e5a97b76b2bf6e00aa5b2ed93c3da29bfe4441c5ece11796a2cdcee300ddb0d0

Resubmissions

25/08/2023, 21:29

230825-1cdctsge9s 8

25/08/2023, 21:17

230825-z44tesge4x 8

Analysis

max time kernel
145s
max time network
139s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
25/08/2023, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetup-BRV010.exe
Size

1.4MB
MD5

610f0ce5b94617124baa837611e39ce3
SHA1

645473b633c1367dd63c17b47aa28cb08d405960
SHA256

e5a97b76b2bf6e00aa5b2ed93c3da29bfe4441c5ece11796a2cdcee300ddb0d0
SHA512

98e5c58b17243f4578f5a79311ee4065df3b67b0d24c4c42e934052098359081b0c02a10b1d20a0a669acda3c0981a4d7a3b59eb38e58fa66f5f88a3b97777b1
SSDEEP

24576:s2hOcaUc4ZkI/ySFdiJkTG9gLhML8T4YxIMLAAHwhvkJKYhD/5iqPzMurTWV:fhOcqSFEKG9gtMITjPLAAwcAIxiqwu/4

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\bg.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\th\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_no.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\notification_helper.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\am\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\de\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\fa\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\te\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\ae7997ca-80e1-4345-8e19-91a9fd5d50a5.tmp	chrmstp.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\psmachine_64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_en-GB.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateBroker.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\fa.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\ja.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\sk.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_iw.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_da.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_lv.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\ja\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\et\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\fil\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\nl\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_te.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_hi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\mr\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\ro\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_ro.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\lv.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\icudtl.dat	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\hi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_pt-BR.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_is.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\109.1.47.186\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateComRegisterShell64.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_fi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\en_GB\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\sv\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\hr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\ru.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_is.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\pt_BR\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_gu.dll	BraveBrowserSetup-BRV010.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\zh_TW\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\psuser_64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_el.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\af\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\it\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\kn\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_fil.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\el.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\et.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\resources\brave_extension\_locales\ms\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_sv.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2948_1037692975\Chrome-bin\109.1.47.186\Locales\da.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\goopdateres_iw.dll	BraveUpdate.exe

Executes dropped EXE 28 IoCs

pid	Process
2372	BraveUpdate.exe
1224	BraveUpdate.exe
1928	BraveUpdate.exe
1680	BraveUpdateComRegisterShell64.exe
1976	BraveUpdateComRegisterShell64.exe
1268	BraveUpdateComRegisterShell64.exe
644	BraveUpdate.exe
380	BraveUpdate.exe
1996	BraveUpdate.exe
548	brave_installer-x64.exe
2948	setup.exe
1200	setup.exe
3008	setup.exe
896	setup.exe
1932	BraveUpdate.exe
3028	BraveUpdateOnDemand.exe
1356	BraveUpdate.exe
600	brave.exe
956	brave.exe
2944	brave.exe
2164	brave.exe
1688	brave.exe
1940	brave.exe
832	brave.exe
1084	chrmstp.exe
1884	chrmstp.exe
1404	chrmstp.exe
1268	chrmstp.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	BraveBrowserSetup-BRV010.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
1224	BraveUpdate.exe
1224	BraveUpdate.exe
1224	BraveUpdate.exe
2372	BraveUpdate.exe
1928	BraveUpdate.exe
1928	BraveUpdate.exe
1928	BraveUpdate.exe
1680	BraveUpdateComRegisterShell64.exe
1928	BraveUpdate.exe
1928	BraveUpdate.exe
1976	BraveUpdateComRegisterShell64.exe
1928	BraveUpdate.exe
1928	BraveUpdate.exe
1268	BraveUpdateComRegisterShell64.exe
1928	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
644	BraveUpdate.exe
2372	BraveUpdate.exe
380	BraveUpdate.exe
380	BraveUpdate.exe
380	BraveUpdate.exe
1996	BraveUpdate.exe
1996	BraveUpdate.exe
1996	BraveUpdate.exe
1996	BraveUpdate.exe
380	BraveUpdate.exe
1996	BraveUpdate.exe
548	brave_installer-x64.exe
2948	setup.exe
2948	setup.exe
3008	setup.exe
3008	setup.exe
3008	setup.exe
3008	setup.exe
1328	Process not Found
1328	Process not Found
1328	Process not Found
1328	Process not Found
1328	Process not Found
2948	setup.exe
2948	setup.exe
1328	Process not Found
1328	Process not Found
1328	Process not Found
1328	Process not Found
1996	BraveUpdate.exe
1932	BraveUpdate.exe
3028	BraveUpdateOnDemand.exe
1356	BraveUpdate.exe
1356	BraveUpdate.exe
1356	BraveUpdate.exe
1356	BraveUpdate.exe
600	brave.exe
956	brave.exe
600	brave.exe
2944	brave.exe
2164	brave.exe

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods\ = "41"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{576B31AF-6369-4B6B-8560-E4B203A97A8B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB5460BA-B396-4131-AC89-A93A5D9DBE92}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\psmachine.dll"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ = "IAppBundle"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{B7965C30-7D58-4D86-9E18-4794256409EE}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService.1.0\ = "Update3COMClass"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ = "IAppVersionWeb"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B7965C30-7D58-4D86-9E18-4794256409EE}\1.0\0\win32\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\109.1.47.186\\elevation_service.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ProgID\ = "BraveSoftwareUpdate.ProcessLauncher.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback.1.0\ = "BraveUpdate Update3Web"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\ = "IPolicyStatus3"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\BraveFile	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\VersionIndependentProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ = "Google Update Process Launcher Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1\ = "Google Update Core Class"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID\ = "BraveSoftwareUpdate.CoreClass.1"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ = "IAppCommand"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\ProgID\ = "BraveSoftwareUpdate.CoCreateAsync.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.137\\goopdate.dll,-3000"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\ProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32\ = "{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91FE1DFF-43F7-4D48-B281-AB8BE70F096D}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\NumMethods	BraveUpdateComRegisterShell64.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BraveUpdate.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2372	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
380	BraveUpdate.exe
380	BraveUpdate.exe
1932	BraveUpdate.exe
1932	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
2372	BraveUpdate.exe
600	brave.exe
600	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2372	BraveUpdate.exe
Token: SeDebugPrivilege	2372	BraveUpdate.exe
Token: SeDebugPrivilege	2372	BraveUpdate.exe
Token: SeDebugPrivilege	2372	BraveUpdate.exe
Token: 33	548	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	548	brave_installer-x64.exe
Token: SeDebugPrivilege	380	BraveUpdate.exe
Token: SeDebugPrivilege	1932	BraveUpdate.exe
Token: SeDebugPrivilege	2372	BraveUpdate.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe
Token: SeShutdownPrivilege	600	brave.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
600	brave.exe
600	brave.exe
600	brave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 1708 wrote to memory of 2372	1708	BraveBrowserSetup-BRV010.exe	28
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1224	2372	BraveUpdate.exe	29
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 2372 wrote to memory of 1928	2372	BraveUpdate.exe	30
PID 1928 wrote to memory of 1680	1928	BraveUpdate.exe	31
PID 1928 wrote to memory of 1680	1928	BraveUpdate.exe	31
PID 1928 wrote to memory of 1680	1928	BraveUpdate.exe	31
PID 1928 wrote to memory of 1680	1928	BraveUpdate.exe	31
PID 1928 wrote to memory of 1976	1928	BraveUpdate.exe	32
PID 1928 wrote to memory of 1976	1928	BraveUpdate.exe	32
PID 1928 wrote to memory of 1976	1928	BraveUpdate.exe	32
PID 1928 wrote to memory of 1976	1928	BraveUpdate.exe	32
PID 1928 wrote to memory of 1268	1928	BraveUpdate.exe	33
PID 1928 wrote to memory of 1268	1928	BraveUpdate.exe	33
PID 1928 wrote to memory of 1268	1928	BraveUpdate.exe	33
PID 1928 wrote to memory of 1268	1928	BraveUpdate.exe	33
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 644	2372	BraveUpdate.exe	34
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 2372 wrote to memory of 380	2372	BraveUpdate.exe	35
PID 1996 wrote to memory of 548	1996	BraveUpdate.exe	39
PID 1996 wrote to memory of 548	1996	BraveUpdate.exe	39
PID 1996 wrote to memory of 548	1996	BraveUpdate.exe	39
PID 1996 wrote to memory of 548	1996	BraveUpdate.exe	39
PID 548 wrote to memory of 2948	548	brave_installer-x64.exe	40
PID 548 wrote to memory of 2948	548	brave_installer-x64.exe	40
PID 548 wrote to memory of 2948	548	brave_installer-x64.exe	40
PID 2948 wrote to memory of 1200	2948	setup.exe	41
PID 2948 wrote to memory of 1200	2948	setup.exe	41
PID 2948 wrote to memory of 1200	2948	setup.exe	41
PID 2948 wrote to memory of 3008	2948	setup.exe	42
PID 2948 wrote to memory of 3008	2948	setup.exe	42
PID 2948 wrote to memory of 3008	2948	setup.exe	42
PID 3008 wrote to memory of 896	3008	setup.exe	43
PID 3008 wrote to memory of 896	3008	setup.exe	43
PID 3008 wrote to memory of 896	3008	setup.exe	43
PID 1996 wrote to memory of 1932	1996	BraveUpdate.exe	45

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"
  2⤵
  - Sets file execution options in registry
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:1224
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1680
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1976
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1268
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM3IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntGQzNFMDE0Qi1DMjVCLTQ3MzMtQTY3Ri1FMUE4OUQ3QjFCRjB9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7OUM5N0IwMDAtNUI5QS00M0IzLThBOEYtQjU4MTA5QjI3NjUxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjEzNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyMjYyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:644
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{FC3E014B-C25B-4733-A67F-E1A89D7B1BF0}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:380

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\brave_installer-x64.exe" --do-not-launch-chrome
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome --brave-referral-code="BRV010"
    3⤵
    - Modifies Installed Components in the registry
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x144,0x148,0x14c,0x118,0x150,0x13fb79710,0x13fb79720,0x13fb79730
      4⤵
      Executes dropped EXE
      PID:1200
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3008
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{F329E59E-5F21-46E7-8376-16A021C98089}\CR_61149.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13fb79710,0x13fb79720,0x13fb79730
        5⤵
        Executes dropped EXE
        
        PID:896
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM3IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntGQzNFMDE0Qi1DMjVCLTQ3MzMtQTY3Ri1FMUE4OUQ3QjFCRjB9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MDBBREM1QUUtNjE3MC00NjU0LTg0RjMtOTA3QjM5Mzk5NjlFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMS40Ny4xODYiIGFwPSJ4NjQtcmVsIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3g2NC1yZWwvd2luLzEwOS4xLjQ3LjE4Ni9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTA1NzY2NzA0IiB0b3RhbD0iMTA1NzY2NzA0IiBkb3dubG9hZF90aW1lX21zPSIxMTQzNSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTQ3NiIgZG93bmxvYWRfdGltZV9tcz0iMTM2NjUiIGRvd25sb2FkZWQ9IjEwNTc2NjcwNCIgdG90YWw9IjEwNTc2NjcwNCIgaW5zdGFsbF90aW1lX21zPSIzOTQyMSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1932

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3028
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1356
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:600
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6277b68,0x7fef6277b78,0x7fef6277b88
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:956
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 --field-trial-handle=1404,i,15617646541762524389,14592839383389721196,131072 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2944
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1512 --field-trial-handle=1404,i,15617646541762524389,14592839383389721196,131072 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2164
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1708 --field-trial-handle=1404,i,15617646541762524389,14592839383389721196,131072 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1688
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=11072244954342834886 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2216 --field-trial-handle=1404,i,15617646541762524389,14592839383389721196,131072 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1940
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=11072244954342834886 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1404,i,15617646541762524389,14592839383389721196,131072 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:832
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=11072244954342834886 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2644 --field-trial-handle=1404,i,15617646541762524389,14592839383389721196,131072 /prefetch:1
      4⤵
      PID:2848
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      PID:1084
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13fbe9710,0x13fbe9720,0x13fbe9730
        5⤵
        Executes dropped EXE
        
        PID:1884
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\master_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        
        PID:1404
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=109.1.47.186 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13fbe9710,0x13fbe9720,0x13fbe9730
        6⤵
        Executes dropped EXE
        
        PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveCrashHandler.exe

Filesize
294KB

MD5
a7703013ba35a358d250ef1cacd5a6bf

SHA1
fac1b6bc2ebed349698291c779486b35d0c7243a

SHA256
99a9250d1126c72027484ff8fd267e5f30f909199b2b8d4667f90da29cfa4e8a

SHA512
7a6bd7a2c46b27c364724d04f2046ecdda20148b336a18b06927b32d11257a6cbf5b4d661dd41426e504dde2f9a7bc5b3097e8ee9f27b0d51f0aa44825363844

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveCrashHandler64.exe

Filesize
386KB

MD5
d6afc34b99cf2bcd113e469ef154053c

SHA1
79b141a997e7b4b0a8350b618fc4c14afdf70ad5

SHA256
49f19ab7084f54a9b7a5ea65911feec831930010f6fc60f81db938ee3d071b5f

SHA512
9fb90441407c2b570da331207f1915a116b3db312b3ba0b249157776209065d0d3dcaa022cbfd1bafeee9929bca7810aa71b71ace92759453619d4ea841342d1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveCrashHandlerArm64.exe

Filesize
360KB

MD5
902e713bc37b8c167efe0d6a3e1d96a4

SHA1
a6ad8063aa87e005e2cbb7678f67c480c9c1d5e7

SHA256
0843c1b48faaf4e3f4cd9e903af5ee0f008d7a1f06d6c209b14b05cf24b0b012

SHA512
be522a5838271c906026365ea659991fc7b457a1c9f309e7860e8c4e559d88b12830df87a787b6029e07c644d38666a19de8e8e43d836ddc594ee5213bc6aa6a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdate.exe

Filesize
171KB

MD5
c28374442463031194f33486b7356469

SHA1
1b70825f8b3220ed1c7f163c58c1939c072b1c53

SHA256
ce5bd20cda640b1e169cb35738f657e1d32683d47b8b462c52e4b0eeb2dffd08

SHA512
8001b930d9e332868bd0785b08147f084ab2c123d363fda012140e9796e3e766772c3b4822e8b2aaed323a96ca9edaa048ccb51d8da10429085576bfbf5c784d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdate.exe

Filesize
171KB

MD5
c28374442463031194f33486b7356469

SHA1
1b70825f8b3220ed1c7f163c58c1939c072b1c53

SHA256
ce5bd20cda640b1e169cb35738f657e1d32683d47b8b462c52e4b0eeb2dffd08

SHA512
8001b930d9e332868bd0785b08147f084ab2c123d363fda012140e9796e3e766772c3b4822e8b2aaed323a96ca9edaa048ccb51d8da10429085576bfbf5c784d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateComRegisterShell64.exe

Filesize
188KB

MD5
97b5484c660356eb91e5327ac17cb8f9

SHA1
d94b54832dc9fcdb84534404b3527f180b7d53a6

SHA256
833a90c9debde96282c3fcb5699c5c38200e3d36d37a5f2ca50b71e708cb31c0

SHA512
700fa67f342fc7d2062a1cd1a00d2b0ee3793e99bb5fecd1fff1c1d96dc31f180c256c8aa361ddbf4f9cbca781c77e681edfc9732bb387c5dd62888b4d661a12

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
148KB

MD5
c580dc3a756f3cb423836dd6d19fc9be

SHA1
cb40134aadbe08921bac5b10d807f85fa7ef788d

SHA256
c5d39359aeca88437b9505a6b945637e14ffefb636aef4ade971e562a4fadf10

SHA512
52e00a71229f67009c24592564e167d029a3724ba344a5169254ee122680a8769a9dc48b5af34c1b879b6a98b08f47084da3078daed5075786cc1ddd2713ab83

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdateCore.exe

Filesize
217KB

MD5
8520479f1103a916d3f880f0a274cd5b

SHA1
2b8518c535bebcd932ae889a6eeba11a42694da2

SHA256
92a8177d19cac17fac1861da2fe0bf3a60482d2ad977e55b3ed038a50cf565b2

SHA512
975d1f8da41c4370d819d47e8df78f21ff554a2e91a87bdd8384d50baa89dcbac5f3d2b5c4bb26924cf30cb781149311988b4289b193848ff18df19723ba38de

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdate.dll

Filesize
1.1MB

MD5
e07febbe41cd974f625b540d2c28d7e1

SHA1
3465a298ab056eb2e8f983be754007ee164b4179

SHA256
5ed6cf4ea82881bc51c7193322b26b7ba7489d2d3b5602ad11faacb27ebbc021

SHA512
9584c19efe7cb3aa813e7b4972fc00e2e0730830d9a86a1f97bcd93d2060f14e2a058f49feb91d084664ccf2997e0f7e48c6efed4b1d46e0ac9cfcfb73fe9179

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_am.dll

Filesize
52KB

MD5
1f15d272bc0ae63b04430f8f722d6857

SHA1
2d1cd3b8065c8ce90746284bdb246405cb8ab229

SHA256
4f48b2fff24186cb0a5cd3e50701780429a4a7a9c904ac2c543070b5971dba71

SHA512
32b36db12cec7388616208fddbcb91213e5ab7ec92630f0bf4c631ca60b1c1332605c8229218f5ae3878783bb07301b9935ed4b434e8d895338684dfceee0917

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ar.dll

Filesize
51KB

MD5
5cb1cd7f2dcc36c884074930f7ac4775

SHA1
ae409ac79587cbae85e25fd37a2e30c4ae7b9432

SHA256
81da16f2f12ea8bd217719c1f9c99ac2d081304616ea9ac44df7cc2f0cbc98c8

SHA512
d26ac21f81dbdae80e216ecf91c0e80a480307d1ac127c99e44de98ccea14369e766c386a491da4b4a1f5bb4eee5ba6d5da2e32311511a5d7ace8c0752e57d69

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_bg.dll

Filesize
54KB

MD5
bb7ec5cced166f359199b5f5e8068c04

SHA1
09744b078f8a6ea7a4163c245de9eb414a913ed8

SHA256
88b5f04424874a208388f3fd84e8fed4fa2333b77dbf2dbcf886065d47653370

SHA512
69dfd625a3cf85ce2ff210c73a5b08fc71235547351e460433615970244ec590ac30d0baa51b5833301d4bbf637b79214a147685e78ca8c9b77f32bd31dd88d1

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_bn.dll

Filesize
54KB

MD5
f3d9e2d335b6825f9dfa7290d2914610

SHA1
ded55738c34d988ee7f2642ecaa33ec0b1c9169d

SHA256
bc56c7b9a2a7621d6d4c18ad4a38e25ce0d29a5aa861444036a7ec1481f3cf3b

SHA512
4dc2ddb94e0861e24476b10895cb8f6f0ccdb8f79b5e21c9b9d5ff435006d5ea0a1e701c18ba27274214b4696abb6c016f9b09b780b569c3fc88dbc27be5080f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ca.dll

Filesize
54KB

MD5
e3a75aef876de74e576a194ca079ce8c

SHA1
e64c9d9f5862bbc210e81e15bbfa9f9366f307c7

SHA256
06983c4bbea9b0e4e240c8b1195ad63732bf5851fafac41a92f249e7c8c4cccd

SHA512
6e2673127b3a18972fcd588303d1a8bae15b508bd608a91b3cc751dfd156300fb2bc6bc7a61aa934c4ec873d4e9e3bcb792bec1990f6d3d9f5e0ed44b318594b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_cs.dll

Filesize
53KB

MD5
9b3c6ba579f55a6143885a2237616b39

SHA1
be11fba9d8002b9df572136b61bcbfaf59cb0bda

SHA256
61308ec479536a716aedc922b1917a02ccda9b437a7b5e79473ad57be247fbe8

SHA512
ee3ce798990769b9da8d936f8596278aba8fb3bf89ecbce020bf6dab07a901f2161d85a68e353958b56d1a9a306dcc67535b8ce427aafc620137c31430085f17

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_da.dll

Filesize
53KB

MD5
54841c10ef51ad70db792b180b8bfdbc

SHA1
05b3f2d2a23dc97c87c55d560ece09021b5ceae6

SHA256
e102004eefa88a498cf22b27c075aa169e92dbf8ad58eb3d6ed2fd53a4f09eb2

SHA512
792cf08908f14feed0cd27bc31b64c967c56e6a766126546d04faf901866921fc7f5517de4faf88f4276ddc22de37b92ad7df7190ae34bbfa611b0d9cb4ab626

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_de.dll

Filesize
55KB

MD5
497ccd9c6fa06bf5b461ddd9930d1d99

SHA1
418ba6735f9925deb7eb3c0160f29ff735c64e39

SHA256
0e615aabf201c06c1c48bd194d4283fd2a413cba00ffbaf42e4035230e0e3083

SHA512
81b175ce27c8523f05b90f800eb327389f68b96e41729bcd1481234251e7ea3d296e73de27dfb62f906678628a2103676185c768f5537ec2956c1efdf1d67147

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_el.dll

Filesize
54KB

MD5
3e049311688b3679a7429568b2964ef4

SHA1
2bb4f4e6e4b85ae56db5e582b19ae067f9b2aca0

SHA256
86b8965663a3648211e77f971c1dac004700efc1fe9c275850420c86d901e25a

SHA512
fbf14c555de5850a8cbd818a9b853cce24f6964826de72ba5b74f62bf723e6e3785b609d42d42f6c12e3b58119f0008b6566a4c06392850a7d9bfbcd10d78f6f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_en-GB.dll

Filesize
52KB

MD5
5f33e9c3905c353bfe46bd3ad9ae0ac6

SHA1
26d585142182b9e0713f7f08b9699e9a8ddcce9d

SHA256
9a9fd9d2d4c0b13994949a360e5f29e229d981201adadbad17408895db62ca77

SHA512
01d7563f31bbd879e674502fc5aa3842e138448c1b6a61225dcc6d2f4c28256e3b93cd555d31e5e617f3ddeec58b826d3e9c1e4c2a0786b8100c23b069cb5745

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_en.dll

Filesize
52KB

MD5
3f7828438e752ebab207ac3de881211e

SHA1
a6ff34980e2a860ed89e2cb54b5d75a6fd81754d

SHA256
4f3c30880fbf92adc4d81ccb78cde768459d0aef5592fbd1e026625cd260c3a7

SHA512
5d9534a735e8bc86781af04afd72346a49e85b4937ad6f7b980ebf4268a9dd0a18812ed4706aebbef9b3a7ef2dda343d4f9d33d4349870a3558bf3e7d9e88f7e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_es-419.dll

Filesize
53KB

MD5
e0569a1bf429ac61def4dae2c5b69dc4

SHA1
90605eea8d9468360a6e307a822e0562bcb5f437

SHA256
ead0eb5c662a2ce297e46dbbfce567edc07cfb4e1884e582d0e58c09343dab22

SHA512
cddd7409c21ce2a2197004631ecf5b206e1ed7c915fae6aaa1458b30ef8a90aa2050fbc45f0217474eb6ae3e2654aa52159516e26684da9fb82de30cb9339846

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_es.dll

Filesize
55KB

MD5
865e38ce97ae59d64951863e041dc27c

SHA1
1694e979b0a657ff8f247a09a99fbc212e7f8c04

SHA256
1e28c272e48ecb3bb16c1fa87577cd6edb3e04af1a2823e35df0560b334d764d

SHA512
7f66acc6e30c131a8fd9d0e924d05d03c95c8fb16f75350b70b59b8ed78dfbaaa901c81e62008e2e2bfeaa60c91e6fdc5bb9199d6cb4381feb407f900e960b2f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_et.dll

Filesize
52KB

MD5
c2b205824c324821b2c7980ded99dc23

SHA1
4a82bba7065dbbd3adb7edd149d6c80cba18d50e

SHA256
9d858a820bc5a7fd6cb9e635e33eef8f488f36e5ce1c0186aeb474f83705bad8

SHA512
687b6255414a7f450b20654162198270776af6443cfb6c2c60cf70104d9016830c73313c3d0631088bfc4645a3b1ead482225dd169e75c72e7c9ee59860c8738

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_fa.dll

Filesize
52KB

MD5
8855b4571d2cf0b265e0c67bef6edef9

SHA1
f2069a4c8bfe8f890cf0d3261b8da49de348f00a

SHA256
1c579a5af6989c0b0692883984959528b49d6e00326b2c3dd9b64ab51f655470

SHA512
b3a6f1f04eb48c8918ee97b60f9f05c9fb5729adb21132f3e3fbf89b918f9bbafc0e7bd2404caa8b5f44b833e30281afe4a6d64e3b9212fa0c65582438049ee7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_fi.dll

Filesize
53KB

MD5
a215122b602080367dda79585e3ab547

SHA1
442653ddf02f8b15c3937f0d9df800421d5c8f6c

SHA256
357b1a938f8eedd1a0a8f12262cf4ea38e4f0a437698783c722d379838df1174

SHA512
e683bc5629b16f1de6e1bfde03871ed17f5386274b12bf800cb71bec0171b6092fbfc417963eb22110dd648e5e402e44d67aa6c58ef96fd773169d6f9bdb0155

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_fil.dll

Filesize
54KB

MD5
ab94f81cf43056d368584a02bfbd3fd0

SHA1
65b384b3943203846bd38f4f8f62bc8807de1a4f

SHA256
f400c9872d4cf7ec8ebbf5a2274f29fd66177d7d8d151eddea796eae30b89183

SHA512
2029b4eff3cfb19ffb37789a11caf80268c66b6927643843b0cd45b6a261fd0d95f5fe08de3b97c3bef35e45b940cc73d7a2f8a3effbc66abb096d8aac6d2bef

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_fr.dll

Filesize
54KB

MD5
56a731b77b994518408506d43b774401

SHA1
429602784d80cdd6139012ae7773cdc251a665b9

SHA256
cf813b8c52c036d321e97af9ebb1e180bf3b65552e1a89f30b0ef6d1909d8221

SHA512
dbe8fa8655419d9907ce7b01b923265421a53cf12f1bcfd8935185289f204bdd3da5a221e8b16a10e3aab81ea013a2e8e216c897c348665fe365ca0170dec706

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_gu.dll

Filesize
54KB

MD5
20f8ed82b2b9e20f78fcbd39a537f862

SHA1
d8189b03b7b35a1e2d060a4578ef2dd1386e499f

SHA256
524980ee6ec8ae895b014e1dda128065fd5587d2729d21d4d79dc29c6eb9b55b

SHA512
e58658d87f4246ef916d8330208bd8f54678c67e1b04d1d06200ca8dd3d211bc2931fc6e02de70b7bdd605d582d72e8cffeed90ed3358e1dbd004e8e8be53013

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_hi.dll

Filesize
53KB

MD5
e96f6ca8ba15a149ad132457d4b1ccd5

SHA1
a90fd66bd635b15f41d0d27ec006d5aa55549d23

SHA256
2ca4a7e17a2885c18e178ead3fcc73392eee4fd08871b54712a1cf800b3e2ba2

SHA512
e606c6257477b0cd6e1d7b20fa15505a7ed441a85b01c03c17a8ef7a66359a3d2269f87b04143456425370d2ed10e3dd9816f6dbf932f1fbdc4514b4be2cb729

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_hr.dll

Filesize
53KB

MD5
a492078b15285c21b9707fb2e4beb982

SHA1
4e10fb68661c18af06f5d0a24c07b40e8f7aa780

SHA256
79754f6618a1398bf328efcf45242593ffe479293361addadda30ad1919795c6

SHA512
03d43dc275ff5518a52233a1e54f4af77add637dc8d514e0064f25d58115299a3661b18b53ceabec2befdce0fb52195687e77b33f5bb8bb53f0e6743dedd3a4c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_hu.dll

Filesize
53KB

MD5
450c3ebd39c3a486d66de3b7baad974d

SHA1
b3b9aecbfa8d1c75d44f1cea8a90104348b7a941

SHA256
d3b10178613d6309626e2df451a7f23533d07393c3653f058a30b9b0ae651258

SHA512
ee82ebc10db161cdef49e0ba14c5352d70f60b8070efaf5acc7af487fcabaaae2fafa5b455e85dfce14b18b1c3ec23b2a74fd5e7e32a5fc2feb70c35db593631

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_id.dll

Filesize
52KB

MD5
cbb550ae3d1971cd8d8c399560f93978

SHA1
3ba6062e3b088ad88b46fff6491543fefa7ac3dc

SHA256
073c838b4a4ab11b05b8a0a2ad7c07fb9bc728e689932c048adc963ef5f2905f

SHA512
6e9f8acaec25c20c857e61d9a487007e4bb640d6ed5c8dc55a13ea7c85decd4b315df99b3d303a46c4d8e56948dc7ec25e9a19d01edc461845aad9b377f52bdf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_is.dll

Filesize
52KB

MD5
8f32ed28f5f19c1b22973a5d9f9e4ef3

SHA1
deffc4e2ddbeab78fb1a7a9df01b3ef4843cbb5b

SHA256
97c7dc16bc0c1c3deece2b912020d567ee1bb34d924f3d565a7d0cb500649db6

SHA512
196b75fe585965b2bd590131198bf2016d8470e1ecc116284f6da18c8c455bba308f071e7e947127595a1b95e3be1bf263312fb3984cfa6af28872d38d14dc75

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_it.dll

Filesize
54KB

MD5
eaf50dc1fd296b56a65cadddd9056138

SHA1
7fe9c53f1551e0e67067728b7c6f4a3bd118a097

SHA256
69d103c8d65870fe66aa140b7b32b8b1b5e93c89d180463d3fcb55bfe7941d14

SHA512
d3770f4f67e25edf34d26777e6a99e983ea537562cd865a24844f5f3df433b6b4b905526eb570e0260938a6930cc55e36902fcc5ffefe45215bc55c42e6bb78c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_iw.dll

Filesize
50KB

MD5
38ebc76f35de1c0b20a5d2a2278238e3

SHA1
43459896e89ff126056fe619a73ec61f02c631c7

SHA256
d17f00faa0fc628c0fba28beaf7cbce227937ad7dcfda5d3b9917c2b51522c40

SHA512
e8c010f7141d3e6f361029b7e78424d38507a1926e8b790207e79ffc13a204baf5d2c17913abf69f98e47a3a6ff816db0d3d87a35068bf295613bce812cb52a8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ja.dll

Filesize
49KB

MD5
13194beea620db5d03f4cef0ba259655

SHA1
f20fb5c0448910a4a14860beaaa30143f00fd572

SHA256
97be7cf975a88654e85ebaf88e23bef4ee5258e2fb9aef4dd9308248e8f026a3

SHA512
711dbfd90e8153bd868c458fba768c9e92bd0619eebcd93b56abfe4c4d82d252ec4ad0946d69eae8d33506d860960357209f562806af16f90eaebae98b4af172

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_kn.dll

Filesize
54KB

MD5
81105c6554028188ba6e4056bbc78925

SHA1
38a040760ef202489e3f29ef52f6b7b3c4a2b69f

SHA256
595f580de5d867ff8d15461c334fa61a61948906ba0507fa0353f5bf0a67c65e

SHA512
20081a550f87a6e51cd65f7884b68083567c01df2f4dd4de81418512c486998cff8fe1885279aa35ff049fd30c6c47044130a38c9714b2f45c28033fb43bbb60

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ko.dll

Filesize
49KB

MD5
620abb217006a55d48950c11c079c80c

SHA1
d5380770158894809f4bec553569936edd12fb62

SHA256
cb5a9ca9026e8a99b246116abcc73a357ad1d807474fc8a4dd5701032d0cd4b2

SHA512
76a12cb0bc4aaf0d681fa3ab8ee000fbbad5cb88c7f6a6d2d0ad315b7d362179b58333b08fa9f75e97b605858da004183eecaaa730349480efb28efa02d97621

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_lt.dll

Filesize
52KB

MD5
d87a88d813aeec8af1af5fed8e14c9c4

SHA1
14fbd59e40c8a887a2049f3685f021a9e717ea2d

SHA256
c8d36f7ba776c89669b2088abb5ac166797bf86c52810668e4644f00aee17bf6

SHA512
f8af45a4f254eb92f00d917070949d8781d6e3e5fbed43604281cc7139e946c95c1b5058cfcc30eb7e6eb4916789f808749537fa1482d6ca847da5b6b9e52ca9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_lv.dll

Filesize
53KB

MD5
42ce159d994f702eadf3f7cbaeb76a5b

SHA1
4c4d1b66d3abee2ed5873ffa1b9c25b26c10a236

SHA256
5d7a7db9d80f6afc256623dc00193e375699397fb459ccee3f79883dea685f26

SHA512
4557ac56ad8cdc9229584c66c60ce81bdc700ebf7b9861f54326bcd1123ee85ab0163ba555eb878bf994dd7437e569c4c97ec42bd1b5d686b2b487af2ca3677e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ml.dll

Filesize
56KB

MD5
d27a7e96e66686e387f4281c39f5c8ce

SHA1
4f8e5f6d3e6382a88a4e905beae074529336a004

SHA256
83c60a7e14d4f8385898de93839d27853393f2521e307c85150d56c9efc38ac6

SHA512
dded1f49a9b76f2201881abba63e85e085e093390bfb4ca217f1d6405756da0ca21e948966d36eb56193b88e3d6ba2301b13dbf6b2485b9af2245754da1b1e78

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_mr.dll

Filesize
54KB

MD5
8a959ead24150c559427106e7df76e64

SHA1
0ebe9e0eda6f0f84f8508696a34b78f654e68dd0

SHA256
651c6dde696421e5a36bd8562561a48a71a02d1e8ffc965f8042059c350d152d

SHA512
0524c0e6914a50b5e9fcb325a1c5140ed0c5fa9435ec35ad967e05a0e52cb52de9e2e72d5917fba29c05eaf2ada5a2c0fa0b7ba3c6c6bb50da76a922e6355284

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ms.dll

Filesize
52KB

MD5
cdafa7e813af9029b53f3117bb2c1f30

SHA1
67540f3447d075a452368b9fefd0b9837aed01b5

SHA256
fb2fa03333fd5eb0d06b7d65f9dc517b3497c646e43344ef26c997d6b0c6805f

SHA512
7beaccfc0cba0eb100140150ccad04ffdc63a56d8434c4794cc481adc2ef7726795645876b4377a96c9638d1c8a946b27cf56462376eec346233f7575da30ae7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_nl.dll

Filesize
54KB

MD5
093e7cb851d88bc76ce6fc8e2da3e922

SHA1
f6f89ba726da893a5e6c8da229f0a93b81c47c95

SHA256
23f70721eb63b3b85c014936f8ff532e33217d2570fd63748fed80fc368be447

SHA512
c50db0f1c36c64f8fa89af1e585c68d25459b0c31956d9496a8694e2b6b41b38604cd01a90b7b6f67125d7fde172aa982770ce53d17de44c4630142b61993a9c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_no.dll

Filesize
53KB

MD5
08a9f40471bdeb6bba208c416aa9ac02

SHA1
97663602c229eaa9c17d4abc15679739a9480c18

SHA256
efb30708a6c57b69e348e20df2cb8dcb1f6fd14f0ee669c8211103c94b42bb3d

SHA512
5897c8d1599d7f728baa913a38d68539cfa64d7541476772315fb4182d7bb00f9e696731f8438ad77e6385ae08ec8341c2a00d9da30a13cc1c0a83188adeca5d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_pl.dll

Filesize
53KB

MD5
e41ce3959c63978bbc3a8bdc390d9f3e

SHA1
91620504099c1cc821210131cb0327734d00b077

SHA256
3dcb199b2ec844506257bddcfab8723f3e9224213a4d7db67939daeb70a77d5d

SHA512
6cf543f7d5feec35c066cca95200819d8e7b7a17cca984d38eff88b6ddeed09a545223f61e213a7d872d2a582eb3683a017c80bd2cff1a0ae8ed3a4cab45dd68

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_pt-BR.dll

Filesize
53KB

MD5
68d768c4e312c2063935d1cc149b8c6b

SHA1
e66d3b95041dee1ec7fb2f3d75882833a2c8b34e

SHA256
905c1be3806897810eb5a7cf6bd288252e8a10f1f0be795041317ad40f775b46

SHA512
474cf2004b24998fcd8d02a424e14b1741d86add658599d64039d0ad2004466500bd7a64ddf56926c14e2357d0110a0ed8fb9f861a36ef4c4a08202b36fb997d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_pt-PT.dll

Filesize
53KB

MD5
c5d29245d6d61c2b3a729d4f412b7646

SHA1
c58f8ed0fc136dedf97ad9144e7ce3ff223a9c10

SHA256
f1a3fc817aa80de86b1e895cc2d7182698373601d7bb8dacfc89eb29f9e9c2cd

SHA512
34036b55bb2599bfe0997e59cd86e70098dd588426323bdb63cb45bebfb3c446ddb80182d7d0e5e0d16edc9a6867a36300c0d6989a987ea238e380832dd0d0fc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ro.dll

Filesize
53KB

MD5
5d59448a44d02aae26d94202fa66b233

SHA1
54ad80f812d33f7e893c107e9133b5004ccf149f

SHA256
a933d7cb6c00b1aa7ff3af41f373eb4eb9bfe655e447736d7f9858174f367df5

SHA512
8aea4c41b72d20c64eb0c2c12c9c010d95777de88be3d7bd40d236dcefae27d08823ffc0313dd5a130438175e274cc0b2088e27e05d64d7b5f9265bf553cf6fb

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ru.dll

Filesize
52KB

MD5
c1df932fecf3c6b6f7201f610a7042f6

SHA1
8e6b6337cd3b41ff88e2ecae48486876592e3729

SHA256
ad4e2801f4efb6787a30732aa203fba9486a42a46b4b059e0039ceeb8b8b4dbf

SHA512
113a36c27cf5632f8d2fe3c3dd93925bc2083002a5196ddad7306b9a07bd9b8c1b887851083868c8981e8e85a0c31f812f4c2bf4ba83a9e947b9eec14c09eadc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_sk.dll

Filesize
53KB

MD5
bbefcbb44a53d92d20bf194ea4f91116

SHA1
32974a56617b74702df9ecce9af3a872de8ed71e

SHA256
88dd25e00bb74e8a19d6aa36756b84b7eec03372737d35da362fa5b108507bac

SHA512
450dfcafa375b0f3703e63366fe6eeaddde7a9000f90a53468e9e6b99e83a7610cf8f37de8881c9a0f0aff565322196b50a4af75c2ca3d35ba36322e60da0231

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_sl.dll

Filesize
53KB

MD5
472f3316a5a3bcc0ed7f448527901d32

SHA1
a67aeae60b9580dcdaf9b336893d8fafcee2448d

SHA256
d7d67d3b9e35fb9284c90b2e25bf453c3721f4612477ce5d68c0a41890ec8928

SHA512
71c99b862766990f0587ba89be94d03ec9d9cebe07a416c5eeec9fe9e4eb6fad6b3da168d45669e3c2934a7d20ad774177646e144a1823eff4d25deb1542bf90

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_sr.dll

Filesize
53KB

MD5
2a31e03952f83182e17886d15d8f3775

SHA1
844c1196f4b941ee6c29c8c87cffb01a20512909

SHA256
b6ff3a8a1f91cfab45562b3e113195917f12ea2b0f9ea3f480d346310f1ae3f8

SHA512
e416f50323783c0447dea78ae4c499c220c9c9c1640e2fc38eb5bd016785f0a039e91cc72aaf565f7f5a8063a4a8dcb41de26e5c2468c8b2572bb29e20526347

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_sv.dll

Filesize
53KB

MD5
aa4211356e9e64f4d4a52806b2b2c6a2

SHA1
b0d86a7f565af1ddf19a291f1447743beac2dbf6

SHA256
47090bb679a8abc6fc0466bc1621c1b93e05bc4044f4eab0e680f3e9376efbe6

SHA512
2584adaab12f70d1b5d0250f970ff4423b3d5e9a9a9f77d6581d22c1737c9f99854fb5aa9753887b75f57110ee2c50ade9cd178ac6c1e270acf5098c03d8d922

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_sw.dll

Filesize
54KB

MD5
19e47fd71f9fc73131fc599f2e283e6f

SHA1
7179123f61223a30699d1d7e06878bc4fd7f6a43

SHA256
42c99e14f65680b2e4755b4ebda085fe9adae24ba71b8cfe86afe33adfed8bc7

SHA512
d28299fe3ed04a468dcbeb10d0ab3dec871531f118955fc5acd032bd2f424812f158e7529acc8217d431b96afdc1123e4f90fc527681ba44bbbc74f14e671b75

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_ta.dll

Filesize
55KB

MD5
f9d1a6587b71fa594db9fc9f48c3517e

SHA1
31a102c6f20c46b9fd3f5b449861c4986b5f0f28

SHA256
7cfd1b439170822c85aaf55d0a2a3143a6785004de31d531141020689c46c190

SHA512
ab68a49e0c0c9b84c59b76afa7827e9ea610f2c2c53085cb8676f8eb5a3f36d252ffc6dc0a59f9097c27580d4947e6003e6216e65854f89d6b4048c1ba692fad

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_te.dll

Filesize
54KB

MD5
d646e977231c0c2b5c24bb051f557a59

SHA1
e6608fa019d5c5d8a5ab1b0ca62cadbc06a9d84c

SHA256
cd924bd55e0ae8ad5c45318fa98c6a199975e9353c0959eba90ad90a7173d5a8

SHA512
a215c43f275a78964ab69b8dc01a83086476f66ad0a0c4e7027b18c64356d2c170d431272a82c859f1abf12cdd41e56afa954e2a2ffb66263e43cb97b5e9eb35

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_th.dll

Filesize
52KB

MD5
9b0056f43056291d123e6a56ba3d3f33

SHA1
c9af1f9675a74f9b27d98f3b99382484a7cdbb1d

SHA256
e5ecc5fc90004b2b138099ce34686caef91e9b2ec50706bb4057b33a4a91c034

SHA512
7b672e68e023371e0f80b0129a9433741daf3c8b55d1d45073c8e785415250ebb17ae1fd7586256bc21092e980ebafaf370e1914c5ad3d45fec5a2866495b47d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_tr.dll

Filesize
53KB

MD5
5c1c8d014db1fc0b7e6446005c16a4d5

SHA1
e2363f23478e40c686feec045dde3e6ba4642f2b

SHA256
da85c380ba9e54e38a0f2bc0b91e2baa486f0f19fbad65ff4791de8c5f4e5941

SHA512
fb18bff4bcaaab53c197ab2c1f02273c1a7a331a08738c5c907a76561a098a27e3899d9c662a8ac20fd4d482cb2e892e93c5a429f89f74f5885b09eda6b542c2

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_uk.dll

Filesize
53KB

MD5
c4f161222860d969851a18e81c06be9a

SHA1
bf6987543d59f8a8484ac903e1a1bf869c85b095

SHA256
9ffec0e7c116172bb8d50f6b43adafc868de524c48663af3176da8b2ed498611

SHA512
8a190c2ace7622945925f9bcb89e078afaae76f57ed28293a660cf9d027676a97708db219591b2eb296b8d131fa3eba5d91fcd69662445f467588a0f57ed26a8

Download Submit
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.137\BraveUpdate.exe

Filesize
171KB

MD5
c28374442463031194f33486b7356469

SHA1
1b70825f8b3220ed1c7f163c58c1939c072b1c53

SHA256
ce5bd20cda640b1e169cb35738f657e1d32683d47b8b462c52e4b0eeb2dffd08

SHA512
8001b930d9e332868bd0785b08147f084ab2c123d363fda012140e9796e3e766772c3b4822e8b2aaed323a96ca9edaa048ccb51d8da10429085576bfbf5c784d

Download Submit
C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\109.1.47.186\brave_installer-x64.exe

Filesize
100.9MB

MD5
a4599022b5d1691983c26936f2125d5c

SHA1
1456be249bbf22ea515d817ea89e91d9b30ffba3

SHA256
24d4198fe7204663379a308532b997a70841fe55f8b20f10536c9e6f445cb791

SHA512
4464c1670391f1e4654593d2af32f0c35f1c68e4fa84c3c6e54aae85952f8429247bca22ff9babff4110876b5262411dd1bd34c71574c6b81e529b2c0b4bcdd4

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\setup.exe

Filesize
3.5MB

MD5
43a8a1eaf7c7b53c8569d8a5b4dbb476

SHA1
b57972aee7518565e4eda1f20d3717d205c87ccc

SHA256
90f1ce74855aa7e17a44a75fcbb356c315aabd84dd9c2d01062a27383c5444a8

SHA512
9b2543da8851836a08aa185c1596e0ce23a4eedc18d04b9876fa1ee16cb8cf588886f76d2dd3b2f37b6961911af0333284044a835c3244b112598087d27e67a2

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\ae7997ca-80e1-4345-8e19-91a9fd5d50a5.tmp

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

Filesize
2KB

MD5
87f229b2388e3f1a46357e42d46a78df

SHA1
b9b2ab1b2b3d960380adf7218e887503e4945009

SHA256
3d66127e570b1494b1f9e3824e437ef8a5192c9c7c9cf05b6501b5dcbbf7ac18

SHA512
82e9e5e9240b3ad4c8b9336a11b37675cce4285d02ce4bd5350973e76ce1b927864badf27bf60dc1df0d7d253800d0b7dda53695c3d44d524ad85026ddf454e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\64958666-3bc2-408b-b72b-fc44d648337e.tmp

Filesize
165KB

MD5
7f67ce6fc1c170d99adb86928777df98

SHA1
61a0b9d20eb0ccc7d9868d7a714f4f786049c3f9

SHA256
d9d37da23387c2cd2b9c20cdf299c6651bea2e1c94eea44f2a1c244a4bf40cd7

SHA512
bb3d5332a752bf383b31be4a09a91a7bdc7754fb8b0724f2eec48a43ba17f250773db487c9fc3cf9dfe39ac942bdf6db53c6a6ddf46eafd1afe99805b0c59f48

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\9a92ca9f-e754-4252-b2e6-ba2265d59c15.tmp

Filesize
5KB

MD5
075633059ff10c0e337d642cc6921694

SHA1
f033060f6b06236674a256ac058120b6730650a8

SHA256
3bf4808b02879189c61d5797b61d3a07bf856580d54d509ecf40dd30db0dc759

SHA512
a68e21bb61df2bca4c567c75ff94c128e8d9e0cbb16a5bf1311013ab2bb480e99d66bea1884ff1fdbab1458743b39587ee9277e0ae0849799e81ca4770598fb7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
10KB

MD5
8b2d3926eefd555d0734df6b4dcd3ef2

SHA1
48c2ad86805611b0e61ed569753c81fc236046a7

SHA256
e62878f9510ffd1b59b7bebce0210ca3f089d4da240beb71f2382cdc1b77cc3e

SHA512
ef91aaebac9003ffe06b1ca22c0bff523470ac580f7fd07e804cf34c31344450a5043faf877ff8244b73a59f8659d11e965eca3519bc2329861792614d8dcf50

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
10KB

MD5
e5425d25ca510c4f363896b084fa3089

SHA1
82cccc36e86a68da1206649bfb6066853218ba79

SHA256
f55d922dfbe90d776e18d4fb3b542067ed23e3188b940768a9c7651b64ab8d68

SHA512
6e8e225a0d095e27164ece51c762100abcee171e05fbbb0523cae6ba61b013be6979e4d9d537d7ba23f6bfb7f4489d3a900bd72bdd466431eba52b95cc9e368c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE32E.tmp

Filesize
61KB

MD5
e56ec378251cd65923ad88c1e14d0b6e

SHA1
7f5d986e0a34dd81487f6439fb0446ffa52a712e

SHA256
32ccf567c07b62b6078cf03d097e21cbf7ef67a4ce312c9c34a47f865b3ad0a0

SHA512
2737a622ca45b532aebc202184b3e35cde8684e5296cb1f008e7831921be2895a43f952c1df88d33011a7b9586aafbd88483f6c134cb5e8e98c236f5abb5f3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE68D.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\BraveUpdate.exe

Filesize
171KB

MD5
c28374442463031194f33486b7356469

SHA1
1b70825f8b3220ed1c7f163c58c1939c072b1c53

SHA256
ce5bd20cda640b1e169cb35738f657e1d32683d47b8b462c52e4b0eeb2dffd08

SHA512
8001b930d9e332868bd0785b08147f084ab2c123d363fda012140e9796e3e766772c3b4822e8b2aaed323a96ca9edaa048ccb51d8da10429085576bfbf5c784d

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdate.dll

Filesize
1.1MB

MD5
e07febbe41cd974f625b540d2c28d7e1

SHA1
3465a298ab056eb2e8f983be754007ee164b4179

SHA256
5ed6cf4ea82881bc51c7193322b26b7ba7489d2d3b5602ad11faacb27ebbc021

SHA512
9584c19efe7cb3aa813e7b4972fc00e2e0730830d9a86a1f97bcd93d2060f14e2a058f49feb91d084664ccf2997e0f7e48c6efed4b1d46e0ac9cfcfb73fe9179

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_en.dll

Filesize
52KB

MD5
3f7828438e752ebab207ac3de881211e

SHA1
a6ff34980e2a860ed89e2cb54b5d75a6fd81754d

SHA256
4f3c30880fbf92adc4d81ccb78cde768459d0aef5592fbd1e026625cd260c3a7

SHA512
5d9534a735e8bc86781af04afd72346a49e85b4937ad6f7b980ebf4268a9dd0a18812ed4706aebbef9b3a7ef2dda343d4f9d33d4349870a3558bf3e7d9e88f7e

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUMC64B.tmp\goopdateres_en.dll

Filesize
52KB

MD5
3f7828438e752ebab207ac3de881211e

SHA1
a6ff34980e2a860ed89e2cb54b5d75a6fd81754d

SHA256
4f3c30880fbf92adc4d81ccb78cde768459d0aef5592fbd1e026625cd260c3a7

SHA512
5d9534a735e8bc86781af04afd72346a49e85b4937ad6f7b980ebf4268a9dd0a18812ed4706aebbef9b3a7ef2dda343d4f9d33d4349870a3558bf3e7d9e88f7e

Download Submit
memory/380-475-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/380-292-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/600-599-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/2372-81-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2372-474-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2944-546-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download