8e9dcf13247c0e44376e63e8e2eade453445a5ef

SHA256
0cc8534b0d99d3d7f1f5e9ab3c8d80922ff5d0454a6f585cb896aaeacb415301

SHA512
1f49378d9b839368dc0a6c23c5bec3f27c85ca97344067d136bfa58ab2ec60a3913a283f0e1c245dac0b51916fb1e07691307724b84d033c305ebc302ebc4d7a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_en.dll

Filesize
52KB

MD5
c6f1751102f65017663d8304b4cf0f68

SHA1
d55ed42b5db1f6903ec409ad91b0c8f0c0c1562f

SHA256
247f7e784e0f19cc05512b49916172c7ca6aae4748ddcd32628044202a4177df

SHA512
ddbb947fc4b4c96f3c7a0145cd385e25d5cd3345b47f0d3033e569882e22d1b8fc47d3f20792f6eef48bd316eda25f3140f8f093e6eda07e43abfe915db379a0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_es-419.dll

Filesize
53KB

MD5
1b36d1b8733d82796367639a8674fe69

SHA1
59a7e731050cf2ee6608ed35c914deb62927d67e

SHA256
394775ced93b7f402dbda2c3372439301a65ff1fd272d185cbe023065e822c49

SHA512
b03c077b9b382c6e14468fb9b68bb58f1fba8a0c7d6fa7c8aac1aa402f7c870e41c0c9c8aa8844e8c308d2fe7665a8df9ca154dd63ee57a024360c7a620ce705

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_es.dll

Filesize
54KB

MD5
f0c44dac26949e960b0a3ed49608cdf2

SHA1
38fb50765a0a055a84fbd9bc20690131d8e36d75

SHA256
a5a2c6997b5df5e450d5f378357be20de57edaa230a601ada00c9d01cd3bac2d

SHA512
f8301ca483ab7b113dc99800a1bc9cc5e418e73b82fa63cb766449d4a1e808ea990a2cb8509b29848d87edd7d59c99ebda16d4840d70e93e210d4dcabc851fd8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_et.dll

Filesize
52KB

MD5
1ff390c918faeab0a550916b03ebf4fe

SHA1
6676a08d481936dda7198a44b646cd2c2d69cc1d

SHA256
6e116710bacbdc6c1455bce2c7b28003ef19bd5dffe5478c1b91657fdc11051f

SHA512
c640322e409280f5cddaa4d401a25ccd9a5d1e9bdf25e4bb9426aa130e5d49999ad67932d44dcc2c21771ee4f5da70604a261860d2f9f16ed25f0f5114c5e741

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_fa.dll

Filesize
51KB

MD5
c798fb4dde3751032eb0b73574461d17

SHA1
1a98da3c305d107952caea19f3f38d98a6b8a9bb

SHA256
61ef36f51fc031029be29709fcc22882bdf5e4922dbd6bed97b68f3ea9f23c70

SHA512
6d44ec0de06f76d5fb4b3ecc1a5d54419dbb0e4cd0338e036fb8defcf6d8c0f21f103d1c24c4f2ea5c92cdf23453f0e0c4e4982db5da5898bd2f9be3269fec00

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_fi.dll

Filesize
52KB

MD5
c908a8d6525a99edc3b41b0dbbdafaa0

SHA1
db0b3589c6d00a6afdedf3c84216db7a75a73bf6

SHA256
20b2689d1bc6ba043a5ce244aba13a4fde54cdca12234c8f156d9d024dec2c93

SHA512
71e8bb26ed82c3447fa44a9b2093027571df48549580763fdee8846c740b796d870da43610130aaaee88f16cebbaac995aee69ec416a292fe918b701ecc088e1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_fil.dll

Filesize
53KB

MD5
d591065cc99df47d71b9b1dff441da24

SHA1
ffabb6834245bb5e1ea1182f8f21daa55e28e7e6

SHA256
f1037b2231ebc340c3c5eace6b9769cd6265cab1cecb49628c48b135f09c968a

SHA512
b6835766df4a4acb760f8aa779012dcb6d4478689113532e7ffdb67712e09871636dd055e4139ce6f1d6d77ed2189ddb7c486413d26fb2339a626f936b353039

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_fr.dll

Filesize
54KB

MD5
33099f9ef0839e6e429a316e8de126d8

SHA1
ca3eed9fcb72bf59dd1e001754cdaae300fe0896

SHA256
8e8580358d8b91a86e17ab6030c833c57d81f128f1c906fd09801b7a5f82465b

SHA512
8354c5aad39bc9c86c60883bbe3c8bbf0271b3444c6fc17d989d1a15e523f9d27a93a318b6fba2ea5757964bef6e3cb01dd846dcc571a2a4646afc5c19a37a90

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_gu.dll

Filesize
54KB

MD5
2443075d64a8411111246316d7ad3839

SHA1
3c2bf816820e79566ff75ecb80a0f4430cab97c8

SHA256
b7cdb2c0b776e221954dbc20528dd7f4a2b2314cfa36a7e36fdb54157b94c8f6

SHA512
005ac0ebb4c97b881ecd2c8d491b1082b141230f1336b06a1537a8e6a6481277255a47aa1074f825b84be04070f7690fdf6c6988b6954187602f0862fc82985b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_hi.dll

Filesize
52KB

MD5
bcb46913b7dd3aca9ef932861fb1098c

SHA1
f6873cf6949cece7a30ad239b493577102520067

SHA256
79443f6d2b04f4f121b04568d8a5765f2bb3e1e7d3516ab4e021b55b736b165e

SHA512
ce0ab53f4dd563b7dfe67b52b449f75fbdbeb88a5040e8f87786dac087064a26ac76149407c17b42a6371cdaf8aeea4e0954b309a0a2bdd0292f2b1068257b67

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_hr.dll

Filesize
53KB

MD5
67cfb658bac4b9f99eb5c3e99fc83284

SHA1
a6acae1d1becc84f0f7caf86a195248a0b031fce

SHA256
89fed94300ec129f979d52ccdc5f7976038aa815d9ed1c33789bd5f8efba8536

SHA512
047d84d8f3ce8b2e17ad647f76f4c77d9d2908c750c8c164702d0e0748629f534dcbc01ad3dd7d7ad2218914652ea11b91a718f3998f0788ff694981f7bdb9df

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_hu.dll

Filesize
53KB

MD5
408d4c9ecbaa8afc8ebbf3188e6ba2ed

SHA1
afeb078988e927928969bacf081eb848f214cac8

SHA256
dc7c89024f6065afe7e9d4e44074d4abb09062410d96ef12bfa19274178722dc

SHA512
5dc34bdc63f7f4090e9976c03180e672e92990723db192c4337867d035bee8d0b80c1dbdd24509c3c10225d4796822b0bedf661932d4a58dbad0529c8fe63911

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_id.dll

Filesize
52KB

MD5
0b0fe2afa7a85782afdb367c83775528

SHA1
6535f278eb7c6a1da01c208dc9ce505ab7efe3d4

SHA256
cb3bca2c48b54c55b9079b23d2b0ccce463d537594e11f2a4f77d7ec193351af

SHA512
4d8ad71a5e20f30433564cfd6a3a9e910e914e6d9ada92515dc05723a6471c26a029c5c138c44f1cbcfb8462b26b366376c172a2620065ec3a69612856b558d4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_is.dll

Filesize
52KB

MD5
04e54d2ddf9c511d305d764eb4d2dfbe

SHA1
78fcb6c7dfed1af62211d8d056fa51c4b9adc3a0

SHA256
8c5e16c7ff2416ba3058c92ffc03f7afd7da774a4dceb486379746c2b4b1d3ed

SHA512
f58b4d7ee891798c535b5bc0407e42d65360923d3e1717de9376ac14be9793089744f607651d47bbfa4e2cb6f5b720cc4cc484aaff788399fe60aa45dd8bab37

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_it.dll

Filesize
54KB

MD5
350e6b48172f1d5cc341519511ac315d

SHA1
c4e83443c96e891e25d9176fb6d0a4a727a46b3d

SHA256
5cbaa21adae4a8ef6523a307169caa0a1048ae7c356a0767d898aab0dfbb6274

SHA512
1e2ee755706510a687c2213c9ea9f878a58bd06af5b527dfff727e8d7ea4b33bae876274890e39bb0191dad7a105fbdb732dbdf6eb3ee8e8d2f4aecdc3f22a2b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_iw.dll

Filesize
50KB

MD5
a10f4d266d90ac4ee4662230888baf91

SHA1
37cc6188374a75b3a102cee929ddb8b79b14e97f

SHA256
b3f692f08e294cdeae4d01c6dd9f44c0d507debd8bfbdf7c290b16a053e58383

SHA512
d2daf2743b5e13a3bd714b94bc090bba0f742c9e65ef1443c824200cd02d0025dc938de09445504fe94de5a3053bb1f0b5336bb0d2e444d55071ffeb11ac4d43

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ja.dll

Filesize
49KB

MD5
daa4eb7aed66a4b41d6abac30e5f24d1

SHA1
72b4074c52d3f5690986078c3a1317475c152184

SHA256
fedcdcbc60fe2283725d5005c7de16535aa6626477b1ac18459ad252c9a35af2

SHA512
5decfa608efd6cfe67754d2376cb2c980d48b73d9c18a0d0d421120640795a1e6b901ed0ec7adc0440d41f658680d1be7a27a43131c55c5f4c8e07f97bdec9ea

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_kn.dll

Filesize
54KB

MD5
0f19493215ed4833be45d1c148ee7e71

SHA1
30d31bd0a867325a0762d3739477c9cd473ea997

SHA256
bb7c8c1dd35444a616952bd8f6638dc70f04b85f8c7bacdf22ce45c08a1a0c31

SHA512
f180cf63187b9fdeddbd6620f7880478507234744a941815252052612c1f6495d136b5b8390b7be7d728f7b662c40f759f1ca5e4857af5e489432ea3dcdb977b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ko.dll

Filesize
48KB

MD5
31ddaab73040e9113b8a49e43f4fc995

SHA1
0116cc534ba722159b53f1d102877815237bf80d

SHA256
ad310fd3851c71c4b195fed4e6ea952f5581695e98cd3d2ecd3f6bf1bec0f583

SHA512
6217db3a110fe2c993e0119ea372bf022b4f8335a9a3245b731b52ef0a4c571be60af267877579d73137216e5b8905dc9344ff85681bbf4f364f0a402c0a630b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_lt.dll

Filesize
52KB

MD5
4c6c7eeb6395e9602b4176df5aef58d7

SHA1
4ab26e9643feababb7b5902339b87155050f685a

SHA256
7136dba9ed72ffed1ffca0a22afbae03cfe91be94c96a3f4d1a955f37d46fb25

SHA512
e9e835d16c77289e3c2fc095b318ce1e74b54958bb93981200195590841d558c79058448f116b7023a4824d1fc050bec11749e024fb29c593c94e61e6a1a06b8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_lv.dll

Filesize
53KB

MD5
69c35c538c7ccf6b6fe6dbb82659f069

SHA1
f5bc8106c0f90d707c9983fc4e51bf34fba63731

SHA256
1d895e984cdde52b75693d0b3de6938c00903f0297cbeaa3ed18c54c36486bb0

SHA512
1bf0c42cba0d9fe4b59933bd9361aa6af0aafbd795037fe08ccbaa070781c10a8089e799cbba7faa719859d6243fe8892b0fdc0473e3c1005f1cfe5b02155796

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ml.dll

Filesize
55KB

MD5
e110e6eb5aca39aad7907fd2e3bd9192

SHA1
2b218f921ad82b7c4b3fb54ba9a9c45e19c160ef

SHA256
e2123e680bf1e8307034c46479d3eb52d87b3df88c426b0f821aefabf42fcbc1

SHA512
988de6e55e69823b0a933d08e01edf00735da2a89a0e697aa6eccb9d5d1d72ea8ac5b488429b4c6118a81e159e963bcba714abdb0ce689724a705d928de1d9cb

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_mr.dll

Filesize
53KB

MD5
246e09135f7ef21c247b122b3dd3466c

SHA1
66d4fe4fd71e825a4c9f8bce4cafcc26cc19ebfa

SHA256
a03a746136a6465874968a14e55bfb5667d3c0046dbeb9c74955db0887544e39

SHA512
69f14e652df6eae63f894e59937cfc8a512779bd4ac92200f69902969640aa2b4f415202007f6f171d203594cc329c8daf0f2c81899eb2e87433b9572c75a2b4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ms.dll

Filesize
52KB

MD5
edcedd3c0afa1d6e14b9dba7acf0cf30

SHA1
0bae8d11857e198250cb05f855583097903e553a

SHA256
474a2972d6579c8c4a5dd54614614a0935a15a00aa9ba9665f9409c2ec1c935b

SHA512
acc6f552cd53cce1eb19590d6d53854c70f29ce6af3e96c961fe67b8bcff482cc50b07e3374e1ace8b367a126f8de5b4c3e4e8e380577fe029d9ffd6afa437e3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_nl.dll

Filesize
53KB

MD5
e7231f649598f07a6ad4251fca85601f

SHA1
8a40f02cc39e1e17d2116c78ebb8c56617863f04

SHA256
2af5a0f38f6f4196cb48340e43b6235e59d87697ab583ab2bcba0cf3f4073622

SHA512
67eaef815d2749eb4a04300229e287a7cb61c9ac0e37fb8c6ba0bc5344b4ca915819e096ec1f48f8ad585b8dc4332497dcb9ccccbe912e43f51d567a51151fb0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_no.dll

Filesize
52KB

MD5
aad5502200ce7b8588a508a64e399d49

SHA1
2a4c4129368d1f31db495b5424a0b0cc06d8c515

SHA256
2caa730ae53e0421af80e6a0d4046082afdb6005e0e6212628beae094ec22b28

SHA512
abc7acd0031e723f918dc79b8e9130da999a07f5f708d29a8c8fc55488d74fe13b6d96f524058c950bf3215c431a6ce7f64f40cfe45a1d930c9dcf0ce1d0c43d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_pl.dll

Filesize
53KB

MD5
5b3aa9e2bdc3efcdbb88c3db7ccb2855

SHA1
bbc84669373c44e51c4323bca41981f5fcc4264d

SHA256
46c0e18fc08d12b82ecf156c6cff7fe630cb1df7165cf708174a4c5e05ea4bec

SHA512
b3e2908deaffb6abdb7980037d1f34a7aa54cd29172dd9ec2465d96d99c2e78c39413ab2dc25850fa233f7cb7b66411dd5d7eb4e45bcefd08723bc07377033eb

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_pt-BR.dll

Filesize
52KB

MD5
46b26686a673ce82595c569099d069a8

SHA1
0eac7d54fa4f19409008fc8c7e34bc03a37e7e5f

SHA256
c35e5001513d544201ceaf27980d54121ac654fabb550b691a48c6c71de79e6b

SHA512
9b56cd229b119b7253dbfae1470e9a04e4890cc2940a97a5eac4ae0197494261a658c18eec417f8109e296eab3ed6289d9ccbd4f4bffa383d22323bef6f852b6

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_pt-PT.dll

Filesize
53KB

MD5
f1b0f3f50847da2eb58190008162610d

SHA1
c2f659e4c59a44f1eec8c4e77de44609db690a1c

SHA256
7f803f3b56e025a7fd00572f4a4e946c92e8943b7c7bee249226da6f2c8158ab

SHA512
d3a3a6f88d2823acea48f37d8b4191efd4b1fc5dce6f2012f35231e69586fbf0387b5e6e438bb51b8dd9655f030c1d71ca47e5bb690e94791fb5303bcd6f8685

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ro.dll

Filesize
53KB

MD5
2e490c811bd769e8a0bc8bc56570c09b

SHA1
c78c3b35cf2c389e22fcb99e15860383f79582bb

SHA256
f24f53d14151e0ac6831c202c120754ce06546a8c6d07b7217213a60c82477af

SHA512
ea469e675ad20fce1ca4d2b5b1d8aa90cea0820cd45b71c91c088d01f8a4f67d0c59e9b78a518cc1a06bfb865c251aadc2137dcd68cc7f932805898c2d15eeef

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ru.dll

Filesize
52KB

MD5
a189242d34c581d5274940098c99c665

SHA1
7aec5fe4932ddecb6ea321958f916c66f2247c76

SHA256
d6246a271f03fb604e542f8eda249d4c76aa6702a70cdba3f37fb7c9db8ac8e6

SHA512
3592c1213f9c5ea33c4b90440d4cd36f22dddab5c04bb01cd71e406e54a76ae65ea1106729030b922d493bd2f9e98054ff40e337e102ff199040e6b10bcc9711

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_sk.dll

Filesize
52KB

MD5
602aa23939506fd30a37b3cbbfabce56

SHA1
4473343be19ea775cdec857e89a447dd10aaefa4

SHA256
51893f3c045d7f6bb5d44b1e819052d7314391cf97bad0646e036aadddce0aab

SHA512
1c06ca23a05d1b3ed4ee1b46b8cf6a2464432141ae6ec5346eb8d6b24a06e9acc86ccd99fecc495dc1122aa6a12d68cb1510e229cfa35484bafef64c81aba28d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_sl.dll

Filesize
53KB

MD5
eea667678530fa7f69b725bdbac262ee

SHA1
7660d9cd7cff857b09dc15282b6eaa1f2c50e5d5

SHA256
016a684bd5da477d3374c9e32ad70bff6d41dee00169b1cfe276dae2461d4080

SHA512
69c568b0045608432bb0aba21a55db11def2020e619ac42e72905e36b684cc86798cb562bbc115d501c2ecc8169151f7e03e125a3a97cf34199ecef29787d0aa

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_sr.dll

Filesize
52KB

MD5
480a6594f2736b69d41afedb998ddc03

SHA1
009b1c18c37467077e16bba504ce53094a5221b1

SHA256
6beeaf6d174ae5ca5cdaa593df7b1f5d622f02de7c443e4263abef6f4e3f127f

SHA512
1c00468d3ce1030eb3d222cde37ea6674a1e3e0ee2b391928c6bd51aaf98957f05be3256618fa6eba18c18330f8be6d1a0231faab033bcbddcc0c55b43c1b3fc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_sv.dll

Filesize
52KB

MD5
35c0c3f3bbc7edac9dce520603baa703

SHA1
a65c9a0761a09d496c5519b69e92efdbc05c64c5

SHA256
96ecce49349764d676dc8dbfd0da87d058849dce999607120618709143486273

SHA512
d1c5caf2b34eade3bfcff693273b99439fa0673a6131d25e20700265827a17f3a337f1fbe50efa4014a95a19ca312c6fd8be52c3f63aeacdef57035d2e12baab

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_sw.dll

Filesize
54KB

MD5
ad12dc26fb5190c765e6e569a6842a80

SHA1
c32f3b26da63e3810916fa87cf566ca6cc1d0ef0

SHA256
aff4b2df57d09e7458c14251136cea753f6daa6e651080762067f09ab33cccf3

SHA512
26cc67fb204c7ae118230234319a77940b2e40836b79e0f783a7576aecf4ce9072ca55b15ef6b049df7ed64e03647fe685e2166b2a62493bebfeaa528a51a887

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ta.dll

Filesize
54KB

MD5
9d0b288a53c2999b70ea7face9e447c8

SHA1
2b4aa47f7b3e555d21adbcd184b48f28f7a35a2f

SHA256
79bdf8eeaedba0009f4b327c2bc32d5ca1452f40e8156bc0d9fd440bbd8eb75b

SHA512
d21fc606f2c9b2294de5323641b8e12959597023e7ba124bb57adc40743d9b2f4333a5330ac0c248089373d1175d4f1d8ecf68977bd7f4e66e8c6b0ed139cc51

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_te.dll

Filesize
54KB

MD5
fb9f6b05f19ba7836c5eec3c0dad7d19

SHA1
23aacaaaad4b038276ad11895d16a37011c5201f

SHA256
3aff60f23ed204adbd9f87d80fa816807e933884bc8032287fca750939823681

SHA512
e054b44599eb23df857b2f581bcef21be4b4583284b97d4c813dd473cab74823ef834c680040ff7d68b2b9f9dbf65470d1316d52c124525a2ea98408608a10ea

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_th.dll

Filesize
51KB

MD5
0f5f9a4faecf4ee5aff1ad434a29023e

SHA1
f72292009d2a851fa8d3121d591d8614c6189809

SHA256
4668b98bc6a3392b2f85b1b6b4e4d0bc7358ab99617d96854fb5e07872ef9a7d

SHA512
7dbd79564632da44a17df9a5ef103198bc482dc8e62ddd9306ba9cb1338be674689cfb997726a44f2b3028489e5c9c963ff7cad7b32b15c0330fed6cc3f30415

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_tr.dll

Filesize
52KB

MD5
46624b14b7c82d0479355d1632841754

SHA1
7f32cafc018883e1e46ecb89ba8b9d20769e0c63

SHA256
68fe3ee680d0352ca43eb75fe8949ba5fb19aa542954900bb5ef75a31b405630

SHA512
9275918bc7afc477ec8573afcec9521fa188c094d5bdc9a1944dcb14cf5394106d4b38f25b514c27b3c0997addbe1615721222b7e5ce26852cda17d00e934db3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_uk.dll

Filesize
52KB

MD5
d807f29adb258232f1d5ca8a47920b8a

SHA1
61a74fcd9b8984308f6e0c42471c1cf0387418ad

SHA256
d2862dacd79f211cc36f9202113d026b4231ff7d2c62d9b4332c0b32f191f93e

SHA512
422532a337fee8bd15f7578237b48e8ebd1e8854784e954c5bd91727af99fba1a1439c648ce2c2f5232bde7b842967e8539b43b938d593aabccf8f480943106b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_ur.dll

Filesize
52KB

MD5
1227a5e0672e41feeeeb285d390e0942

SHA1
15e14a0ddea00f1daba5c288b8386b5307d158d0

SHA256
34e103a7fb8390d3d127f7670c5404a849609407a30c04a1811a88d2363c80be

SHA512
0794beb96258ffa559a0fbd49dc465687c8840165285dba56ecbcee91c458b3a25f66acfcea16984759c89fa84e3b011f7f57e766ada885dc6756e44de623902

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_vi.dll

Filesize
52KB

MD5
a84b9c0d77219e241bbc6e7606a95422

SHA1
f92df9fc4e8214c120cc54dac1e0333de876f02b

SHA256
fc50166bc3e70831ba9af7ad03c1a78c98cfd98174fe978e43e0cbfe131c2feb

SHA512
4082688baadc78bead63aec70f273bd0b6e0920d7c0e3eef6402b3560395c46a6f8d0b0bcc1a2453c804b67833d478da7bc1a176fc89aa8f3a9628e7443eac45

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMA7ED.tmp\goopdateres_zh-CN.dll

Filesize
46KB

MD5
1b9b68809a43f5840de68dad4c704e68

SHA1
7914d760080c41dae1553d3ebf984814fef212b2

SHA256
06e156153116bf21a70557fde83461b443181639a1fe7e9841a1223e670fce78

SHA512
2595c4ba3e5466c12728bdc591677e1c783d7deb8fd507a0f2cc7652fbdc201a8500bcb861e9865efee63ba1696324146a70714ab4d6bcaef90f9d9317991158

Download Submit
memory/112-203-0x0000000000000000-mapping.dmp

Download
memory/220-247-0x0000000000000000-mapping.dmp

Download
memory/672-219-0x0000000000000000-mapping.dmp

Download
memory/856-252-0x0000000000000000-mapping.dmp

Download
memory/948-214-0x0000000000000000-mapping.dmp

Download
memory/1160-207-0x0000000000000000-mapping.dmp

Download
memory/1280-200-0x0000000000000000-mapping.dmp

Download
memory/1300-217-0x0000000000000000-mapping.dmp

Download
memory/1340-211-0x0000000000000000-mapping.dmp

Download
memory/1424-225-0x0000000000000000-mapping.dmp

Download
memory/1444-257-0x0000000000000000-mapping.dmp

Download
memory/1616-244-0x0000000000000000-mapping.dmp

Download
memory/1652-198-0x0000000000000000-mapping.dmp

Download
memory/1796-242-0x0000000000000000-mapping.dmp

Download
memory/1880-204-0x0000000000000000-mapping.dmp

Download
memory/2128-205-0x0000000000000000-mapping.dmp

Download
memory/2128-261-0x0000000000000000-mapping.dmp

Download
memory/2204-270-0x0000000000000000-mapping.dmp

Download
memory/2256-276-0x0000000000000000-mapping.dmp

Download
memory/2536-248-0x0000000000000000-mapping.dmp

Download
memory/2604-236-0x0000000000000000-mapping.dmp

Download
memory/2812-201-0x0000000000000000-mapping.dmp

Download
memory/2916-202-0x0000000000000000-mapping.dmp

Download
memory/3048-230-0x0000000000000000-mapping.dmp

Download
memory/3080-267-0x0000000000000000-mapping.dmp

Download
memory/3156-215-0x0000000000000000-mapping.dmp

Download
memory/3240-209-0x0000000000000000-mapping.dmp

Download
memory/3440-223-0x0000000000000000-mapping.dmp

Download
memory/3560-206-0x0000000000000000-mapping.dmp

Download
memory/3592-212-0x0000000000000000-mapping.dmp

Download
memory/3652-255-0x0000000000000000-mapping.dmp

Download
memory/3688-208-0x0000000000000000-mapping.dmp

Download
memory/3880-240-0x0000000000000000-mapping.dmp

Download
memory/3916-197-0x0000000000000000-mapping.dmp

Download
memory/3928-221-0x0000000000000000-mapping.dmp

Download
memory/4032-263-0x0000000000000000-mapping.dmp

Download
memory/4064-274-0x0000000000000000-mapping.dmp

Download
memory/4068-210-0x0000000000000000-mapping.dmp

Download
memory/4228-132-0x0000000000000000-mapping.dmp

Download
memory/4236-246-0x0000000000000000-mapping.dmp

Download
memory/4368-278-0x0000000000000000-mapping.dmp

Download
memory/4384-199-0x0000000000000000-mapping.dmp

Download
memory/4424-234-0x0000000000000000-mapping.dmp

Download
memory/4452-232-0x0000000000000000-mapping.dmp

Download
memory/4580-238-0x0000000000000000-mapping.dmp

Download
memory/4660-280-0x0000000000000000-mapping.dmp

Download
memory/4800-272-0x0000000000000000-mapping.dmp

Download
memory/4892-254-0x0000000000000000-mapping.dmp

Download
memory/4904-249-0x0000000000000000-mapping.dmp

Download
memory/4972-259-0x0000000000000000-mapping.dmp

Download
memory/5012-250-0x0000000000000000-mapping.dmp

Download
memory/5100-265-0x0000000000000000-mapping.dmp

Download