81f02f369d9dd21fa2fe172a0f61146149257c6027ef3f05350705eb11c65a97

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetup-BRV011.exe
Size

1.2MB
MD5

09466eb4a83e4e2b6d5591b001d688db
SHA1

c6eea55f47ae4ded081f40991b1b7db55172c2b8
SHA256

81f02f369d9dd21fa2fe172a0f61146149257c6027ef3f05350705eb11c65a97
SHA512

1979382e8d696d3ead95bbf03b5fbc6e61112d09e984976eba05e7e6987c638ff22553e86dcac88dd19e3331f28e8df8617c1b133509ae525bbb30dccdbe7dce
SSDEEP

24576:1PEvHbSfQ7WlvaQMWD2Q8VtHvHAo1I187MttFeujUThH/8KPj0Oe:mvHF7WlSQMWCTVtvAo1IO7aLwhf8iIL

Score

6^/10

persistence

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-TW.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ur.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_kn.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_iw.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_th.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sk.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ta.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_da.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ms.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\psuser.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdateComRegisterShellArm64.exe	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_lt.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ml.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_pt-BR.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_fr.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_te.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ml.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_hi.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_iw.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_te.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_gu.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser_64.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_es-419.dll	BraveBrowserSetup-BRV011.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ar.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_gu.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_it.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdateOnDemand.exe	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_es.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_nl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bn.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ko.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sr.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_uk.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_tr.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_am.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_de.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdate.exe	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_vi.dll	BraveBrowserSetup-BRV011.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUT17B7.tmp	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateCore.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_cs.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_lv.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_mr.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_no.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_vi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fa.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fil.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hr.dll	BraveUpdate.exe

Executes dropped EXE 15 IoCs

pid	Process
2392	BraveUpdate.exe
2984	BraveUpdate.exe
772	BraveUpdate.exe
1792	BraveUpdateComRegisterShell64.exe
1300	BraveUpdateComRegisterShell64.exe
1056	BraveUpdateComRegisterShell64.exe
1700	BraveUpdate.exe
308	BraveUpdate.exe
1796	BraveUpdate.exe
2940	BraveUpdate.exe
2004	BraveUpdate.exe
2244	BraveUpdateComRegisterShell64.exe
600	BraveUpdateComRegisterShell64.exe
696	BraveUpdateComRegisterShell64.exe
580	BraveUpdate.exe

Loads dropped DLL 49 IoCs

pid	Process
2952	BraveBrowserSetup-BRV011.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2984	BraveUpdate.exe
2984	BraveUpdate.exe
2984	BraveUpdate.exe
2392	BraveUpdate.exe
772	BraveUpdate.exe
772	BraveUpdate.exe
1792	BraveUpdateComRegisterShell64.exe
772	BraveUpdate.exe
772	BraveUpdate.exe
1300	BraveUpdateComRegisterShell64.exe
772	BraveUpdate.exe
772	BraveUpdate.exe
1056	BraveUpdateComRegisterShell64.exe
772	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
1700	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
308	BraveUpdate.exe
308	BraveUpdate.exe
308	BraveUpdate.exe
1796	BraveUpdate.exe
1796	BraveUpdate.exe
1796	BraveUpdate.exe
1796	BraveUpdate.exe
308	BraveUpdate.exe
1796	BraveUpdate.exe
2940	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2004	BraveUpdate.exe
2244	BraveUpdateComRegisterShell64.exe
2004	BraveUpdate.exe
600	BraveUpdateComRegisterShell64.exe
2004	BraveUpdate.exe
696	BraveUpdateComRegisterShell64.exe
2004	BraveUpdate.exe
2392	BraveUpdate.exe
580	BraveUpdate.exe
580	BraveUpdate.exe
580	BraveUpdate.exe

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods\ = "41"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\LocalServer32	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\LocalServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\ProxyStubClsid32\ = "{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32\ = "{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32\ = "{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\ = "Google Update Broker Class Factory"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateBroker.exe\""	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc\CurVer\ = "BraveSoftwareUpdate.OnDemandCOMClassSvc.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ = "ICoCreateAsyncStatus"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\Elevation	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32\ = "{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32\ = "{F2F621FF-E6E3-4FD7-B2FE-95C64FCA16D5}"	BraveUpdate.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2940	BraveUpdate.exe
2940	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe
2392	BraveUpdate.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2940	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe
Token: SeDebugPrivilege	2392	BraveUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2952 wrote to memory of 2392	2952	BraveBrowserSetup-BRV011.exe	28
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 2984	2392	BraveUpdate.exe	29
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 2392 wrote to memory of 772	2392	BraveUpdate.exe	30
PID 772 wrote to memory of 1792	772	BraveUpdate.exe	31
PID 772 wrote to memory of 1792	772	BraveUpdate.exe	31
PID 772 wrote to memory of 1792	772	BraveUpdate.exe	31
PID 772 wrote to memory of 1792	772	BraveUpdate.exe	31
PID 772 wrote to memory of 1300	772	BraveUpdate.exe	32
PID 772 wrote to memory of 1300	772	BraveUpdate.exe	32
PID 772 wrote to memory of 1300	772	BraveUpdate.exe	32
PID 772 wrote to memory of 1300	772	BraveUpdate.exe	32
PID 772 wrote to memory of 1056	772	BraveUpdate.exe	33
PID 772 wrote to memory of 1056	772	BraveUpdate.exe	33
PID 772 wrote to memory of 1056	772	BraveUpdate.exe	33
PID 772 wrote to memory of 1056	772	BraveUpdate.exe	33
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 1700	2392	BraveUpdate.exe	34
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 2392 wrote to memory of 308	2392	BraveUpdate.exe	35
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 1796 wrote to memory of 2940	1796	BraveUpdate.exe	38
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2392 wrote to memory of 2004	2392	BraveUpdate.exe	39
PID 2004 wrote to memory of 2244	2004	BraveUpdate.exe	40
PID 2004 wrote to memory of 2244	2004	BraveUpdate.exe	40
PID 2004 wrote to memory of 2244	2004	BraveUpdate.exe	40

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV011.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV011.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
  2⤵
  - Sets file execution options in registry
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:2984
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:772
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1792
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1300
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1056
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4MkFFRjVDMC1DQkVGLTQwQ0ItQTM2MS1ENEJENzM1ODU5MkR9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RDFGOTUyNTgtNzk0OS00NjA1LTgzQjgtRTYyNTgzRDU2ODg3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2NDAiLz48L2FwcD48L3JlcXVlc3Q-
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:1700
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{82AEF5C0-CBEF-40CB-A361-D4BD7358592D}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:308
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /unregserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:2244
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:600
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:696
- - C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdate.exe" /unregsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:580

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4MkFFRjVDMC1DQkVGLTQwQ0ItQTM2MS1ENEJENzM1ODU5MkR9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7REY3MjY1REUtNzBEOC00NUU5LUEzRjEtMjEyNjVBREVBODMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0NyIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTI0ODAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
81df4345eed08fa6f931cee52c2c08c6

SHA1
b26469e0474d04ffc6b8be461880e578fa73b0c8

SHA256
330cf2c0804d686af425bf6b2796e0bb4f35f9e673e1e27bbcb4f98e1f815f05

SHA512
b29c2aaa5fdd608c423ef67eb6eadb6441406714b8c78a4b6f0ebf2c1d3c0f9bc12cf1f2e3069d8a7f369544984adf82c6a7e0dba94b97c8397bf9ee08422ae3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveCrashHandler64.exe

Filesize
360KB

MD5
d01d5817a68555221d3bc68ffe5a34fb

SHA1
6c07bc4701f9d98d8d550a68f4ae35526dee62cb

SHA256
8bb4f5c1769948588183297359cae7e33f49f9b4995f9cfa75b1354797babcb8

SHA512
a072952b0f382ff3763aebe644ec7077926ecdf1d8bf24ab0a9ab2e468609cb57758e1a2c5ff394c561c0336cf8691e20791d83d6e6066d82cd66e77ab822b80

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveCrashHandlerArm64.exe

Filesize
355KB

MD5
3ef2eb28ce14a889409e8dcffbbc317a

SHA1
57c538c8137afd6294e926116f47f269a2f70224

SHA256
5ac765fb6d6114064874bf1c077b52fa431061262ef30c6c9c6e681878879c6a

SHA512
7640975569c4a58b547645e031a3e9ce7225e2eb1f69815de49151ae2ed134ba0696f5ed56658883422063bee42e301dc70dceb605ed712c3d699d1cd12ddec0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdateComRegisterShell64.exe

Filesize
162KB

MD5
3d40525c8829fc831303f4bd7b929101

SHA1
df41bbb2c2fd990be0253d4be96a04721e2f7b56

SHA256
2ec1ef334d63697e533431643d7219a40405083a19efc1a9405505370446b98e

SHA512
e3f5f96a1dc778092183388022b64b94186cf021762ff5d75ecb89826bc7276cb3b0818539977915d5a04776504c89f6a13424b3d91d1acabe7a0b746c8fb83c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
144KB

MD5
551dff5a555a1cee3736cd76f2371cd7

SHA1
839946fed246dc724d810d78dd30c8c75d8e2ac1

SHA256
f18fb26c8642fb99fd78ba54899ba0d0752ecc323cc8cd63c679dbaff9be65fd

SHA512
f61d3f432d9599fe8b69b4bc997873e2e9d1b5ad891bc4016418dc4db701d05b4f1f2bbd88092ab5b990ef508a899f1a3f67ba37800f9f6b07a7279558fcd741

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdateCore.exe

Filesize
194KB

MD5
4c3001794335f8a4fe7a85d049b56bb7

SHA1
dc41fd731e32fdc3227483dde73941c86bfe9fad

SHA256
3cb8b7cb98bb6b405195ff4d0755081049e74465fcb4fad2b8d8d1e0669290bf

SHA512
814b85cec58353029b0b4d10c300bfa41a25db0b9ff4008ddbf8a5ccb5590fe06b7938cf50bd0fd612c32d146e3dee8120a53ea57062b51a2a48655ee6345f26

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdate.dll

Filesize
1.0MB

MD5
971970ee815346f51f326143ff15db1e

SHA1
57166a99385a457eab32da7664664e9e4d619599

SHA256
06749379a7f4a693bf9d53b2d782340b03aa4fc32452af27de115f39c870de8c

SHA512
44f121841c13c4e05bcbb054a6fdc15879c7c3e1a4dc7e14621ee45765f06fadf2088615456fb5b87239606f833ced926e4574fa320e0881d300a5967830b5b5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_am.dll

Filesize
42KB

MD5
dca2049d6b3ad7a2989051a686b16828

SHA1
51d73f3f6e094a9527be48a85e1f9ad2e1b50956

SHA256
38753ff02fc9d0e714872eb459b1c1b4d4fa1149b568289d070b17ad55cbd853

SHA512
1a4e47f2b416577244a89866d540c3565ab6aa40b3abda6bebf0e78c91df1f6d4f17f04bf3e0abd8300abfc6e9c35b4294b1e400aa94d1fdbd087aa95418ede2

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
ad8512d7ee10941d944b22931b42c777

SHA1
0d584db901e591d4ebd9f26ef0afa2fd591d8e05

SHA256
ea84b2a3ecee5078bded35d142e89c3c6e3d6c115fdb691891700e2e9a312b6f

SHA512
cffd11941b42e7caf9881faccfcf9d39c3d1bf37e873c6119e2786fd201d97dea43312045c4edfb07b01173e8fcfa2ed24077f946a7549ad4a521d6b4e13e9f9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
35a38d2169ef8d3a57cddc2acddec40d

SHA1
d54e590f0f4d7c8c4825916ee1e7461e8793780d

SHA256
deda59af5a00ab7e3417020a7786d9e59530442258a74492e8447b8169eba7f6

SHA512
419eeb76df70c460f15635e2bca62dcdebd3b0a4c081bbdd50af2ae41eaf3f3f4feed2fbf3d70f24970f1791f34252cabaf5e36c88b2bf667135a212aeee1afe

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
0e8e81583176d33e5eddc5e4bcbc43b6

SHA1
72b57ef58421a53b9cb9e0678301d2e3adb9dc01

SHA256
6ce51f13f1f17667c0b39de93dde7a0954e9dd27a29d63c40d3c93c4a5a56773

SHA512
08dcd98a2dc7da53730aecf5ecd1de70ed2fbe8437363bca2ca61d4121d5eccaf56a1c5f49adc566bd94b5e40a650e5847d943d9f7a9a77ffd1ec94905cfca91

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
3f773a6a76107254f85b201773eef3a3

SHA1
5793c8cb5091bd30daf1fe12f2eade58367248e9

SHA256
be22998415b62d0d8985e94fc242b4e718465f877f04b1c4f77e734126328a87

SHA512
b1fb70f0224f6aca9eb4ae80092a2cc9c5f27daa17d06a8c3db03fb44231dbde02e5fb49ad13876296ee22e3e629c35d366ef5546777a844dfc209b69d13b63a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
13dbd83241bc3c7ede4c665eb67e054a

SHA1
786b1176936f7944d0595f381ceea06b2096462b

SHA256
b26d95c2da3efeab8083afb0836104cda3284e12f73bf32a29e1a981311b52d1

SHA512
7eba12d7d757bba77eb8187891b331e468ef24597a1b8a08b584ff39db77d33e95fd1838e1d997cc49c346c16a786334a1a4e9c3f5918434c181e852d407d0fc

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_da.dll

Filesize
43KB

MD5
11a3ff33e82546e777e8e4db9125e6ee

SHA1
9b4ac558525355b9c075ba37ca642c4899367160

SHA256
c5b58d94be5ed2f5895af622955fd347ec16c59fc3a78f55a06723ec874262f0

SHA512
2c8212580132f819a5cb0a640fa42b4ea1e254fab41994f21e5e0e5f686e5d578d5e90e69b4020ef8772dde732c59ee256febdb3679cd1daed4614a3c09ec1a3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_de.dll

Filesize
45KB

MD5
0d438dfa3b76f1de8a24aceb78be800c

SHA1
a9260788f15dd3f404d333c36f32fa89e7d3156c

SHA256
f8b75cb5390be39b38e1a1fa0a80123e0df05d339314f166dd7afc7a4ac5abe8

SHA512
9d9e56ddb2d6ae497bf521f90e94d8bd1c3223a1ae4e2032a2679ac727850bd4fc0557fa49f9d0ccfbe2676209030f999097013aa7ebe5cf1e44cf02cd2ffae9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_el.dll

Filesize
44KB

MD5
4fddb1be54b7e13b73ee2e87a092d7aa

SHA1
287461b98d2670fe0bafdab83a2a6d7686b8eb5e

SHA256
c807f007bc337f45c4bb2018b8fccfaf70740a8235fd17b98969ace0ff70acb6

SHA512
98e35f602aed77d62826706250a9c1ebf08a74426551d4d8c878b0e5d9121dabe0740732135e5e833369b6f139b80bcbdfc080a694caf7ea5be417478f4ef219

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
f4dee9666f35445257226462098243c1

SHA1
0dc2a7a48929c9aa5b0c65c78b932285e0160f24

SHA256
86f5a02e45701ef09e61a6623ee00a59582243aa5d937d91b22c6745130f81dd

SHA512
8f62a305af44fa5a3031aa144bb6c0e86b57d92c9aa166ff5e1e4e0b0a93bf1bed26ed42c74fe215ef6fd0bd3827a214ae1ff5e387ce51d6f311ff143d2be6d0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_en.dll

Filesize
42KB

MD5
68369a61a806b90a9d6d7a33566bf7f7

SHA1
ee48c5a2b638c0c15fd978e096b305b00d9c8636

SHA256
1189be36c9af05b73bc2a6669629f63e93d35bb8c7947f2d4266eebd3f7a06b6

SHA512
da41302ae19c8a609a14afc45c5f8838d138c8fc2f15c3065436b30518f8c9907ac468e6d10aab10c95674896eb2007d0176eab65dd7a64d55f9bff4d3cecf55

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
b12605ee56864e9f185d3819c88278b3

SHA1
bf92f9c39ecfb78051f43c94574b7985c029076c

SHA256
3069760e4224aff954ccf03cb917d6c44a3662bdff6e74a519373aea675b604b

SHA512
d445c31e963f512a4ad079a8180192cc69f13f0f503113236b06984285d2fccd9ff5c5a125b941389a5ed505106cd6ea384b1e467e64375f2e65154df8e73a0b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_es.dll

Filesize
45KB

MD5
f73ffb3561c355dcb4acbc494f77d562

SHA1
74bb856c0cdaba68a3175979b8a30c76c3fc88c9

SHA256
f61835e4ac0f0c1fa78d3e7e1467023f58de4ea136ad7823e24e293cefb5be36

SHA512
35993f2a98dc8594ef9b5bd5a3295dd94666b61ccea97409e37b762156ae74f39a919588267defb78ce959cf14cd87a60e885d79fd783708db6b8bfe38298039

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_et.dll

Filesize
42KB

MD5
4fb9164fa9c2f41a04fd78492724e4b3

SHA1
8f68949e9d484de40a7dd9d4ad088e40fc42664d

SHA256
4e83918abf80c81e1b1a0208254f4ef0d6f5f0b10dbfb56b1b2ce665516e72d9

SHA512
970d3d2c323e716b39e8556cc01720aff20163d11479269c289d75c25da7547898a60a28c806d0a8f61a49cd0a6ad421dc2494ec1cd4bb77f0bd7ed0e3ac5264

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
948f088648139bf4bf2c570f01206911

SHA1
79a3e5a437ca947a370cbedc69ea5548e256717d

SHA256
e4e718075ac8ecacea62350f77f994bc8cbc6b2ae9bc91228d7a0f8d80456e30

SHA512
c91b4d6fb7eeb818848880f598e9b3f1ac03715d06f722eba8c4052a32421c1c4b29608b7cc1e54397ebf82eb1c6400fbf377035e466d1e44471fdc1521c498c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
3c90b1a2e41c3d54ca92c6548675a5cf

SHA1
87731fda16821f00c08a13d62e6bc53c8db4016f

SHA256
90d228740e44fae1db65544a44b65ac51280f2a40612c416d34f74ae0c1b1c84

SHA512
f19c6184876ecc98fe985fa77f64ed3c3846eedd4f5ff5fe26995eb85e505c04b386f857c9b173ca5a1599546455bd879cfbf1b6e918e3988485e55cf9394339

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
a13212077364d2fe966f668146992f3e

SHA1
561dc6e47cfb0dbac3ba28fedf11a3e72ddc17fc

SHA256
a3d50bb248b4eebc4264a3d4dd3bbbd5e2d7cdd394231c4e38bbf4adf70da944

SHA512
fb66660b0c0250cc7de6d944f26c4478c62d0948cdfa5df93df59c6326a32f2622585d483c047c3229a587090043dc327584653a41cbcfb1c5f576a7c5df8ecb

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
66abbdf574c925a69b8b291e6a8d024e

SHA1
28581f7d0afd304a9b7616380620257dfbfd62de

SHA256
d47a9a2878bc1fc09daf2264391c40bf4b80fd2ece1a89f0aeed68e813b4ffdd

SHA512
b75d506a6e241059e03adba395aada7085f0e7212f58edca1ed0478786183fe271a77afae1a707e5072ae39e325deb83fe1c2032662e3c84e6006918dae7255e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
f2fe9f0cf46f930ca212f9218fe3e757

SHA1
f4eb6c5dd9eb43f1100388c4b5a1bcada8877147

SHA256
c90851e349f61f72ca3d5e3519e87d7283a0c13b42067d7393439a379fd846c7

SHA512
dfeef9d45bfdf8058be300c376242f6be516506bc806454c77127ea315c5e01ff6e6a62b41077212b5983ed7054391e78ee46e6a401433b777d00f5c8e1656f7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
4f28c49284a89515017e1886c25761c5

SHA1
7df4c3178329e7e4fd50c31d68e2a4b846d42eed

SHA256
aeaaca2935f5cb91cf4e88a8a061dc0ebc6f2327a35601bb581fd484d42ed373

SHA512
85cd5b27e3e77e4714be352c03dd83dabfe11b7f784a49c5765b86618864d01260e8f888190d6a3947dcb13d36a55c05cfd85888c9a01f4405b357a5054c26a7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
7677bbbfeca4d0425cb9197f6df2e523

SHA1
8ea2a716f8b6ce1ae26e8915b35ff7ba574dd51b

SHA256
d931dae0a6e0357e4c7d4e510dd01464085f87e79787bd03fcd2fcf3264e89b3

SHA512
d20cc256c254974a16756268f9fa51788408cef5d454b04570a0e92a2464302a0e6e7271d68a1e7d1e8f44cbc24b0d71ede0ff3d03b775df553f71d4ef280bd8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
9ad57f770589e504d790051e05d2ff9b

SHA1
51eddf9201a447f210e711a62ad1089db59546ae

SHA256
eecc2defcebc562832b7121558f736d516cdcb5559f4facf6edce9ffe6ad6fea

SHA512
dd867fa3beadf15422a980c887d89f1548cdf083842706842c64f3aaf90142fcc7524339555c6f5c215520acc5c005cc24522b14bbeed2882e1e941558be4541

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_id.dll

Filesize
42KB

MD5
1764ddf213cbca666d02618ef184c380

SHA1
91e238823a2b659bd1b528db213b866a3eafd10f

SHA256
2ee0ae70951439013155e7dfb859c34b7f4d2eaca1de2c895588890e9c873cb6

SHA512
56ed6a21a6e7e2212c5a5a90b66d6f57cb60b6c6a2c1d64b161484137cddae881990b5938ba923c4dbcc8a90a9eb8887487cac2f528160f88c2bcf0a2c2c5981

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_is.dll

Filesize
42KB

MD5
0cb142072770549e4797721875fbe5b4

SHA1
06531370baa4900d7ae16de667bd1b028835f06a

SHA256
f0763df368166f7f974f063a5f4941137741c6b01317a1258f4b9bdba0891975

SHA512
4ae3c674ccc4227885c67dc79d16c0f897379afeed9f939352dded8c374fae3e1ac54d0bea45806b520494deaa68c87252c00079f0addf9a924f56559eb98b38

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_it.dll

Filesize
44KB

MD5
82d463a796e4de2e858a55ddd73e5d70

SHA1
a8d96d6dba2455f4bbd337e5dd6def8836b6bb3d

SHA256
f1c496e7fc99e160c2e5b6041ab54d8d03b07922483e4ce65211f89d9b484b13

SHA512
07e8c893a586345757a53ee971737e8080c7d9481e1920d4b1e963ea517330bc937f659b7ae50e86ed4fa9f82e1ebfadddba161442d550f5448841520e5e1741

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
56990b8123257456be6bef93f11629d7

SHA1
be5dc1665417be2e9c1b9338e873693986e88316

SHA256
41c4d754faaaaac2a596a6f8551206c0d2349d4123f1a2c572829ab416eb1cb9

SHA512
13da9472ef6850dcc3895358b7fc0476d37936bdb1192b5ee87ba5c71e8f1e0c5630221b82b1aed9510eb9cb5a6805f05ce4b856dcd513a87fc5ee118079b8f9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
2576564d832f53cb963e364b437805c8

SHA1
43df9e41957928268e90d78142f16817216cb9d4

SHA256
c564ed485637be8169fba4624ec44122e4e11efa82c534ed79de4e47f34fb103

SHA512
4811871204e45e6980111891808beda8569c55dfe4db0fb6beced5b43d53b595ff65f1305c5ea95ddfa4d35a857e33c0677b405f85d1ae5822bee2fc64a1cd59

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
febaa46423d916b177e134bc13805067

SHA1
075cf0280abb023bc4f02567dd93f2b4698adc8d

SHA256
724ddd7acd3e2b8d9f2f10cef39b874be82d3aeba343e09150d666bdf2c0575e

SHA512
3d907c58bb40147f15cecf17ff12096129ad6aa555b9d6d8ed456ffd043224d0ec665c24afc8bcbfe0e4fda5f8569efb5e9b096eaf3796dc010f0e4fd71359ca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
2f029edb9f4a5075d42df4ce554f5dbc

SHA1
c8ef2ee568bf9497f2354f26508afbc0be42b8db

SHA256
c33f8fadc27d37a4b1dc070175ad9a9b32789cbca82666fd3a15b5731bc97110

SHA512
d43dfb4d6fbc2e5d1a670b73bf9c59bf1800d8bc98e2eb28a92a29b639cb1d677d6065f1b3cc69e9f3345abcba2c74c069682692d63e51f1eb8a675b1d5f1c84

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
6fd161a970cda09da67e5297d17f3660

SHA1
8e15bde3c81625d77f2689601425bcec39c3bde8

SHA256
2a96da526cae223d6ed54cea62cdbba2534f61c343bbfc14788b0830c87665b0

SHA512
6c5a50426a203d210c0fa16fb8327f56a4196f2e68ceee67291fad38ebb56b37b51c03f4f9dae406d4639f6cd2dfcfa829a1630790c9db0724b387407b4d219b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
da7bf9d5651b30c14ab6f335e1611d7d

SHA1
7b77a4add740b256dfe38f987d8ec82c775c16b5

SHA256
0535ce5d9377d6b62d58bd85ade29a4e10e5814c6e55fc417a6878d30c93175b

SHA512
a33179103efff1f2e71259caa3ef29766ff3d80cde00b316b8a6d9d5e5fa319c74573f0df8c2546815d5add6d27df135d9d9936275b475094c87b46b2f18ff42

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
a49c5ae2fe638e6d3cdb92ef8ba3865d

SHA1
51b78ed31f42544af7ac161ffaaf651b178cfd4c

SHA256
9206dd9b40e49f3746ed15d570563ad93a35815653c6674c37dec62ec88f53fe

SHA512
5b8f68a82b62e0d89351fa041a85bdd419242b0ec3f8c095bd833989406e00308b89023e2c409ccbaaee8403a0b400abfc7efc06b12a6d64fed09f3ecaf4e8e6

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
874f93e12f4bfb7f7416c0a362af7b3c

SHA1
16b4991bbe2f5afcce799ec5bbe59fd720645b0d

SHA256
703c495b6bb7d794b56675e5face7218d41ae6de9428a9e8613bf2375acab433

SHA512
3cb9120523b892f6bb92df433ab59d679998682bed496de0e9fe376b19eeba3d825eb88d0f6739c95309f848688eca70cb0f6d75e29d6f77dbf1285e9c793d46

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
ccc9d45bbb2d906b9e23350a5b2e68ba

SHA1
3775f28224dbe117a35ae0306ebf45fce4364876

SHA256
8767539b0d74c7b27f6dc5a61e39064688c29cd736e6d49fa5d3719f9d966168

SHA512
d78831d25927a77e4d75b870a47c4cbd46f0fb50d7754b71e4544fd2365f7b9ae27b956bdcce4380d421a217ebd0b5aa95502fe434c610c51f5535d2da6cbaa7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
44463b62c55fd50d4d0accc127992f0e

SHA1
82e0e57c7cbfb1ec726e5bd10ef6d7bd84f4e828

SHA256
3058d34b1de742954bbd87cd9f7f608cc8feb3c2356338ebcbecc8b7aa3a6b7a

SHA512
2226c8e3eb2d97f7e4e43e6ab65edf3700bddf2edacba5cebb041d09db8daa3e03cf48b847120288d1ae5ce3422b274bca900e4c96aaf1d084e0e04b2e8452a0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_no.dll

Filesize
43KB

MD5
5ce4fe1faadb693e516b5cbfbcf4646f

SHA1
e0f901d67c0d2746680b1c224b582746ce110bd2

SHA256
6a50cd05a9aafe6aa12815c4e48da4351b85a6e8aea248052f6031c53e6987ed

SHA512
6e116fdc9dda057e3bf7408e819364abe92c373f80117e6a26ca6b45eb4c2644ba9866d4d3a78e614d752c326077ffb0d06ec7dd6bcc896b22a5cf59ef627d04

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
0aeec637b9400c189e54f62462991580

SHA1
e68830c9efeb6d43f3d52d5bc1e8abe795b98e17

SHA256
922372e4ce849bf51c2e0a7ff6cea7543ca593bcc5d3bbf7df456cfaba098011

SHA512
b98cde4baf06cfad55ea7a17e6cd564853c0fea158fdce4283d877465bc4d9d7dc0f8622b8c3feda6a1f23569b9db627717a6e9d4f1f60a60aebe016a301a6ef

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
212dbf84e4ae54900bc86b7fb958a917

SHA1
8073de946beb19571bb09bb62689e9737e03df71

SHA256
7c46d46cfb269909dbd417ec4876d8c3875bb9d868eac12dcdcb1a018c8f308b

SHA512
acc5c2ffe2d070c5b7e2d90d79b277b1db346bbaddc7d2babf7676cc4eb3e7a32100d018b297a072b682d97bcdf33e815303685917ec35737bdda37c8ba35e81

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_pt-PT.dll

Filesize
43KB

MD5
1838ab6a7f9fdf08132f2be1dbcf6983

SHA1
6fbdba495da529965f8e80d84b2705943504ea40

SHA256
0273eab419be3dfaa3f4b84e8b4d3a1926626a3381aa6c0bf641a915c31bc1f3

SHA512
5be936905045abd28dfcf73597a3c1e542da0a3593e63a62cf3e96d59dba937197bc7c320adc595e590b85b754d5711304ae56f6334f8ab58889c5e3cb517d7a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ro.dll

Filesize
43KB

MD5
844350d37a57f3c81a5a578c88a12df8

SHA1
a474371accee08c13413e37b5786d6a44bb675fd

SHA256
b870f9ebd3a133ea8633dea5b4bb8cff5a1640f4bddd425d0464b9d2d181608c

SHA512
1bfa62d51612870a41c331e0d98a6ff9f67b49d6ae6e3171b02553209d8af9e4765a15c557b9e802cc2400fdd5e335e64f672387dfde554357924c34791e03f6

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ru.dll

Filesize
42KB

MD5
4cad72807016afc3eb5a7e428d6297fa

SHA1
92a23e82a2f6de6ce3fc5a51a3fc61ed84567fee

SHA256
b19a8178b4b77454ca6c3e428ec3f2086ebad0b65def1961b3178ca41c518b2c

SHA512
a18a0ca8b3b94b45b83ce97a42f3a7aafd0d290e56d409e844e674a76514c66803a353e76f3c9e72ffe99be201d765beb6d3330c07d509a11ce9d50c4929e572

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
596d871d3de703dd1fd04505b21dde74

SHA1
9850f4df883b1bc74ccf57dbeb2024972020a824

SHA256
b7c4fa93b241dbbe9bb339a2352061fb5b011af107a8fc5fbdf93132ee8b74b2

SHA512
8389b417ec278719e5c07138fcf69f3110b0729d4953b7675e50dfda49ac95d315ac27c54eb3f6cae83c86e9545b086b280a1adb58adf477dbedebb3a80e48ba

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sl.dll

Filesize
43KB

MD5
5a799190750d959e02ad6c31c411ad49

SHA1
dee89f2432c6964338549773d2f7681df3d28efe

SHA256
bf1f35aefb7222ed6cf2f758deaf36a373a0cc6426b1425e4d5beabf921f86ef

SHA512
6937a38331f785533fdb7210c4f946fe6fe71b9f694cb0a9d95c8febca56fef7f37642a2ccf1b815d00f0cd56eccbe1153884db871c194dee79004ab4d3b7f09

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
4cfc2d54a57d7eb74e362115aa9898ba

SHA1
4a9523326f14c29127febcb081bbb420395bf234

SHA256
b886a3aa87afdfbc0e4044fc86d80747df4c4ad823d6f20e2a0dc69b2ade58e5

SHA512
d8a676fe742c716010c775789ec7d5bddcb9831a8dbebe5a78a7a0472ffa7a9a6e33f9a72cd7e39e7395ce9006e65edc2006036a6c5f45aa1ef6b5719ccdceac

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
137fecbc804b82c7066af01e86dd9118

SHA1
600be1f8c8da024e450350af5ba15df15423f24d

SHA256
d0fb0bbd1aba645376a28ff5a8ab64e1e4b37045219893227108826097e7a079

SHA512
98cb6a0a16b88817951190b2da13cf1e2a9d6f9c79606fe39d7a6d8096651b2ececcc37fd65f59b41273212d39114268254544e72ca53141ef14c4d3dbf58fe9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_sw.dll

Filesize
44KB

MD5
b3a36e5db2d295bfd93988e6d7bb3597

SHA1
9d3dbae67553df4987c097fd52dc1b6f9e683f81

SHA256
4d4738a611c28e534ef1ccfcc4caab988138a9b41405ab7d8c0f9f8d738f9e86

SHA512
9f1a6afd85b4070908203d1e77b00338f86cd10f0958784e77f23a10e2cc865c4e3131590f8b50fd7870aadf9d736638cbd1d1fb4707f7926481c862fa7c9cbd

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
ea4184c04128028a43c1fb93e0e57993

SHA1
4debdeca508a27634ef1dade2d756629e40364f0

SHA256
4a44a6198ecc2f86f83c7a30323e605d9c4ec1f06fbd7881a86ba229a8627a81

SHA512
6c28a4c5b8dd61ae675db23ad6c25562f83cbb16b7a9c1000669fbcb6c4b1a4ee76718fbc3a641b6ecd2c861feaa86c6494387ff2595e60aa628860c6f7771c7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_te.dll

Filesize
44KB

MD5
62736b451c8fb14c927190bd7d64ccc3

SHA1
47d5296edd731ee4eb6c54918856440b52c163bb

SHA256
bc542329d0f85f0c2712bc0df5e361126d85a15fb46b6ce65b26ec9fb663c815

SHA512
247a2090bbb1bd7341d4213eb0bd2bbdac1ad9182acdd21c96e2fa74f398688ab125313251e27633295ecb9f96e13b29c80325578a22c102111c67d0517a6e02

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_th.dll

Filesize
42KB

MD5
9685e2fc0d400e4b826105784a18d87b

SHA1
8cc1757015edfaf93be41ae6c2ca26dcfe0963ea

SHA256
2bd40d5b193fdb03fb76a7e720bf9684c776a90f81079872ef63c88e55e03651

SHA512
a561858be3281fd06025edc4467a047f2764c6188dbfc98037efd0e072b29a3c91e1a7ed72acaa3037a73f78d77ee3b69b2935eb5a4ca54e7619f3080d96ad34

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
d3b8bf5b72462312361be5aa1d3540d9

SHA1
95c00e861ea2b7b1a7d572f88f4ca3287ac2a048

SHA256
6a1ae2a4ee8a17d8db7637d64748d180d36ac60282917efb04dec7a75b02db01

SHA512
45b08697b4748eea8a76561acaac20e67bd948b2ecdd23ec37360fbf11bc614aa9cf42a5276124f797277454db7210f9c792a27c426a2fecf5786ced7b083066

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
1387b3a5a0ec86977cc0aa0d6b41b479

SHA1
a6fbb3d4e77f8f2a0568c0bedfa21f60352373d2

SHA256
da345e0499507d053616fd0c81429b1bd16f169d5388815cbedc7d3d1d59127e

SHA512
ded0ad1c0d8fb6351b97187937f69f266359731be13cf8ebd1573afb1f4dd17a5cd3872c98dbec138ba1b5cb59db6e0abed2214a58e17fbad49967b5b671140a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5863c3146259a2e87e66c3bc9a5179e2

SHA1
f61109216bdb23ec16de899d0b8c816fb3e0558b

SHA256
3a9eca8804d3aefd5c08732b1955d2c3d32d402b307a8f6dd671ef76cf8c55b3

SHA512
ee9117955438c1db8f23ba31e2be026058c337401e2b33035a575b7b3264ac9e971aeb2f792cd1fd8e6b543532bec0498ff229bee6e3569853022c9afa4773da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar289F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM17B6.tmp\BraveUpdate.exe

Filesize
162KB

MD5
56130b4cc8a81982445c2bdfeb9fc6c8

SHA1
f4fe08a2f48d0c038443e3917fa3111976335f23

SHA256
0eb2f9cc90d65f4ea4bfec32f4dce6be9e0e24b342ea9e9f9cd9005c9fa90b00

SHA512
aad1a9396f3f9545d27767881bb189157ce7c3d50fda1c44d848b17b1a8c21bfc6795337b7ada36d974d76b1da298df8838f0a7d1b077c29e9366a7003918d96

Download Submit
memory/308-296-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2392-84-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download