b59747e8993051b5e75e78624b2e5f6301bd7f165e9effe29b5f2e9ae32484a2

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetupBRV010ex.exe
Size

1.4MB
MD5

c56e6f35886bb2213574aa7c17f7bb1d
SHA1

42b9ae234edaf46624fdb3f64e5671aa83f8dd74
SHA256

b59747e8993051b5e75e78624b2e5f6301bd7f165e9effe29b5f2e9ae32484a2
SHA512

228b3b4a080d99430ad3f0954b860cd35a4f2cef8c3e1125497816616441f16fdc939240d9be0428d018c57081542597f595d599184fc0afb84902f9c70dfe9f
SSDEEP

24576:xahOsbiSmsq44+DNFwgT21GmgCBWf7YzAbg6doHaLEkqJU/64Ke1na/aasWnuu96:whOQQp+RFnTlmgCBM7YcbE5xJ2TtUaa4

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\pl.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\pl\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ta.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_hi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\nl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\ja\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdateCore.exe	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_en-GB.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_iw.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\sl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\es\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\he\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\VisualElements\Logo.png	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_is.dll	BraveBrowserSetupBRV010ex.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\SETUP.EX_	brave_installer-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\lv.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\th.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\uk\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateCore.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\brave_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_es-419.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_hr.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\nl\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_bn.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\lv\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\vk_swiftshader.dll	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_it.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_sw.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\cs.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\zh_CN\messages.json	setup.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_bg.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_fil.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\3970f31a-d78d-4e9c-8319-53a0914b2149.tmp	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_hr.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\ru.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\da\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\bn.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\it.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\am\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\ru\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ur.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_ur.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\sw.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\te.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\vi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_ar.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_fa.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\psmachine_64.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\chrome_elf.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\ca.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ml.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_pl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateBroker.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\ms\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdateOnDemand.exe	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_cs.dll	BraveBrowserSetupBRV010ex.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_vi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2664_2052257445\Chrome-bin\109.1.47.186\Locales\ar.pak	setup.exe

Executes dropped EXE 15 IoCs

pid	Process
2992	BraveUpdate.exe
2556	BraveUpdate.exe
2264	BraveUpdate.exe
880	BraveUpdateComRegisterShell64.exe
860	BraveUpdateComRegisterShell64.exe
1032	BraveUpdateComRegisterShell64.exe
1904	BraveUpdate.exe
1908	BraveUpdate.exe
1364	BraveUpdate.exe
2560	brave_installer-x64.exe
2664	setup.exe
2408	setup.exe
2028	setup.exe
1924	setup.exe
1412	Process not Found

Loads dropped DLL 51 IoCs

pid	Process
3032	BraveBrowserSetupBRV010ex.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe
2556	BraveUpdate.exe
2556	BraveUpdate.exe
2556	BraveUpdate.exe
2992	BraveUpdate.exe
2264	BraveUpdate.exe
2264	BraveUpdate.exe
2264	BraveUpdate.exe
880	BraveUpdateComRegisterShell64.exe
2264	BraveUpdate.exe
2264	BraveUpdate.exe
860	BraveUpdateComRegisterShell64.exe
2264	BraveUpdate.exe
2264	BraveUpdate.exe
1032	BraveUpdateComRegisterShell64.exe
2264	BraveUpdate.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe
1904	BraveUpdate.exe
2992	BraveUpdate.exe
1908	BraveUpdate.exe
1908	BraveUpdate.exe
1908	BraveUpdate.exe
1364	BraveUpdate.exe
1364	BraveUpdate.exe
1364	BraveUpdate.exe
1364	BraveUpdate.exe
1908	BraveUpdate.exe
1364	BraveUpdate.exe
2560	brave_installer-x64.exe
2664	setup.exe
2664	setup.exe
2028	setup.exe
2028	setup.exe
2028	setup.exe
1412	Process not Found
1412	Process not Found
2028	setup.exe
1412	Process not Found
1412	Process not Found
2664	setup.exe
1412	Process not Found
1412	Process not Found
2664	setup.exe
1412	Process not Found
1412	Process not Found

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2076D86-4532-466A-BC66-F827D99D209E}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods\ = "17"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\goopdate.dll,-1004"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\VersionIndependentProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\CurVer\ = "BraveSoftwareUpdate.CoCreateAsync.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\BraveFile	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{13B35483-DF37-4603-97F8-9504E48B49BF}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\ = "IPolicyStatus3"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods\ = "41"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ = "IGoogleUpdate3Web"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\VersionIndependentProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\NumMethods\ = "6"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\BraveFile\Application	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods\ = "4"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE983A75-288B-444D-81D6-86675658DC9C}\InprocHandler32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0\CLSID\ = "{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ProgID\ = "BraveSoftwareUpdate.ProcessLauncher.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\ = "Brave HTML Document"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{F2076D86-4532-466A-BC66-F827D99D209E}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods\ = "9"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass\CLSID\ = "{3AD2D487-D166-4160-8E36-1AE505233A55}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\CLSID\ = "{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\goopdate.dll,-1004"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine.1.0	BraveUpdate.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba8719000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BraveUpdate.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2992	BraveUpdate.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe
2992	BraveUpdate.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2992	BraveUpdate.exe
Token: SeDebugPrivilege	2992	BraveUpdate.exe
Token: SeDebugPrivilege	2992	BraveUpdate.exe
Token: SeDebugPrivilege	2992	BraveUpdate.exe
Token: 33	2560	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	2560	brave_installer-x64.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 3032 wrote to memory of 2992	3032	BraveBrowserSetupBRV010ex.exe	28
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2556	2992	BraveUpdate.exe	29
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2992 wrote to memory of 2264	2992	BraveUpdate.exe	30
PID 2264 wrote to memory of 880	2264	BraveUpdate.exe	31
PID 2264 wrote to memory of 880	2264	BraveUpdate.exe	31
PID 2264 wrote to memory of 880	2264	BraveUpdate.exe	31
PID 2264 wrote to memory of 880	2264	BraveUpdate.exe	31
PID 2264 wrote to memory of 860	2264	BraveUpdate.exe	32
PID 2264 wrote to memory of 860	2264	BraveUpdate.exe	32
PID 2264 wrote to memory of 860	2264	BraveUpdate.exe	32
PID 2264 wrote to memory of 860	2264	BraveUpdate.exe	32
PID 2264 wrote to memory of 1032	2264	BraveUpdate.exe	33
PID 2264 wrote to memory of 1032	2264	BraveUpdate.exe	33
PID 2264 wrote to memory of 1032	2264	BraveUpdate.exe	33
PID 2264 wrote to memory of 1032	2264	BraveUpdate.exe	33
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1904	2992	BraveUpdate.exe	34
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 2992 wrote to memory of 1908	2992	BraveUpdate.exe	35
PID 1364 wrote to memory of 2560	1364	BraveUpdate.exe	37
PID 1364 wrote to memory of 2560	1364	BraveUpdate.exe	37
PID 1364 wrote to memory of 2560	1364	BraveUpdate.exe	37
PID 1364 wrote to memory of 2560	1364	BraveUpdate.exe	37
PID 2560 wrote to memory of 2664	2560	brave_installer-x64.exe	38
PID 2560 wrote to memory of 2664	2560	brave_installer-x64.exe	38
PID 2560 wrote to memory of 2664	2560	brave_installer-x64.exe	38
PID 2664 wrote to memory of 2408	2664	setup.exe	39
PID 2664 wrote to memory of 2408	2664	setup.exe	39
PID 2664 wrote to memory of 2408	2664	setup.exe	39
PID 2664 wrote to memory of 2028	2664	setup.exe	40
PID 2664 wrote to memory of 2028	2664	setup.exe	40
PID 2664 wrote to memory of 2028	2664	setup.exe	40
PID 2028 wrote to memory of 1924	2028	setup.exe	41
PID 2028 wrote to memory of 1924	2028	setup.exe	41
PID 2028 wrote to memory of 1924	2028	setup.exe	41

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetupBRV010ex.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetupBRV010ex.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"
  2⤵
  - Sets file execution options in registry
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:2556
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:880
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:860
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1032
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM3IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntCRENGMTY2RC03MzE4LTQ3NTMtOTM1Ri1CMTk0NUZBOUQxREF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MkM4RTc0NUYtMUExMC00MzEwLUI3NDgtMTZBRjk0OTZFN0FFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjEzNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyODIzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:1904
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{BDCF166D-7318-4753-935F-B1945FA9D1DA}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1908

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\brave_installer-x64.exe" --do-not-launch-chrome
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome
    3⤵
    - Modifies Installed Components in the registry
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x144,0x148,0x14c,0x118,0x150,0x13f909710,0x13f909720,0x13f909730
      4⤵
      Executes dropped EXE
      PID:2408
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{81850C48-732D-41D1-89A2-70CBC24D89BE}\CR_699D1.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13f909710,0x13f909720,0x13f909730
        5⤵
        Executes dropped EXE
        
        PID:1924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveCrashHandler.exe

Filesize
294KB

MD5
7fe6b3037e50819f4196a89e88e46ae2

SHA1
3f38dbd990c3713d482ae87112f42753ff5bd52b

SHA256
5768f909ca16ae78ea954ded43155d6b854ad06ff5d6ffc4d2abb6de365cd9bb

SHA512
dfb4495fff1b6367b351fdaafb3e9062d86d514625e26539414b297f2cf3e862ed14dad63aeeae90239554007d548ee0c8d0b869a42aa2d8af8b0604c488f4d7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveCrashHandler64.exe

Filesize
386KB

MD5
dd1620e0c75472d40e3c1fc66eca8fa6

SHA1
524ae494f9808488de746df4311c97aa448bea06

SHA256
a437dbeb43ecc0d348ed20f1aa42a8b47d8f63d9b5d2611da6ee393829efa22a

SHA512
6acd97428080e53bf3e01aac5d496ec6529c418b66d95dd7b286cc2ad0651c31b39182f9c596d3f233ed47030fec3810dd3fe543e917897ec27ccceb5611a31d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveCrashHandlerArm64.exe

Filesize
360KB

MD5
254d412e111161e85e111046e7dfc1fb

SHA1
abe577dd9da2e6bd30d10a395fda0ea4ef51fd2b

SHA256
8997a85d2e6f70c652b067a1fae06b41f089dff05540acdec5f8fd82f6da57e6

SHA512
d14920a5e8be5760db25dbe4949eb0f7f580b6368f5b3375413f880297a915f21f67de4d206be4efe4639ce49d7036dde675282dc855bc6ada5f620d323d5cc9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdate.exe

Filesize
171KB

MD5
c0eb9211961465ad0febe079b1d196fd

SHA1
e3cc188002d30555850917f4327673597536f66a

SHA256
7416cfadfd5845abce8988ec7d107487c6c22346c4a6cc5b3bd03d50cc03b083

SHA512
7d89166edec3749e66991f437cb2c506e42a97280924097834e7c70e1d23f96795caf8283aea2195f60b8777c545b32edf5a3a46301324ae315619ec1dce7865

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdate.exe

Filesize
171KB

MD5
c0eb9211961465ad0febe079b1d196fd

SHA1
e3cc188002d30555850917f4327673597536f66a

SHA256
7416cfadfd5845abce8988ec7d107487c6c22346c4a6cc5b3bd03d50cc03b083

SHA512
7d89166edec3749e66991f437cb2c506e42a97280924097834e7c70e1d23f96795caf8283aea2195f60b8777c545b32edf5a3a46301324ae315619ec1dce7865

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdateComRegisterShell64.exe

Filesize
188KB

MD5
74f0f4963e3a5bc5e42e8f91e2e04edf

SHA1
447bafed388c11e1e2f98ccb32948ae2691caa6a

SHA256
75b7234a25e2fcd344bc47431c4d2a31e4fc7f038f22a5173f431b1278e96a6e

SHA512
62c0d698c4b0f0d6b15011f04038e6db7fae6cd8a30c1db5440074aae5ef6ed5f2a24b2cb32e48796fa1a4ec8b098aeddc302c0079e1be75c2023b5c25248621

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
148KB

MD5
67b9afa7d2224092556570750b8a9d33

SHA1
9597a3ee6fda5095dca4f1d0dccf517fca6292b0

SHA256
cd19613bc81472612531aaed9c313d007d387ad4cc176cf64dea06510fbf34f0

SHA512
2a07d88b74699419fbd1655fdb80680052d18addb2f8245bfd82dd4a7879e767d86ef97a8fa8a91a774d83b1ed29efc74dd2d25f21892aa75103240f333142d7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdateCore.exe

Filesize
217KB

MD5
a62c0208de1961891def5b66cfcffdaf

SHA1
db96cd6c69e2148a46fc1f1833e79ffda2c5f967

SHA256
afffaf26e02ef95d7731549074d1620670a8a5275e2764c3fc11004f26ef8153

SHA512
3b4bb71fdded037d1403d76e01b7e00edcfa1275ed7c945103d1f8f44dca9ffa716f0e89250f22c992daa206b71e89e41d11c255802616520e29d68883bb1643

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdate.dll

Filesize
1.1MB

MD5
961a217f3ebe5c90c733d7baac3e15fa

SHA1
a674e9b116452e9c079096d251be281b1c98130d

SHA256
1a088311486ae62ce934e87ae55a8d3fdaf579d495f84b9217ab6f5e57e706e9

SHA512
9bd0fc3b639d1ffd025979ac0ecc8f3c140768826db6cd7d157c0534b84cee9a359066db928d0c8e029018ea9657d259d0c1e135b91ef15d1fef2ea19b456dc7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_am.dll

Filesize
52KB

MD5
d42bd3f0c95df1cba9d36b994d3caed5

SHA1
453a06dd525dfbc63d139dd50d0d5f6d0911a114

SHA256
9f7ec11b46ecf89865ff7e4e2ea12680897e7077167898f49c0015a96c0139f6

SHA512
ea966aa01021be315decd7b1c178f1972e8d1e4e9d976b7f084e9dca6f97061e52ac69220cfac524fab049fef0000ba38341f59b8f76bc546d9a35e489d80dea

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ar.dll

Filesize
51KB

MD5
538b1fdb27bf2b4cc07b6db5fc4bf956

SHA1
0db9b634ac8f189c4cd4cf7b7680b0b12bb325b2

SHA256
6df0a6d4e4e18cf77fa9586bbc7b7840c0a759789f92f3be2e0883b747f52376

SHA512
a89b8a35d5bbe22173d0f35d5a0eae7516686769a91b6ac65e05368d1c5353fae343b12d4baed2eba83d0bdbd7a5adccec7812554c8eecf8a90cac2474c13f5a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_bg.dll

Filesize
54KB

MD5
2ba7c0dc1432782c0aa7e43a95b6b54a

SHA1
84e7808a285502a3db120a462e23c25d904fc53c

SHA256
676e3c712f3334991d19545e78f1fe8a3b220ae730b8976edb8cb0384528a564

SHA512
0df304a376e5760ca6912c5b61a247074a0a2ef490a980652f533cc1f4c4fe0a037427cea8aaefe0c99e1699a3b846fed729698b0d1b8d566229b05da4822d37

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_bn.dll

Filesize
54KB

MD5
ee18143c8350486f0271248c5443e551

SHA1
c92df6aba19b5ed367df81ff265a94d50c2fe9c6

SHA256
4e78c4c4bf218e865765ad834d365fd0f42f51a0772049123062cbda2ae7ef63

SHA512
6f20bcb6dcde3b2fa35ca12d7282820aba95de94d68618fec2b36112bf01dee65d7314a3010541b2b99c93a1d3411bb01bb26a7994386f2f7c8430df2a009bac

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ca.dll

Filesize
54KB

MD5
797d5c5b86af98e665975946236a4b4f

SHA1
1700856695572e0896fffa99d661b9f71a6770f3

SHA256
fd9835d90cc6885d0be1eddea000a5b6f489e35b271b0b64323152bed4b8cf6b

SHA512
fbca33510b6cfefb3db61ac74bf05d65c16eb3b0080d0bdebbd1daa8333563c7fd6a65db2536dce2beca503df9ff4b8fc6c076d12ebc86608a8da1d89a1576ca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_cs.dll

Filesize
53KB

MD5
41680baaaacb2d091db60c4ea051512b

SHA1
14680fb071219f19e2bc63355e674bc9abcdb8f2

SHA256
01a497fbf2f1e3209f666fa948cb5928afbe343880fde7da103d5271772e7c40

SHA512
82ae584ad1cda960bcc94d7ba1dc9cf9ae3bf4177361ac4831c8d91f959d886cb9f13dd4638e17ccf447567e40240a1273e443df574d82437766c4ed6ee5653a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_da.dll

Filesize
53KB

MD5
f93902a06e7a31390b1844f28d821c47

SHA1
92691ab4ef0cce1de6f8b2a0bb05ad2e966dd0a9

SHA256
9cf31bc80ca2957a776c7c69096b20015a2773a7a86c139ff5e4e8dd246c80f5

SHA512
03ab9d577762502057d3d4d3317290169d9837cc902d0ced0d74811d70aa5f133f7c9459af081051ef30eed55d598124a258cc72193b7e3b26b0f7c371541652

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_de.dll

Filesize
55KB

MD5
f0c3b01526a8a259ede618cc6cfaf3b8

SHA1
050d4ea899b15fa51bcebb26f1efa0d8c0d7eb32

SHA256
9e2d8ac213354b7d88357eab42ff9101e3d537989ed6ffbb7fa3cf1999451e4d

SHA512
2ff79dd96faa88e75adf1f0dbcdb86f76b5d5f7b24813dce31fd9abadaa9a09794a346a451195222d5f40cbaa8eda19dbbe6bc2ebfa2db4e56cb660974988635

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_el.dll

Filesize
54KB

MD5
520e89a65f3c376c2d6797870a9382a7

SHA1
19250bfdeb07b3f8197dafc9fbc58a585cb4ffa7

SHA256
de808f26e4de59649c905d3d89a8d18ab7181115fb467e9294133b0aacb0d9c1

SHA512
2773c7a6b60fc1908826855a57ee328432932beffb5e3937106d8913b8f3c7d19b06d0e7c24daf29970486110f011ebc723e3925f6075ddf5072c2245b0d9b41

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_en-GB.dll

Filesize
52KB

MD5
be26b3d30c3733076787f65cf5abf851

SHA1
3df8998504f7dfa5f635ecf76bf4923bb827a3ea

SHA256
d4fab227c676213c0d7358982df8edbac762a0addea153b1bf9e788f55c818c1

SHA512
a9c986943eec23c910a4fb1b5ce763b5c99bd44c0ca5cc3fc0e8f11c1c0037253457f9568fd8f8a066c8bd578c6369dbec09853f2fb03169a4dc3f625d76053a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_en.dll

Filesize
52KB

MD5
9f2ce4186ca35f8c798ebfcdba8307ab

SHA1
1da0afa43f5f54c2f170c9b4d654af30ae6affb7

SHA256
7b8c5b23061d126e6c41c22a73c4a8ed2446afdd5107cdafe86b038a8eadd3ac

SHA512
7af7b8b9698c410fbdb8c37992c93d48ec73e0c2ad367991defbd9a74f5bbfca2511df47406c7b13a29801fa489d9bc0b0f5ffb8147445d9126bc8ea95242422

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_es-419.dll

Filesize
53KB

MD5
7df0699c2b100a2bbf2556e367324e44

SHA1
63dea306b6999807c143163e5b54305c1af857e2

SHA256
0ea53ba2bd7907682609e759352ba717ed15601806f17e924aaf36bbc686752e

SHA512
233fa7d8b9a83bd50a429813a81cc1461ee8cf615d0ef71af8b8e799beb7619eba4eeeb94e10d2031c3fc6cd36cef68354467b738c54e62b22a5f0f5804a085f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_es.dll

Filesize
55KB

MD5
c2788d0885622d6cbc90d4b6b682cfa6

SHA1
9cbb2b3c43c79dbfec3d49f7aece6ca36ce13e78

SHA256
e97e3679deb3d573d36f236ad4d34b63b3671cd91f1905546bd4f064611a87e8

SHA512
0361880fc9e04f50ec85c1006a4343fae21cccface01ea6e712e16f9eeb0d37f9b41a273908151bc47ff5b40752e46404cb6034abfd522a1694a2f6b50ac9d79

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_et.dll

Filesize
52KB

MD5
5e2edf6a886affa985822f278f385bab

SHA1
50d6f24128c99b729d7207f245b48328f104b868

SHA256
86316a03685e65c3f0199ff9e17d3bb91430c6ff9cc40203b06390432cba5bf6

SHA512
32808fc2f34aead923528c68b9e76c3cfb7006c05c3467d757e1c8103fe4862df012b0792c8c8fb0b30b291914cbc924bfa0f624272665bcc2c768977839e1e4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_fa.dll

Filesize
52KB

MD5
8cdc2ea57da3e499c129cb304c32e574

SHA1
8a7077dcd45b3d73709adac9bb5ab546c97f7308

SHA256
c6a912b57eb51dafac98d78743a90c95a53dcd096ff470f0d7b62c0adbc100c0

SHA512
41548d0b42c69a853cde93e79b8d4d19552a1311713547e7c90378fd26a0aed46a24d95b56af107e11abe89ea7d9078c3cc60ce6ce95a30f31b6e71bb421c4cf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_fi.dll

Filesize
53KB

MD5
d8e045163c5905eabaf3f8ca13d8245d

SHA1
93880b24b63c296d81b591e5374072f0c9933f3d

SHA256
a724a2e2e3adc47137bfb110db4021208643cd0e5940069fe562ffedb5a9783f

SHA512
a4a2076abd082e6b068b59487ef068fd081950f4d37d7079c81a355a24bc740dbae0f9419f70541c28faeca9321d71d5ad6123ae9b33ea6c754cbe1b597ec955

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_fil.dll

Filesize
54KB

MD5
b567a17bcd7a2bc37acbf44926d4a71c

SHA1
a2b25476c4b69005fce52d752c9132f8c39dc479

SHA256
98ce71519a9fd2611b4eaae236014b7f92bc29b07fa146cd9f0e0ef649806905

SHA512
5e8ef47ee156ed07c525617c63515668affa71548a82abd4c082a05c0d5d0e610342e9b0e936b642dc7a92ed026b3ac018aba39fbfd7d82e4c66fea02a7751c1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_fr.dll

Filesize
54KB

MD5
a5f47a00bd02047d5b2e13096c91f64d

SHA1
3ba9ebc554cd790c9f983a9814bca7335625e0c0

SHA256
98297d397c599b3e13c60fa458b8d6431d0ba16e5588be9f33875da0c5ee5f9c

SHA512
72cc7956444088edd9db72a7147257bcd46281ed1a9aa86f3189bc2be0c9b297bf869f2e1d6cc9fef2ec5fedaaf9687bd2c9af1a2517ea8780a9d5f1500733d1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_gu.dll

Filesize
54KB

MD5
69f5fca8482ec8e33447cb8c0d654d46

SHA1
c5329c497a0e64aa3a5017483a84401d96d15a0c

SHA256
8dafff65e8acdb1713234b062b706513aca0786a06d7acd685f19eb9bf283c0b

SHA512
75afdb90ddcb6ef7b6c9491aa7b9552455366c4756761f289f0c798239068049d75216c86bb86b524d8ddefea6c1e04aa9a807abaf67a8e79aebfe71721bba2e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_hi.dll

Filesize
53KB

MD5
25dfc8e3f4d939ee97526b66979fa103

SHA1
7574186427726f31705ddfa945de0ae0881b56b9

SHA256
947812562782754fd278d34ef82cbfd468dd0867225c20cfef90064c2458d4a6

SHA512
8d36e506dbce8cf2cc191a7fd38d1ee5c3d85752e3b271e7614f251e5506cdfc513a7019f009850b677f8fc92771fc538800497c57a191841c5dd635be112ec0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_hr.dll

Filesize
53KB

MD5
6c7f7843a0efffacb321d1628bec5e68

SHA1
06853e2e6fe46b8e429bdf4e5cff90807ba2fd0e

SHA256
4ac90e8518e25cac16fc69a29f94ca5118fe89ea7d48ca35b9d144caa94bf30b

SHA512
7af24aa0e120769ebe0be84f8eae210734bf237c307cc4a2b096e94af2e99ab4c21b41258e065e691bb4e8fe05f6d4e5a1146eb63987087fd7a2544771be83c0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_hu.dll

Filesize
53KB

MD5
f43c8ad682e36ccab7b23f2c6b0d044f

SHA1
adae66f8efd9452ef7b7df218fe6bef7a4ec567a

SHA256
f2e68a3bc365e30ea2425bed785261fefbc2dd37d8e0405ff0e28de79ab7c5c3

SHA512
d7168d59361fc59f1cc8058063250a964661b60b9e79275a2f7d53d65d195b95ed8d375fc076100a4aaab481905da4895512958daeab4f2b4d66ca67a05ba02d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_id.dll

Filesize
52KB

MD5
85fdcb970f1e684727d374f83017ee65

SHA1
c3dd00f94b19e49aacf68257f09e29eac64d3e67

SHA256
94bc9f2333d16dd334b9fc3e9cf48fcab81d9f81d8cbf56497323c92d0429653

SHA512
4b7ac196c423b61af84fbe1ee601a53d87b259b5c5ce96f495f7071fd43ae8d39a8067e2ca0642d37ad6ed72539f406a8c21b7d21ee5226648325136cafb50b9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_is.dll

Filesize
52KB

MD5
1f60aba94713c884a6484b502b93e91a

SHA1
3bd66be09529d1aaa127678cfdcfb35f2705ff98

SHA256
a9efd52fe4b23e0e182d6aeeed0a0964a80aedd0be7b7494737bca0122072c14

SHA512
4678ada38ab3e817cfad10810f8f839e48bdef1df97c274ec1a3eb76d50d9080c6c4ddea4e834a5f7e4fba8be79b1172e9da2d41e926c0391eb6c96d750411da

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_it.dll

Filesize
54KB

MD5
769d7f97b6e1ccda7811bcf23398223d

SHA1
7b9b8dc9386eb82aa32bb3ce30639355753c90a0

SHA256
00425f528f695654c21d11c04af9ed742d382ca32cd56d9556520e2125033036

SHA512
e0a398c1312e08ab32f2792d60f861924240351d64b2834511da921ed660e7f4ea4ba505e3ffe13c7d566fe3e03d5d2e80206e3a1fadb3009a18414ba93d8bdc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_iw.dll

Filesize
50KB

MD5
9f7542f0d82109f393330ede86e6add6

SHA1
55d6e55c5bcdc4d5facbc920309cfd35c6dc6362

SHA256
c0378499dea15bbb1ff3375a3449732699070afb081a9ef9f2a6cd308e7ecf6d

SHA512
d36648e7a9957c8abfd510a81ad2900fae560be6a87681a829a2fc08eb29b3c06cef69f0adef9b890abbf41468b7166430126d464f410768743de5a1c0c6b473

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ja.dll

Filesize
49KB

MD5
f3141ab884f0ea2b317e80f80c615871

SHA1
c11f66c4fe87fca84f6cc7edb50bcfdf6ccbb660

SHA256
5521ad44f54dd45544b474b3b873716c05a270ea7770d3333afa5a65a7fdd78c

SHA512
046744dfe1ef71bec78a1c775cf60d2a082de957336b520b8521c84afab382ce0174e13929f569ac10499bc7fc7d6d0a903eeba2cc02af34d100233b37e93451

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_kn.dll

Filesize
54KB

MD5
51bfc6470a2d94e834759eae112d71e8

SHA1
d7948681a7eb2ff75ae4401103554a7a84cb72d6

SHA256
87ae356455c649a8265df6ac2fec1607da6931ad5bc3329c2c4958a86c212cf8

SHA512
fa46e8792835c9660a5bc0aa1f8a4f0aab9a1cae7ec5c23774a5ec39aaf8f3aa49153ca31360b2f70ea828324bf0a60e6c2a4f927f7491ce9da0c3dffcd53204

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ko.dll

Filesize
49KB

MD5
c0ff181b3cf70d03adb35106ca910d4e

SHA1
7f6fc87803986893987fd13e760c1d1e27f205ef

SHA256
a14c796029cefc191707dc3f4dd071ab75a061de2b5c6f76c5dd738e9e598d29

SHA512
61cfb681feb34eef90f4b96a67704d199ec99c32c7637b9b93b0737998ab40654a9ce6a4d2c3b29058f01b19ae55d8f2fdc4c8f8fd2d8e8cfecc5916794dc77a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_lt.dll

Filesize
52KB

MD5
333296c1e5b897faec9f847da73a9ec6

SHA1
da9b59248054635e7bb1eccefa656fb17cfce758

SHA256
f6a8cffaf0dc3494160b5fabc2e6b2dcc336b81d48b2e2c74651cec714a6eab3

SHA512
a7e5afc2c2d61b2db4771c850366d3036c02437bd96956719731d4226bf3a45ca933352fac220dfb4148fcc9dc47f8704b351d213ded2929b3c8649a6fda3c36

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_lv.dll

Filesize
53KB

MD5
6ba8dbf8b12dd70e141dd15739905b3e

SHA1
9e59f8099c80249f3f1f80c6324f28aceb211eb0

SHA256
ab78d897ddec5f97a6a419b1194687c81a29dcaa281d13b8949681ee02fc2b36

SHA512
b1773f25013e485d5bbaba7536d36a4409d1cc6d4bd993353aadb68aa69e20f48bc48eddddad3156cf49672bdfd4979c36d26ba995bd632221474a59d995e015

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ml.dll

Filesize
56KB

MD5
4a8ccb0ea3003fcb45f61e37b1daa7a1

SHA1
d116c83203328f2f05c8be800d46dfe1080412e7

SHA256
e79f9ec138df023ddad9fcfc95257fa8fc53ac0e19e7c3213604931b98a21570

SHA512
aa5da10bdb3a4cf08d93bf41814c167136841a4fd9167b5f8889d042eb619dbdd8c7aa0c2ec487fbd4de5dd8eab454eaa44bbbbdcd6df7a01e9febd73c1f3ef3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_mr.dll

Filesize
54KB

MD5
e1c59cf6462c02a0bef88a467a18493b

SHA1
552e449e5533f35dc787ec23661c537640427163

SHA256
1bea72a14f426d0e752e3ded2839882fb3520040f00620e96b69b761b218425d

SHA512
720c641ef9d49b062a3c0991647aa144b6d2350ef9c6c4efba19bb89872478ac860f9912c2989e7d3e4075a702ab7bcabf99839109d2e4fc37bc23e73eb03c6a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ms.dll

Filesize
52KB

MD5
750af734800499b9791c2565dfcc2fa5

SHA1
20bed2556cbc86c712cd4fed35968e1c664ed79e

SHA256
c817071d5997cc566d223c04e61b80b0bd898c267270b7b25220b5c5f8a88f5d

SHA512
6f3b6c68f7b348c98b1b1b92c74b63e76c1ce3670d054fe879a277a8035a683d1cd84bcb22c41ee18574ac0a31b1847f37687217ab50e62e9cc875a084337e96

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_nl.dll

Filesize
54KB

MD5
b087752434f5d180ac5d2b28ff559418

SHA1
6a6fafc2daafa9e2939f287aeeb42bdbe962ad0d

SHA256
b1af18c54a2e87eebe4472091b5b4de73365c2457910cd19c7fc4cde898c706e

SHA512
38f08a6c7ac790a98e0f988da0b6d0b0c373eda8c629647ef4720621b0927834ffafe08e5bc049afb455a03b54f70dd0f73a73a49714f4ad11cf57607c4b344a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_no.dll

Filesize
53KB

MD5
bebbb3240e071ee8ebe2f12db55c7857

SHA1
8676cf2ef6e27eebc73ed323b5fc8e1363fe24ac

SHA256
a1d5f4428cee92d641b27674d829869e9188eeadf6cfaee86ea2c50b22307e31

SHA512
34622223a7f0e04814f78d56d5d937a7422e5dae7059081e26931108d4780fdec0d53361e62111ee11b0a7d532bb17179f72884c5346222725ca2ed677eb2797

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_pl.dll

Filesize
53KB

MD5
3d9050b2cc51cc351f33b7d15df8c890

SHA1
dc258f56777eafb82fa6974692d1facd11ea69bd

SHA256
cce42421899e92318dee1308e0aa8666e1abf62e0abf296976b8ec8da2f281c5

SHA512
b8af3af2a3a99508693972bf6c8cacf31ab69754060049eb0d6f7aa6c8547759afdd39389c9699be77ce2dc68b70fcc9832df128670d41f4dc1b23047c126c15

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_pt-BR.dll

Filesize
53KB

MD5
6226998672e473021775fa1a8eb557de

SHA1
546da92982a4a8605de3e8ea5d75d807c87fafbb

SHA256
4c3249817956e73c4172c3c3b3736eec8610edcf5231f002b792871976ef5826

SHA512
4b35ff9341ff8da777c6918516532ca6a4421fb1fa4f36dcced94613de6a79ad69c46e0d9e06f1f075adf946582377f1fe24125162b9e8e6da92afd1a6e884ef

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_pt-PT.dll

Filesize
53KB

MD5
d40085b58e279f8b97b8f65ffa8e97ad

SHA1
988fbeda905648dd67d63d5ea3f592cbabdab8e0

SHA256
d29936ca426ce30b676e71b1534ef4d86fc3b4bec993317e0e4903fc160bd809

SHA512
872ae1d0eb605b6149d86f3151eeb27fe203ecd6b5e4c14f3403841593da4f145f3bda86e9a121f427ae1914684bac9763dcfb313d042e9c0e73eb10b306b8c6

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ro.dll

Filesize
53KB

MD5
0c80f14a4bd1c2d745fc6ad1f80b10f2

SHA1
e283d6ec3b4947b52122433dad198c1998eb1bf0

SHA256
0aa0555b0dbbc1dcdf8e4e72783c03e2bb2c8963de9ad03e87128e6fd46092b2

SHA512
73fb1c1d6bc34ae5a808e31a988b13a43a398b3deb7caa324a8ae690f8593a94d11e906c9760ca9e0bdcaa2dade03806e59837ceeba6f42f0a123f1fc338f20e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ru.dll

Filesize
52KB

MD5
c3293bfa6e5cd2b9d537a4dfed80aba2

SHA1
d6a27288700243ba8f52dba988292c05f3a235a5

SHA256
1af286b4e8dcdf83b841975687eaf00bd379daf2e058191a954f6bec7e24c762

SHA512
5e1ea60c2f56036d4c602cc25227f224e41bb0a85253fa44fe938c687d8f0703d0c61e3a639c488454e20abd57f28a534297a06c7734abbd8c9d63146d1fc5ea

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_sk.dll

Filesize
53KB

MD5
6847d634315563b4988aa9c2b815d15b

SHA1
2a9052dd6304896d86d345d84ba81efeb1708dc1

SHA256
4e932f76c8b665072c43b27e77f71771ad710694b9afdfe07ddffb082fb12896

SHA512
9886aa13c6e0490dd3aba035b4e344e97c5f5bbae9bdbeef729c5a57e3ef5673bb982aa04cdc042ba5a6473c80dc30e051a4a851020c36fd90b06c5dfe003c86

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_sl.dll

Filesize
53KB

MD5
97e6bafb5122c8ee6a321f707b20547e

SHA1
7a80f5a4447fba5488efa0641ada7a3c38d26a9d

SHA256
ee30af2545bb34d05c7f493c67b7235215e48515f769353c44fda3bb947b875d

SHA512
31d2fdd3a923b5e1c0f87e18f5c9aafc64664b3c7f12379765392ba516e937362d754f57eb42482d42cd15e24cd29c47bbcb27b89834fa114dd2e07903728f6f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_sr.dll

Filesize
53KB

MD5
056363b2f2d318e0b55e85f62231ee7d

SHA1
fa93ffe2e49deb84403019528d68936ad7732c44

SHA256
335b2f94628c17f933df911ca154c3ef344a7295080e0508b3b94b5392a82d29

SHA512
e6b3cf80bf7aff8e02904edd54cc2452c06ced46308e57632fb177f3de643bdc749d573009d64944de19d1b5ba7295ed0a6c248365db70b2ad1bc74720b3790c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_sv.dll

Filesize
53KB

MD5
04e3f7ce03e5ff29ab3d9d699a4922eb

SHA1
e156f8ee085d00a170e73f90364031903cbef4b6

SHA256
f6f738f8c59617b9ecddeadcb9b197abfed4f71cb770093059c803e7cd25d59c

SHA512
3b160e5f0db50a5fb2e040d7ab02cd083887e28fbda2a621b067730900ef38b1bbddf39073562e5bcf5abc3b408166d7151981518aa21190ac677cb26e0ab297

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_sw.dll

Filesize
54KB

MD5
31836c67ecb7ce686c550881fc5a4db6

SHA1
3e532b3444baec8479bf50a2a3803df8f7ca5d79

SHA256
b3706936865726741618a960e2834b6b848f41e988da3feee11b676f7489ace1

SHA512
c370bee9768470713de9697b570d983c9227d9f45295163bc017d263cc195a76111d4f0a08b4d8d464c470a17656895be004c4ec57ca23ccb77c9d492e970ca9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_ta.dll

Filesize
55KB

MD5
c9a82393991badccbd8808c5e651ce3a

SHA1
742e1c00b565c8b7b85b6abde739d8e8b1ded041

SHA256
c61e6b4e33a5e2ded1514b4ddebcef2672218278e85bc5d1d2e6bff7833e9685

SHA512
37bb00e51caf85411d78541aae649127b889041927bf894a48956d766d5d68183c8d9d506d3b2decbc9808b508f86f035a9be5892a218652d01d9b5fcd197fce

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_te.dll

Filesize
54KB

MD5
28c34fffa99693159b5ef33b22b4b644

SHA1
889b522d0ad0c6f38b9745f34e59ab4384c56433

SHA256
20f1d79a2f4e81497a0af8ae06cc712ae6cf2cbaee50870d462c2fb31f2a0f5d

SHA512
f82b11caed3c1e31faae3f996255c15964681bc2397e9a4207707b953da22ad187270b76d5cd702c0e79daabf35fab8f10aecc8e814a4064216256c0088692ce

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_th.dll

Filesize
52KB

MD5
ebf8d353d53c098c8efc6cfe89009844

SHA1
41f60be31aa6068921bfefdf427527700d538627

SHA256
cf63770c80860e1d22ad3fa5ce48c4bfd3d2d1f91a7507db96fc303361a59da1

SHA512
92b069e9a415f79be2c363a898c29b5d48bb5b4ac61f94fe66dc940470557a0231335e7f874c6309e931c7a808cdbe0b248e20419bebad2a0e227f0874a2b305

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_tr.dll

Filesize
53KB

MD5
c157d2e6844a7389ec886d1996419dfc

SHA1
6e1d80ce714fab7966ee9b0aca4fa2bbf62cfe26

SHA256
628ceef663846d85f8d6e8d5025a63646e93a228e08269d33e265fab5660fd65

SHA512
e4f81f35d7d453428ab19445b44ca08fad2e7926e8c8e72680b21451032da422302be2d3229c10c6af6130ff2db67b268824541f6fe8e806ebe33e5f5d064f46

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_uk.dll

Filesize
53KB

MD5
496aa2ace6acfb7d904e10187d609550

SHA1
79854d0c27effbd3688dab5254a29d68f1b94a0d

SHA256
65f0861a54f671ed3bb69c40d7f5c69b6d598c3c4640d52bb99e41589a519626

SHA512
b3b1f543f4b2e0bcdd45546a5da1700d2c809a02b045b46a86743568b2e21596b1397d12c0a34440ae1010d6d8811220598d2cbd38d56c8d32381c8c64565789

Download Submit
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdate.exe

Filesize
171KB

MD5
c0eb9211961465ad0febe079b1d196fd

SHA1
e3cc188002d30555850917f4327673597536f66a

SHA256
7416cfadfd5845abce8988ec7d107487c6c22346c4a6cc5b3bd03d50cc03b083

SHA512
7d89166edec3749e66991f437cb2c506e42a97280924097834e7c70e1d23f96795caf8283aea2195f60b8777c545b32edf5a3a46301324ae315619ec1dce7865

Download Submit
C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\109.1.47.186\brave_installer-x64.exe

Filesize
100.9MB

MD5
a4599022b5d1691983c26936f2125d5c

SHA1
1456be249bbf22ea515d817ea89e91d9b30ffba3

SHA256
24d4198fe7204663379a308532b997a70841fe55f8b20f10536c9e6f445cb791

SHA512
4464c1670391f1e4654593d2af32f0c35f1c68e4fa84c3c6e54aae85952f8429247bca22ff9babff4110876b5262411dd1bd34c71574c6b81e529b2c0b4bcdd4

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\setup.exe

Filesize
3.5MB

MD5
43a8a1eaf7c7b53c8569d8a5b4dbb476

SHA1
b57972aee7518565e4eda1f20d3717d205c87ccc

SHA256
90f1ce74855aa7e17a44a75fcbb356c315aabd84dd9c2d01062a27383c5444a8

SHA512
9b2543da8851836a08aa185c1596e0ce23a4eedc18d04b9876fa1ee16cb8cf588886f76d2dd3b2f37b6961911af0333284044a835c3244b112598087d27e67a2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

Filesize
2KB

MD5
89a607ee710ec8501bf6162ca794d541

SHA1
5b33b14ad0dcf8247f41400622e06e0c6166d176

SHA256
51f3ad3f9d844ee3325a2b38eaf1a4f380eea16c41c0d0e40056004700cceff9

SHA512
d94cc41b6e19e2eaa9276de6ce4814778a12116831ecea329a26fd39dae5b0c36a859f605d068e162a8604ebc8fb7652017cf8b9e0dd80ebbf77f5c5c133c3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6423.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar655E.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\BraveUpdate.exe

Filesize
171KB

MD5
c0eb9211961465ad0febe079b1d196fd

SHA1
e3cc188002d30555850917f4327673597536f66a

SHA256
7416cfadfd5845abce8988ec7d107487c6c22346c4a6cc5b3bd03d50cc03b083

SHA512
7d89166edec3749e66991f437cb2c506e42a97280924097834e7c70e1d23f96795caf8283aea2195f60b8777c545b32edf5a3a46301324ae315619ec1dce7865

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdate.dll

Filesize
1.1MB

MD5
961a217f3ebe5c90c733d7baac3e15fa

SHA1
a674e9b116452e9c079096d251be281b1c98130d

SHA256
1a088311486ae62ce934e87ae55a8d3fdaf579d495f84b9217ab6f5e57e706e9

SHA512
9bd0fc3b639d1ffd025979ac0ecc8f3c140768826db6cd7d157c0534b84cee9a359066db928d0c8e029018ea9657d259d0c1e135b91ef15d1fef2ea19b456dc7

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_en.dll

Filesize
52KB

MD5
9f2ce4186ca35f8c798ebfcdba8307ab

SHA1
1da0afa43f5f54c2f170c9b4d654af30ae6affb7

SHA256
7b8c5b23061d126e6c41c22a73c4a8ed2446afdd5107cdafe86b038a8eadd3ac

SHA512
7af7b8b9698c410fbdb8c37992c93d48ec73e0c2ad367991defbd9a74f5bbfca2511df47406c7b13a29801fa489d9bc0b0f5ffb8147445d9126bc8ea95242422

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM3D11.tmp\goopdateres_en.dll

Filesize
52KB

MD5
9f2ce4186ca35f8c798ebfcdba8307ab

SHA1
1da0afa43f5f54c2f170c9b4d654af30ae6affb7

SHA256
7b8c5b23061d126e6c41c22a73c4a8ed2446afdd5107cdafe86b038a8eadd3ac

SHA512
7af7b8b9698c410fbdb8c37992c93d48ec73e0c2ad367991defbd9a74f5bbfca2511df47406c7b13a29801fa489d9bc0b0f5ffb8147445d9126bc8ea95242422

Download Submit
memory/1908-346-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2992-312-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download