31e9539c07c2cdd18cf9ac5beb00b73135847e7b648701d58bd8817ec80dad59

Analysis

max time kernel
71s
max time network
71s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetup-BRV029.exe
Size

1.2MB
MD5

3db83cbedbc8f154d7db3f275d0e57e2
SHA1

ce309d3bf5df4447684d13656625490a0dda05f8
SHA256

31e9539c07c2cdd18cf9ac5beb00b73135847e7b648701d58bd8817ec80dad59
SHA512

503831593ed41a7b0b5df08c26e594b575a924587d2aa694703a13b2715df4a2fcda681f58a4d49a0d58422f47b41539d5b08e6c44acb43db94a798fdc5eb460
SSDEEP

24576:dPEvHbsVRPU5c9EgBzlcQ/To7uyJZJKjvGV/OA:+vHYvc5c9EUzlh/M7uyDJKSh9

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.110\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

BraveUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

brave.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exeBraveUpdate.exebrave_installer-x64.exesetup.exechrmstp.exeBraveUpdate.exe

description	ioc	process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\es-419.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\ms.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ur.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_vi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\brave.exe.sig	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\cs.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\mojo_core.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\mr\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ca.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\chrome.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sr.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_it.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\chrome_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\zh_TW\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\sl\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ms.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\sv.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\pl\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\sw\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe	brave_installer-x64.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\chrome_200_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\te\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\brave_100_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hu.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\chrome_wer.dll	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_iw.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\fa.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\bg\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\th.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sw.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\brave_vpn_helper.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\sl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\zh_CN\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_cs.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_te.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\es.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\pt-BR.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\bdd69506-c8b6-48fa-a846-ac62bbdcff96.tmp	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\b68714c8-d7f8-4559-a63c-d5cd4def56a2.tmp	chrmstp.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hr.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\chrome_pwa_launcher.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\libEGL.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\hr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\tr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\fil\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ja.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\bn.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\resources\brave_extension\_locales\sk\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\vulkan-1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\guiB930.tmp	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\ja.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3264_810706536\Chrome-bin\125.1.66.110\Locales\nl.pak	setup.exe

Drops file in Windows directory 64 IoCs

Processes:

BraveBrowserSetup-BRV029.exebrave.exesetup.exechrmstp.exesetup.exe

description	ioc	process
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateCore.exe	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1123287582\7994e94d-53fc-49c9-bec0-fc712821470b.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\scripts\brave_rewards\publisher\github\githubBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_2089020320\list.txt	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ca.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_es.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\scripts\brave_talk\confabs\oneOnOneMeetings.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\gordon-ross-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_cs.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_te.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\localhost-permission-allow-list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\StudentNTP_John-Ng_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_2089020320\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1783413437\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_558828294\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_en.dll	BraveBrowserSetup-BRV029.exe
File opened for modification	C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_572393133\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_558828294\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\StudentNTP_Ben-McCarty_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateBroker.exe	BraveBrowserSetup-BRV029.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5008_2085668131\extension_1_0_56.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\spencer-moore-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_no.dll	BraveBrowserSetup-BRV029.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_2089020320\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\nadeem-choudhary-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateOnDemand.exe	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\psmachine_arm64.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_iw.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ta.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\scripts\brave_rewards\publisher\youtube\youtubeAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\nabil-george.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1123287582\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ar.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_150417936\resources.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\aleks-eva-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdate.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\scripts\brave_rewards\publisher\twitter\twitterAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1783413437\crl-set	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5008_1128979477\extension_1_0_5870.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\StudentNTP_Alyssa-Skala_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\carla-gomez-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\StudentNTP_Aurora-Tennant_x1140.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_uk.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1123287582\6572bf1b-8014-4db1-8a98-7d055f44fb1d.png	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_18869233\regional_catalog.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\StudentNTP_Erin-Gottschalk_v2_x1295.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1362999753\kkjipiepeooghlclkedllogndmohhnhi	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_lt.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sr.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sv.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_zh-CN.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5008_1559818350\extension_1_0_100.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1033642045\spencer-moore-3.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sw.dll	BraveBrowserSetup-BRV029.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\1\https-upgrade-exceptions-list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_572393133\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM5B8E.tmp\psmachine.dll	BraveBrowserSetup-BRV029.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5008_1385850638\extension_1_0_14.crx	brave.exe

Executes dropped EXE 44 IoCs

Processes:

BraveUpdate.exeBraveUpdate.exeBraveUpdate.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave_installer-x64.exesetup.exesetup.exesetup.exesetup.exeBraveUpdate.exeBraveUpdateOnDemand.exeBraveUpdate.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exechrmstp.exechrmstp.exechrmstp.exechrmstp.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exe

pid	process
3444	BraveUpdate.exe
2100	BraveUpdate.exe
1436	BraveUpdate.exe
4324	BraveUpdateComRegisterShell64.exe
4456	BraveUpdateComRegisterShell64.exe
1508	BraveUpdateComRegisterShell64.exe
1604	BraveUpdate.exe
4728	BraveUpdate.exe
4936	BraveUpdate.exe
2044	brave_installer-x64.exe
3264	setup.exe
872	setup.exe
2344	setup.exe
2816	setup.exe
2008	BraveUpdate.exe
2028	BraveUpdateOnDemand.exe
2812	BraveUpdate.exe
5008	brave.exe
1480	brave.exe
2168	brave.exe
4332	brave.exe
2016	brave.exe
4992	brave.exe
2856	brave.exe
2888	brave.exe
2356	brave.exe
1860	brave.exe
1692	brave.exe
3844	brave.exe
4176	brave.exe
2492	brave.exe
1884	brave.exe
5524	brave.exe
224	chrmstp.exe
5560	chrmstp.exe
5636	chrmstp.exe
5684	chrmstp.exe
5992	brave.exe
2096	brave.exe
3372	brave.exe
4704	brave.exe
3580	brave.exe
5200	brave.exe
5336	brave.exe

Loads dropped DLL 64 IoCs

Processes:

BraveUpdate.exeBraveUpdate.exeBraveUpdate.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exebrave.exe

pid	process
3444	BraveUpdate.exe
2100	BraveUpdate.exe
1436	BraveUpdate.exe
4324	BraveUpdateComRegisterShell64.exe
1436	BraveUpdate.exe
4456	BraveUpdateComRegisterShell64.exe
1436	BraveUpdate.exe
1508	BraveUpdateComRegisterShell64.exe
1436	BraveUpdate.exe
1604	BraveUpdate.exe
4728	BraveUpdate.exe
4936	BraveUpdate.exe
4936	BraveUpdate.exe
4728	BraveUpdate.exe
2008	BraveUpdate.exe
2812	BraveUpdate.exe
2812	BraveUpdate.exe
5008	brave.exe
1480	brave.exe
5008	brave.exe
2168	brave.exe
2168	brave.exe
4332	brave.exe
2168	brave.exe
2168	brave.exe
2168	brave.exe
4332	brave.exe
2016	brave.exe
2016	brave.exe
2168	brave.exe
2168	brave.exe
2168	brave.exe
4992	brave.exe
2856	brave.exe
4992	brave.exe
2856	brave.exe
2888	brave.exe
2356	brave.exe
2888	brave.exe
2356	brave.exe
1860	brave.exe
1692	brave.exe
1860	brave.exe
1692	brave.exe
3844	brave.exe
3844	brave.exe
4176	brave.exe
4176	brave.exe
2492	brave.exe
1884	brave.exe
2492	brave.exe
1884	brave.exe
5524	brave.exe
5524	brave.exe
5992	brave.exe
5992	brave.exe
2096	brave.exe
2096	brave.exe
3372	brave.exe
3372	brave.exe
4704	brave.exe
3580	brave.exe
4704	brave.exe
3580	brave.exe

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

BraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exeBraveUpdateComRegisterShell64.exesetup.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.110\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.110\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

brave.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe

Modifies data under HKEY_USERS 9 IoCs

Processes:

brave.exesvchost.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607769750014163"	brave.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\NGC	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe

Modifies registry class 64 IoCs

Processes:

BraveUpdateComRegisterShell64.exeBraveUpdate.exeBraveUpdateComRegisterShell64.exesetup.exeBraveUpdateComRegisterShell64.exeBraveUpdate.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}\ = "PSFactoryBuffer"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\goopdate.dll,-1004"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\TypeLib\ = "{F396861E-0C8E-4C71-8256-2FAE6D759CE9}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{576B31AF-6369-4B6B-8560-E4B203A97A8B}\LocalService = "BraveElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{CC163239-EA31-458A-A7F2-DAF3C74D6596}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods\ = "17"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{CC163239-EA31-458A-A7F2-DAF3C74D6596}"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ = "Google Update Core Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ = "Google Update Legacy On Demand"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID\ = "BraveSoftwareUpdate.CoreClass.1"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{CC163239-EA31-458A-A7F2-DAF3C74D6596}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ = "ICredentialDialog"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0\CLSID\ = "{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\VersionIndependentProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\BraveHTML	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateOnDemand.exe\""	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine.1.0\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ = "IAppWeb"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\ = "Google Update Broker Class Factory"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine.1.0\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC163239-EA31-458A-A7F2-DAF3C74D6596}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine\CurVer\ = "BraveSoftwareUpdate.OnDemandCOMClassMachine.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateBroker.exe\""	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\AppID = "{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateOnDemand.exe\""	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\Application\ApplicationIcon = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32\ = "{CC163239-EA31-458A-A7F2-DAF3C74D6596}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{CC163239-EA31-458A-A7F2-DAF3C74D6596}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1\CLSID	BraveUpdate.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

BraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave.exe

pid	process
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
4728	BraveUpdate.exe
4728	BraveUpdate.exe
2008	BraveUpdate.exe
2008	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
3444	BraveUpdate.exe
5008	brave.exe
5008	brave.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

brave.exe

pid process

5008 brave.exe
5008 brave.exe
5008 brave.exe
5008 brave.exe

pid	process
5008	brave.exe
5008	brave.exe
5008	brave.exe
5008	brave.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

Processes:

BraveUpdate.exebrave_installer-x64.exeBraveUpdate.exeBraveUpdate.exebrave.exe

description	pid	process
Token: SeDebugPrivilege	3444	BraveUpdate.exe
Token: SeDebugPrivilege	3444	BraveUpdate.exe
Token: SeDebugPrivilege	3444	BraveUpdate.exe
Token: SeDebugPrivilege	3444	BraveUpdate.exe
Token: 33	2044	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	2044	brave_installer-x64.exe
Token: SeDebugPrivilege	4728	BraveUpdate.exe
Token: SeDebugPrivilege	2008	BraveUpdate.exe
Token: SeDebugPrivilege	3444	BraveUpdate.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe
Token: SeShutdownPrivilege	5008	brave.exe
Token: SeCreatePagefilePrivilege	5008	brave.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

brave.exechrmstp.exe

pid process

5008 brave.exe
5008 brave.exe
5008 brave.exe
5636 chrmstp.exe

pid	process
5008	brave.exe
5008	brave.exe
5008	brave.exe
5636	chrmstp.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BraveBrowserSetup-BRV029.exeBraveUpdate.exeBraveUpdate.exeBraveUpdate.exebrave_installer-x64.exesetup.exesetup.exeBraveUpdateOnDemand.exeBraveUpdate.exebrave.exe

description	pid	process	target process
PID 688 wrote to memory of 3444	688	BraveBrowserSetup-BRV029.exe	BraveUpdate.exe
PID 688 wrote to memory of 3444	688	BraveBrowserSetup-BRV029.exe	BraveUpdate.exe
PID 688 wrote to memory of 3444	688	BraveBrowserSetup-BRV029.exe	BraveUpdate.exe
PID 3444 wrote to memory of 2100	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 2100	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 2100	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 1436	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 1436	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 1436	3444	BraveUpdate.exe	BraveUpdate.exe
PID 1436 wrote to memory of 4324	1436	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1436 wrote to memory of 4324	1436	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1436 wrote to memory of 4456	1436	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1436 wrote to memory of 4456	1436	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1436 wrote to memory of 1508	1436	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 1436 wrote to memory of 1508	1436	BraveUpdate.exe	BraveUpdateComRegisterShell64.exe
PID 3444 wrote to memory of 1604	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 1604	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 1604	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 4728	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 4728	3444	BraveUpdate.exe	BraveUpdate.exe
PID 3444 wrote to memory of 4728	3444	BraveUpdate.exe	BraveUpdate.exe
PID 4936 wrote to memory of 2044	4936	BraveUpdate.exe	brave_installer-x64.exe
PID 4936 wrote to memory of 2044	4936	BraveUpdate.exe	brave_installer-x64.exe
PID 2044 wrote to memory of 3264	2044	brave_installer-x64.exe	setup.exe
PID 2044 wrote to memory of 3264	2044	brave_installer-x64.exe	setup.exe
PID 3264 wrote to memory of 872	3264	setup.exe	setup.exe
PID 3264 wrote to memory of 872	3264	setup.exe	setup.exe
PID 3264 wrote to memory of 2344	3264	setup.exe	setup.exe
PID 3264 wrote to memory of 2344	3264	setup.exe	setup.exe
PID 2344 wrote to memory of 2816	2344	setup.exe	setup.exe
PID 2344 wrote to memory of 2816	2344	setup.exe	setup.exe
PID 4936 wrote to memory of 2008	4936	BraveUpdate.exe	BraveUpdate.exe
PID 4936 wrote to memory of 2008	4936	BraveUpdate.exe	BraveUpdate.exe
PID 4936 wrote to memory of 2008	4936	BraveUpdate.exe	BraveUpdate.exe
PID 2028 wrote to memory of 2812	2028	BraveUpdateOnDemand.exe	BraveUpdate.exe
PID 2028 wrote to memory of 2812	2028	BraveUpdateOnDemand.exe	BraveUpdate.exe
PID 2028 wrote to memory of 2812	2028	BraveUpdateOnDemand.exe	BraveUpdate.exe
PID 2812 wrote to memory of 5008	2812	BraveUpdate.exe	brave.exe
PID 2812 wrote to memory of 5008	2812	BraveUpdate.exe	brave.exe
PID 5008 wrote to memory of 1480	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 1480	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe
PID 5008 wrote to memory of 2168	5008	brave.exe	brave.exe

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV029.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV029.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdate.exe
  C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
  2⤵
  - Sets file execution options in registry
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3444
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:2100
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:4324
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:4456
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1508
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntDMUNDMENEMC0xOEVDLTRENTgtQTQxRS1EODgxQTI5MkE1NzR9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7OUFGQ0IxMjktOTI1QS00OTlBLTlCQUYtQkMwQTM5QjczMTMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTQ5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY1NiIvPjwvYXBwPjwvcmVxdWVzdD4
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1604
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{C1CC0CD0-18EC-4D58-A41E-D881A292A574}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4728

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\guiB930.tmp"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\guiB930.tmp" --brave-referral-code="BRV029"
    3⤵
    - Modifies Installed Components in the registry
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Registers COM server for autorun
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3264
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.110 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7092c2fe0,0x7ff7092c2fec,0x7ff7092c2ff8
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      PID:872
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\guiB930.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Drops file in Program Files directory
      Drops file in Windows directory
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2344
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{98B2EB0B-7F45-44E0-97B0-5B6FF15D4680}\CR_C0692.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.110 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7092c2fe0,0x7ff7092c2fec,0x7ff7092c2ff8
        5⤵
        Executes dropped EXE
        
        PID:2816
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntDMUNDMENEMC0xOEVDLTRENTgtQTQxRS1EODgxQTI5MkE1NzR9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RkY5NjI2QTItMTlBRS00NTg3LThCQUItRkYwMUJCNkVGRUVBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNS4xLjY2LjExMCIgYXA9InJlbGVhc2UiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwczovL3VwZGF0ZXMtY2RuLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UvcmVsZWFzZS93aW4vMTI1LjEuNjYuMTEwL3g2NC9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTI1NDkxMjI0IiB0b3RhbD0iMTI1NDkxMjI0IiBkb3dubG9hZF90aW1lX21zPSIxNTQzOSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDM4IiBkb3dubG9hZF90aW1lX21zPSIxNjQ1NCIgZG93bmxvYWRlZD0iMTI1NDkxMjI0IiB0b3RhbD0iMTI1NDkxMjI0IiBpbnN0YWxsX3RpbWVfbXM9IjMwMzkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2008

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Checks system information in the registry
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.110 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcf0ac2c80,0x7ffcf0ac2c8c,0x7ffcf0ac2c98
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1480
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=1904 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2168
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2072,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2132 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4332
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2236,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2404 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2016
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7256729344475072080 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3308,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4992
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7256729344475072080 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3324,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2856
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7256729344475072080 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3964,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3996 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2888
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7256729344475072080 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4308,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4564 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2356
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5184,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5136 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1860
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5116,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5204 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1692
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5192,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5336 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3844
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5028,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5320 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4176
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:224
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.110 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7a6cb2fe0,0x7ff7a6cb2fec,0x7ff7a6cb2ff8
        5⤵
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:5560
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:5636
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.110 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7a6cb2fe0,0x7ff7a6cb2fec,0x7ff7a6cb2ff8
        6⤵
        Executes dropped EXE
        
        PID:5684
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5520,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5324 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2492
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5496,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5348 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1884
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4844,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5644 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5524
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5088,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5384 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5992
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5452,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5020 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2096
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5412,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5660 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3372
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5320,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5748 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4704
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5492,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5636 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3580
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5032,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5224 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5200
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5236,i,14235783661840921611,9641562417712507531,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5124 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.110\Installer\setup.exe

Filesize
3.8MB

MD5
bebfb64c1c875401762c1ff078b7a34d

SHA1
0475a5b4f5c98f459997e3aa2013bc08f87e9059

SHA256
55b2a01dca16e07fe420a0b1724ff33ec20b62c3ffc155f9f5f6631c1f91b5d7

SHA512
a5cc6c3accd08c3c3594d2fe1383eb6876d36bcabb4767d44710d8c6f5d7a0b22a26ec6f1dc21cc99ee8dadacc71fe62a118f023ab0564a213ca75474d7610de

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\8773\crl-set

Filesize
22KB

MD5
de2d059c45da586ce8af5d9a406ef64e

SHA1
5e53f239f8a50e22ccd1d410148e1b310ec989ed

SHA256
6e29b988e2401fcbb02ce3151e22f9ec5efd881952722b8a4fdeaf1c99a1f683

SHA512
e0438a54d1df1ce1c010e2089ebc672f88f00ea32340fa4f42fa084335681fe008f5bad119f2f8467324c7fea809918561ceabcfb525df84ae43f4347a45598a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\899111c6-95aa-4372-8dfd-f4fc2af68835.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
14KB

MD5
449c2950442a0d79d6eef3d87215bfd9

SHA1
3b328a25261e799414a65a529d4e81eff4930f51

SHA256
5bbe0665dad517bb4d97e78091e49ca20041e274ecab12069b149934d9080a10

SHA512
57f719702af4341bdc6f16e2649f961148601ba18c78ea8d6669707e04a4fe04a38a329aca5dfb360706071aaa193a41bbdd095cec8af6d5b75679a055aea5f0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe585b69.TMP

Filesize
1KB

MD5
15c048b74508c5da033ecc0de62e33fc

SHA1
e024e3cd10d55e39dcaaab5f242359929f54a117

SHA256
37940802ee5974f79691f75e22c8c54dd1d4f002101644771101b48732aa7121

SHA512
211f0ae5d4427795b625e2e1a3c302988308341053347744df7b642f1d5d4fe7fb7399d116ccee26c0b780acac4ee2676a2fecaaf3f2a0514d48d66b463c9f8e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\65\download_file_types.pb

Filesize
7KB

MD5
7aae1f30b2fe2adc7d9725b3b6959025

SHA1
e076252265e5d1563a656069e14ff767494729d3

SHA256
d4c314a43a880493dd8d1c579e1eaf1c7151eb608c0cea211b269251f8d03b85

SHA512
2c2852d1900eac5654f9d4b0f3182c5318a8eb7704706e443a2adee9a4cb8c04bb3e083d4624cd1aaf0386e27f4e3bb0d0ef3918c4a84827cf087f35602758dc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
24a3bfc9f266d66862497b5e36218a63

SHA1
8db5fe88ff616ef3ad9bd3d7072afc6cc4349eee

SHA256
ff7a8b3715a3177ab8e4dbdbab81c8d4dd1f3a1e55f697ebc7c0f053a0301a6b

SHA512
0da74a9d45b24fa11a085078f7ea7374668ebbbf5c208d503248a206dcfa7d9227cc48b7e9394f62065c8323316c6510eaf661d04fdac245aaa6b667965147f6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
bab50e64f0b955707e95f29d12658641

SHA1
87ec0941dc275fb9b133357e68ec07eba16c139d

SHA256
38df3f8a801fb8d3c363808248c081ebd2bb29f8ea5db6222bf777129d118d0f

SHA512
65aad075fe68607ec5391a5989e474dfd44e2999c7cba024c3485c619e0a5eb7198498ab8d45ee3a71d70349158e34fa6c8c056f4c8d04295eb874c575152dc2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
75b97369e065f82ec62b048e478bdb22

SHA1
278460ead5f33c09ece4fb7f539fdd035eb603bc

SHA256
e43066d93703df4b809d94b109244b1f68918bd1f3dde63a60cb8596cc013957

SHA512
204301b359e0ccc54801ab1aa8cc190bb19c3654a55bd1414ec3a3fc057a1109c45ff0129c1659e0910b8c78cd8c310cc2064b48e11e61ce5fdca414fdaeb53e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_146630759\manifest.json

Filesize
349B

MD5
c2aa2d6bda7acddee117477137bb0163

SHA1
4ef6fccff382121d84c22101a7f4677cf056b22e

SHA256
cc55f3872699ff7cf5412491264f129c15738daa070001ea029cbf0a8e97dd47

SHA512
34f28a91396718921fcd6e77a08346720edff952ee77485c9ba76e2839d1f780df2e225b5adfa2dbc55d68fa7f731427bc52019a93b55f2f5f24cc29dba49221

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_298920064\_metadata\computed_hashes.json

Filesize
250B

MD5
fe5222483493fd135f737ee8d96c6ec9

SHA1
f78f932efe6131c8921262ae9ee131cf70b89444

SHA256
46a8f292cf4959371f87fc099e09fd279452654e56fa603299f7e512dbb010ab

SHA512
9a6d1f04cf4789a2df6d572d5fd516ad8b412530c86b4cc22588ec2405b5ec8e7bd15553aa2de01c37b5a8af5c3c7504c0251aea171e864620180230018162cb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_298920064\manifest.json

Filesize
408B

MD5
25e45b88de59ae31ed14c753d0ee98a7

SHA1
a1193ba5afb2ec60d42b36dcb6456da21555b1bb

SHA256
7b65ad26e9cabb61c61e7f1018632e36fd342c29c1079b83edea2114b0d60c31

SHA512
a7f7e538f12d65b93af9d926b330ae0a3ba9ea547724a5a7fcfaa8bed103d1f3813fc12115bbc56ff80c3da384b74244ce37e58387cce9b10a1ccdf2f779b29b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_547974796\manifest.json

Filesize
377B

MD5
1ee6fefe3b23c7c7a8059c979886b744

SHA1
aed05f078d9b3da40e63a991ca07e36c99d67633

SHA256
ce710effc16c600f9b09699c3dd82c94ef60f63c98411d14dedb6c5dfc201d28

SHA512
9b609cd8afbcf2c53cf71dda6c235914155f704d7119090658b55ed96b28c950c110cc4a2955e0780a2efc79ee78bbf46a15ee65d7144ac991c6748a3f2892f7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_607269987\manifest.json

Filesize
380B

MD5
6d68bb758b3a522bd31ccae240558a1e

SHA1
8cb3b932186ebfd919577d18dbd86e11b57a18bf

SHA256
359e9e4eb323d43a311f38d8edba6ad8b399a5c4d014bf2a91d38142ef1dd2b3

SHA512
1b7887bbe2b76e5201bbf153cfb19c8be860fa1e3a6959335eab6d757debe4568639a8da2574064510ed2a8101542d2abdd01c5c9a35a0f8a3744dcc6fe7891f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_97856100\manifest.json

Filesize
385B

MD5
6f26172981ce246f21dbc1d853ec9433

SHA1
a5461d9a26128670f2e2bbef2d1e7578f672a183

SHA256
21ca7a61f92685256d98dfc78b9844e7ca784afa51fa5530a3dbd3ee6d79ed6b

SHA512
bdefe588284e50e42abb743f3d04171823d2893a6d188cc95118be7dd292c6cd91d3eb827b54d39858698cb526b8e75648688b62bc463759e5b95b04fd09b847

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir5008_997315424\manifest.json

Filesize
407B

MD5
7488b6d6720532f4a267d26c247141d6

SHA1
8c94c0b8a7da8bb87085cce4ad42641ad3e8a842

SHA256
fb5f4468336ac50fc71dee3568ed7bb2392952261076ea306fc9f4ed5972bde5

SHA512
8567b3e896b5dd0bb3608f3fd65fd8cefd284ec4ed5dfa2d6803a962ff41d2c7a59c933f4dc9b9c7c6f6ffc4c0e8e85f62974fe3fbb09f758c2025523355dc42

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
887a39500d87357e1d29fdcb2ead5903

SHA1
2e6cbf7aacc3b0a4d32bff61c36b19f16892feb4

SHA256
4da293cd626c799facb47f339700c0fbc51e68e1a3e8032c87b8df65b0eebbbe

SHA512
7bfb266b1dc091fa65896bfc07295d5177577d8c90e815027e46b02521e62813ce39d010e555df60ab6d3b37c2b53ad396a3cbf0d77d476e24de3e372c6ff0f6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
48KB

MD5
dc5e3c45dcf0068c66c62270786aa357

SHA1
88c0838d223aa897cc097d42d482c6ee1e8d53b8

SHA256
d832cc2d184a8e43e21aa0c0cd593af891bd93f7d60e4ce5bd688156e1120cb1

SHA512
324ed9d18cfbf8d7a3a90f549a9d343e4af590a947d0f2462abcdf3549801c1d41efb5ecd99a97a392c19f634225a4c6c9451c9b766e94078d786bcdab2e02da

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe58342a.TMP

Filesize
6KB

MD5
1c721d7342b938e4956762d71552fa36

SHA1
70bddb32d5509adfaa64f33f2c84fc5eda36420b

SHA256
07eb37bfb80f34f24e4d5493a722495904424e2313e7d675ab9d87207a09a90d

SHA512
b6f2757e095ad34e99037600a52e51d8c1705198078f6ce6be8c72b9ec631c82bca0773878d29d3f5445610e77a07b0f627f35d9893df5755f097b9c64af7ada

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.154\list.txt

Filesize
101KB

MD5
618f6713bbe4707917e24627a515c3bf

SHA1
0e5ae0d01a965a566f341f26a8f9af5090903fe3

SHA256
f92a27cc0aa7fd6c61ce99495ef6f7703f73b3b18b6c39d936774cfe980c0f01

SHA512
e1a21c85712edabc9652fd27d80e962c6b7e739c209e04393df7b2eb1f015d425f6024abd713c36fb539d27d1ce2466485f2ae6dea97be32fcb4724bd7db24b5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\Greaselion.json

Filesize
3KB

MD5
3b7f2cdce3ab5de01976c5219d661ee8

SHA1
669c6fc08c14a0a66b18aab5a4c92c8d859ddb30

SHA256
a04301151f5a06b2ffd4c006590c4eb801157e8d2235585da165b0314cd02348

SHA512
d7e53e1873a1037e43578e57a018d63d1f7e991ef8320217e057d06a649b4baf7de880637d2ec57c17dfa9ab5e1b3d60c189dc07ef55c9b5325d8fcfe2f8f8b7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\clean-urls.json

Filesize
14KB

MD5
ae1f781b279d2eba1696768ab9f4d21e

SHA1
d6af497556f847bb8e0dcf2430f5aae55e727b2a

SHA256
94ec12d568bd874215305a7436f5c931ea2e9943988ec0c0d0888579333174e7

SHA512
331379971b2066faf9ed02622206ca6d5fa3f2f1949f653adb93f72c4061976228c6f65b35d76e154893d77883274f793a1ca868b467239797d13c275bb219ae

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\debounce.json

Filesize
10KB

MD5
dfe66f6acaf568a0130bba36613e2c5a

SHA1
b53f6ee4f1994fe246dc346b341ed9c4ef009e5c

SHA256
51427ca754354027d6391b8bbb0ef62be9c22774e7ea58dbc5b4ca5be4cebbb5

SHA512
31b44e38a84b5fc50a61ffe86559fc7d9216d8e037ff67d6a9d60c5e5170f49becbef8257c93c5041629137b9638cf22237cacc8e6d5c16b2ff433c55eb8da71

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\scripts\brave_rewards\publisher\github\githubBase.bundle.js

Filesize
2KB

MD5
e7cb1f457c1972065f9a5a5821ed022e

SHA1
e8d135731d52cee0975327c99d1a6b745937c36c

SHA256
a00d426c743f719cd74ad64441a8f7fdabbea566893c29b756754db91f05355a

SHA512
de79db36ae1e042121cc440b21a5f175b7a679192df11883f304debfe3c1256955e13724d47ee3cc874e63fdc9a0b50d4b57f16d8d127d8106dbd0dd73cb5dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js

Filesize
3KB

MD5
0e7d831110979936c383c74b060388af

SHA1
e9f8511b9862cfbbc27452a9463a78b44901de4a

SHA256
d046760e839f120547d179a8eb380cdfd07db89ed256d3b95bc975161d075ea1

SHA512
8a449257a396b0df25a19211cca28162dc12e5a22144b48996d09111181340d28b79c49610a7fcdc702b5571b0d4ad21efec890d39bf0d678f4842b1d93e629a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\scripts\brave_rewards\publisher\twitch\twitchBase.bundle.js

Filesize
2KB

MD5
4dff02b3222f25ae7138d884fefe8e8d

SHA1
58870f0e2511a66b961ee893b332c1241d235ea6

SHA256
0a21a4e6173432a274ca9b9ed8c13a4845675f20933a44a1d053c0d12a633447

SHA512
0d031ed3c86c8268dd3c01219b3690948f43dbf87870db2af12ab9c60b02b1c8212109848d358a5870a17b8d1d2599f71918690fa0e34aa4194f210e326485b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\scripts\brave_rewards\publisher\twitter\twitterBase.bundle.js

Filesize
4KB

MD5
0fdbb757afceb684f8041000d9b80c30

SHA1
698834f7d787914f7155d7a1e0d8e24d91ddbc0a

SHA256
7dbee02d2b4955afef95ac5ce8445ebaaf84c9fc55d16521bc598303c6521cfa

SHA512
bbdd0fe5f8dc576f236d991cc7d29ba2a2929e2a78c86c5c4eb3f04c362f3f612f32a05b9a17762f6563fc7ec705ac83ddc0c97ad0e0dbe1a0d389b699f46dc1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js

Filesize
4KB

MD5
bdf49604c55dcc6e0af6281c83158f68

SHA1
1352d66ba7ba76efc4f7e4bd9e8d79cf1142b275

SHA256
4978086aca3e6ebf5bdc84494f31a388ce7955fe8bfc043d75cc8306aeb437bb

SHA512
8c3c7d69ed8aa2177bd3e56b85e1cf51e98ab97a551df2e11d9b2fb1907503e5ccace21f895d5a61189d6c351ebd828a779e64cef5114c18905d19a1964ab648

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.746\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js

Filesize
6KB

MD5
31c947a91169986cfa3558f1ef9faec9

SHA1
50d23ff4bb00edce79a4160ede1545c2c87b5a08

SHA256
90f326796832682ebb6533eec08ea34d29e8a864f949e767e3c047b225189a94

SHA512
22f66c131abaa03d3a3aba5f1b03a9f0bc355e528468d9740262218e855c4219e891cfef463e4ab5e4e6559f6c49301fe2a70e8b342f5d3eb9c577ed262bce63

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.6240\list.txt

Filesize
43KB

MD5
2c1c86322e388480927ec9cecc2bec1a

SHA1
55595ad0ad576385b300e622f8bb1191e924545b

SHA256
6ddfc77722440aa4f958f2f8a576a688e890498d6148a2e664d24ab0f211f3f4

SHA512
a13d3b1b09f1abbffb9e245818231847999b7cff8323623c8314491524ce798605ebb18f53914465306f0639ac8abd2e6592ae5284be49c4ebed0e257a6633fe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.6767\list.txt

Filesize
1.3MB

MD5
d96687301e09df1ba44444406b54f40f

SHA1
c54fa1a25e553f3bbd949fe3204a87e3a9094a2c

SHA256
8d029eef1582f3128067db5c2f3f973613d8dfa19f713827681a3e3c9e8b65e4

SHA512
fad441753eaba8f740fc164165ec0876a6c38bef3b84947daf4b70b6f1d6e08350063cd1b40693a91493e94889bf6e45b91c52c67f73e4ed5cf19cda3453c79b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_388c1d365726630d564a224200e4e547c075abf171e74483b553e411fc72fd01

Filesize
32KB

MD5
627efc65e889c72564731e1007173fb8

SHA1
48d3399218688d4f58462c5186518eaabd880169

SHA256
388c1d365726630d564a224200e4e547c075abf171e74483b553e411fc72fd01

SHA512
167adadde97612f7c6d3da862a86a0db2292f7c1e22f0346f8a8208341389fd35517600bd3ec3bd94f4e0a3c1e3ab4702314d7136faffd458f8723c559d1f1f8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_5ce481dcad08205236f3dd3679251737c6e6a080f5dde72a59dfc72aebd4aa08

Filesize
68KB

MD5
d703446dea8ecced6d6f172ddf6da3ef

SHA1
53596f15f8566fa595a28ba9ad6a9326119625a4

SHA256
5ce481dcad08205236f3dd3679251737c6e6a080f5dde72a59dfc72aebd4aa08

SHA512
345d99104ca384344acdf7795543de7c19a6fc3b8486b594d11ad0391997fe4ef4c67c948a75859628446349ad61790b63c3a8738fd3fe89a3ad9cdd9600c315

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052

Filesize
12.5MB

MD5
26550720da0033f11c39b9286c89a360

SHA1
2e4b674d0894fb7ce59ba593f918f760e546749b

SHA256
9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052

SHA512
f51ccede383bf5a8b2c14633da44c075709a9f69254438dd8d1549550b232e7cf5c4520c6afe45a943d39a02c2b3f8bb54b5f53f5dc3499eeaa8df747d998112

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_a9f4bb81d9aad870a786ddac42269f964b526172a0ccdce4865dd4706bc981d2

Filesize
11KB

MD5
85a9341307e6d3be499515f34e8eed74

SHA1
667909a60f4548e90b3269f32f750518a71de581

SHA256
a9f4bb81d9aad870a786ddac42269f964b526172a0ccdce4865dd4706bc981d2

SHA512
1a57195e243ad8020307f68cf5e5f3d27f6e2a0147874ceaed51367e37c15e847d37e6438995b218b5957ce4c2a0df0b19cb719db8a73db6e7f6a1a56b885b92

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_6643e9485c0f6a518aaed6d59654ea1049746ff72b89f560adae71ab35963378

Filesize
381KB

MD5
92b776ee3b6cc1f3b9b3ab444ba2d7fa

SHA1
91111c46a9fe4e1ae680e19f770461f9ee1579ab

SHA256
6643e9485c0f6a518aaed6d59654ea1049746ff72b89f560adae71ab35963378

SHA512
b2c00d865a1f8bd7a1fd9c9503d174e3bd9a79e9f13249f39503b85c890df7b131396c1227b6985cfd9f74f655e46ecac6f79e520443374e9b95d90939880d27

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_fcecc23679a099edee375cd763d0ce397d31937a04a94492787596b9717a635c

Filesize
929KB

MD5
48a1bd679ee6f1da72cb04f780f8e132

SHA1
693b654aaf5a907f60952e05e83b2fd2cca40f23

SHA256
fcecc23679a099edee375cd763d0ce397d31937a04a94492787596b9717a635c

SHA512
2f0958313ab8b1dc87bacdb2a37163515683a0ea2e107d2d2792a8e3453df2d89e61866cfee2b1217903bcaaccdbc4fc82cda31a26e3537f4574ce1d50c91dfd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9009ab41a3cdbba572e9f4665f144adc8e8f3f28199b099d44daaaabd38bc415

Filesize
70KB

MD5
de2aeebd5ae0ecb567c01e7e4d1738e3

SHA1
d3f1694b77cc46de252eed58fe46e9c69a7e27f5

SHA256
9009ab41a3cdbba572e9f4665f144adc8e8f3f28199b099d44daaaabd38bc415

SHA512
6044fe74376d46ac25d4c2768497dfb2ad67587e1b99d13fb091dd944fb519f47af094fc8d251d0cddd9141ea50aef3b1f72113a489be643fec930cdb6ffce28

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.3f09a9253f72670e16dc1d79dbb6d7b62b37dcc84be30b587ad3975fa727e0a6

Filesize
25KB

MD5
f52c135640e3675c766e42e67ce08dc9

SHA1
3c6ac6d3ee1f310153b66445a922fb9244e70f26

SHA256
3f09a9253f72670e16dc1d79dbb6d7b62b37dcc84be30b587ad3975fa727e0a6

SHA512
7fd73d47f2751c2eeb8f8c4cf8760a9711bee32139deec52fbaf20f3f9ba7e8599c21c669cdf5ed7fe9ac31b2f612164e4eca6f8a8f4f5ae9504ca127f897d56

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_9ac596926f05dcb30dd4917cd559f10e16381502f77761c5bed4d9438a737dec

Filesize
17KB

MD5
a7e4c42e905b14cc01a1050d489a148d

SHA1
35db36d549e6c40a5d2f02d261beba1b70ab5658

SHA256
9ac596926f05dcb30dd4917cd559f10e16381502f77761c5bed4d9438a737dec

SHA512
ac7f0d431a4105dce0fc51b316c2243d0021c721c9420754e99b1773aa1e050246196b1f58c562cd2b81f8567a0814d65328f3360f6e2e2e94966bc5834b63e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_29c789fa934afdcf747937d417204e5a03758e090e96e09f0370d43904cea60e

Filesize
1.6MB

MD5
d7d929e9eb4a6587496c0194e1f17e23

SHA1
d2d34668ef4af9de5c4d60eea8effdebf8aa7fd4

SHA256
29c789fa934afdcf747937d417204e5a03758e090e96e09f0370d43904cea60e

SHA512
9fdd3e17429d691ddf18e20f9115e99105b451b7fc5f5240656503d5164b0ef4855c5f37de6e01ce15540a505b89a5811aded3ea4a35f48a1589897a7e0fc88f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.3705656094a72760ea5c7aca9e229b54669c39a219672cfa4d23c3b153fa649c

Filesize
5KB

MD5
1e890ff5a734410001478628f9d33f8d

SHA1
b0d68ccc62bb70956be5d1fb3766f84efc391ee1

SHA256
3705656094a72760ea5c7aca9e229b54669c39a219672cfa4d23c3b153fa649c

SHA512
c6a52b30ce61127e39da473d0224340dfb597ed56475ad270f29c5a6a1efb66d523ea6d642de4eebe9eb133bcd8004ec4dd6404682d304a4ca730efaacbd87cf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_ffb32bf7814a2e54b2ffd1e7d01a4a345e12072d9a530f3c5897f510b0ddee45

Filesize
141KB

MD5
7c84fd7336419e5a312fc2f0eb79b8bf

SHA1
922c2c599052fbead7bbcecd31bacf948d8abe0b

SHA256
ffb32bf7814a2e54b2ffd1e7d01a4a345e12072d9a530f3c5897f510b0ddee45

SHA512
23ba134ae93af63ca777c260c558cd4530f90dcdf3b5a2a9b265213140cad50b65a46d95fd87f01f76c8b2b2e3a0ff1aa9ed7489a9df9a8b2f6564217ac84d7c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1602\photo.json

Filesize
766B

MD5
570542f0e6a474457a03786295d4d0e8

SHA1
920361cb785e92a37655a5b0d77cb08d80175bf2

SHA256
05a985b2883eb4d5db018c8c9989a4a9ac1acf429e92bf175e717c112e81f7d1

SHA512
daeeaed8578d788b23635fa0b2c41834f480447a3809e1d72daabad0013af3217ddf5e49625b9b6a4c354e6a60e20e5177b7e6c71f04124dc67e235daa58b593

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.56\list_catalog.json

Filesize
72KB

MD5
5a71069189227e7c61490d0205b195de

SHA1
c0b81a67c431b0781cb3bb07b7400686056a1be7

SHA256
33f110f023c4a61eacaa7e0b5f670bede4c36fa27d649b24987ff505ce316070

SHA512
f82f17275d5d53e7a5c7741e2c03cd3e302c755343ca240f4f4e779d9c84a47b20e1d2ba452f73cd613b01225b4cc6453e53a8606c4f606082c81537daae3b41

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.100\dnryisldmaqljgwaxeqbuuhuvrbboqlf

Filesize
235B

MD5
ace804b1b6bf107438c11cd283e7d4ff

SHA1
7e3c1d5b50f11f31a35286de0ccb4788b3ebfa15

SHA256
124bd93f5656393fa501e4cae374cb578330adbcdea314adf11e9dc6320ec466

SHA512
f34f36adb9335f11da0a63b3fba9ff19380c308bb17db1cf0b4c1f23f35f3b8074f6beeea7ffdf600fb97a452aabf23fbc64c8dc45719183b98c819e3029181c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.100\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.5870\list.txt

Filesize
5.4MB

MD5
a30339d722448db7ee559dc0a75f4f60

SHA1
0c79d95c09081751dc68a29953a71c361f197789

SHA256
d92a8d45d971c58d4af1d113ace9c8e2e4478096a5c9359cac71accdcb11d099

SHA512
5703adb07ff50eb70e92724204b1001cb86356d6acb3c9020ab3cacfa1998cca33622bb9cd1838cec4b4ad847408cb477df05def3ed778fb1aa04b019be6efc8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.88\resources.json

Filesize
884KB

MD5
5fd4730f39459b56dff95f8c1bfcc4cd

SHA1
37e3f099e92f22b5d6ca1f21ec7ec69d67e3f997

SHA256
a2e7249ce1980e5f7b5d77ae556720e1e7e3767f2bd032528839d9641fe6497f

SHA512
fbd2e8079649df751e8eb3f79ad18439ec72f9bab394a36cdc0f48480596b2e871a462bfe0f99688259a3e551f3872d7f96512c4774c2c9003446d9ed684e8f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
5aa6b612f7cbae051d8bd3414d7cb4e6

SHA1
c9e8fd6075b34fbfaf32d0a3c24a489a4ed8a114

SHA256
0f134d404104f15dfc3b3ad0e59fb692a983b15ce3ecddd708c029bb519b2e5e

SHA512
9fa5ed4442c86baa91c3c271980d20e1053f718b3e4c905124dbff7777439ea69ee3007e290cda8c39b2e36c2cc1e4c8d8ed1c01a49872d011953ef7a66b73b0

Download Submit
C:\Windows\SystemTemp\Crashpad\settings.dat

Filesize
40B

MD5
442464443d6a8911aa5f54a101f4880b

SHA1
59c069ffce0470fd97680c6fc6ccf74eb5da37e2

SHA256
b389afcec2bd5a76f60a0993442ae1b849746a0020ee906fd67e0b5a790d7186

SHA512
6ca950c25d3a447423bb745e9a69e087af44a1ee14a874025089473f2b6c379eb70f84b68f9ac5d0193ed220cae672319743eed4dc733e71db9340c5f8739c1f

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
994f1a1d7190b4b69c3ea0edbd9aad75

SHA1
5d7b4dda8a0ebafbc9f121584e08cfebda5f5de8

SHA256
caa18e7065f27372fac2c3b986ff1752c6d8d4adda38831fc002c98af5597c45

SHA512
a3c31e222ad0dd29e11e8710dc8d9f3ed38308efe68b0235a280bfb97b85511b46d73797ee6c0c784a87438e088f7280288f8f29fc180b5ad75a7c7ed499ab78

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveCrashHandler64.exe

Filesize
360KB

MD5
bb811c6670dc2a6ccde4f15411bbb860

SHA1
66670642f34a0efbb84543f9f445810afabce3e4

SHA256
c3168dfbb08e9b840588f41650349ea1c413aa3ee163b0320f4e83f96f208fa3

SHA512
419fce8e044ff3902e4d75bc600a0931bb4fe1162b8695034b5ee400ebf37100a9b48f87f39bec2c3e417770da1a957957cc4825128a7e96c9c15c3261fc7f88

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveCrashHandlerArm64.exe

Filesize
355KB

MD5
71ee9f62ca57ace151995b34234a46ce

SHA1
1bba5d08b8d6ff687d54fc9d14814aa1ddfc9d62

SHA256
7c0020f832fb1ef67732fc871e8311d55246a05e451e9193f2efe6a265aab459

SHA512
0da14d09ab3180e97993dab9316c34e6b01fc35a08d74e3b34dc6eb0dea5551b9a0306c6e67f813c6e3a7ada080454d23816e0eee2d65fe303c6a649c108f602

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdate.exe

Filesize
162KB

MD5
ddd12a654903926b2f2521a54b33f858

SHA1
35c5118f29beba98d2ac377d9a72d06d8b7b5212

SHA256
abf3726c60d3b7d7e5490de04c18fb1d0c10a06e45d9e6ba2201d80a2c2a1770

SHA512
30df926b2368a4fd0af5117696b10c6e39b4eeef66a256483b869431231175e7c1e99012a454bf5fec1aa5f441fce77ee4a901bd6a103763b960e631e044933c

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateComRegisterShell64.exe

Filesize
162KB

MD5
4238d31d155902fe6d0c94dd1a46edfe

SHA1
d9e38bc48c3b57afbf78a6919fcccc386264f1b0

SHA256
ce3102db24e5eafa6b0079e4445e0850c0d0a3f1da263ea5f6255685896f9c61

SHA512
7e52d895c12a319557e0eeba6ce849d632b4d510f421b3f2c6fd9c821c8fe9730acb6fd584cf7aab4f4646bab94c6d98eb530b31f838af933c74c3446cd27526

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
144KB

MD5
456dfd98f7193e2d301ff4cbd3014904

SHA1
c18dbc6d6929402399bf0287bbac83a3b608f638

SHA256
ee54bfa49df51a4d543502b83bff5343e0ee56303261120e1da99f8dc4b73db3

SHA512
56b07a42c455850a45d6aef1ea3146630d9db230989948ab9772671cd41a21970dc9fba2a10028553e20e62e31bcabba707921193e9b0d14519725fc9a81a0ee

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\BraveUpdateCore.exe

Filesize
194KB

MD5
e1b8e13e9867fa3fb45c9a921f64c283

SHA1
49726ceccc6494d9cb92090e89637d61855a2d9c

SHA256
a7eea29172ffae857865f10dfbbcf48970989ce96bbe953615a91c482efaefaa

SHA512
187f128722a64cbe7251f0b714312900fcba484c471e09929983f257f669cbf2d2b770266f9c74626c4a69acbb4a03cc5b48f1e74f2db7ca133d1a7558e2e8d7

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdate.dll

Filesize
1.0MB

MD5
5cc0aa5592dec5f39fcd9a8932430481

SHA1
862811b29f2c9243ffd32b99b0df2720898ac9ec

SHA256
c2d236477a51f35e7e7c4d5a9fadd076370357752cd86efee5f6bb0e4dc1a420

SHA512
04f62d90df2c8f2f8b96ef8279226d091eafc1f966fff492f6d0ee7cfd04d458c1446acc2d87bcc36a05f96ee4cfcc88f39249f3a27519651720ff9d189f514b

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_am.dll

Filesize
42KB

MD5
d895a912b5bebafe2ea6841ee2a00509

SHA1
e3462355473634b890642f45f9a3c4c541ef21f1

SHA256
b8b2c0330b5afb1a2847bf10fa818ce7bd51fe04db8a2a766d453e96fa8f089b

SHA512
cfcee085c6074921b084ecbe82542561c95497977435f7b848981d0b1b2e6f5136511ac4c2c309d0616286310955008fdecba24c5a6de6339bcbe35eb4134592

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
87d35a3f77b4d3bb06037abb5ac05c65

SHA1
94807dab5d1cd4612829c9c0496f4c98bf088beb

SHA256
939c07cabca417d87f85f09c4e4775aad2361a823225153431665e044602ce14

SHA512
fded480d0386889ee5c19c05580b513e29c85c7f1aa0024c2989011e4993e97943d02ffd00792b55a1b7557e5da32917f85b54397326f03da29226201d177e80

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
c8565b9d0d5199de17fd4a28ce01aa1f

SHA1
d3fbc4485d638687abc01b1027d7e0f97ce4471c

SHA256
a6afc8e612b6bad95658a7b0e7664d536bba304ae01f9a9de6357f0a62cb70a1

SHA512
72c767f9593142649a713a17a3837fc31fa4ad3e53cd5764383946ec9e83ff78278307699a9e4297fad32489067798316d217941670b28c530bb8cb7b45e58a3

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
8c255e39b39240e3137cfb4e999d2974

SHA1
666727541c29c81bce6fee5fa72ee89bee459d9b

SHA256
e945c3c7f6b68d43716fe95eb59310e464e9e617a180784b08c71b57e2fe6b4a

SHA512
eac75baae8aca1b5d6b317c52eedb7fe104f73a7cb99ce26195f5471570e166579c999b5ac75e2659a4126a9e40d619b023ad278f79271d2a6a935ad95f43d3b

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
fe459c834572e7d40806c46f4806b7a7

SHA1
c95d91bce107bcbb9514e2416b983319f78c1186

SHA256
680337618af9693537df9e726eac2ba1698fdda81a61b9db61cebafd1b1fe044

SHA512
d9802512a27e464257cec4b63dc29c7be5f7fd2e39ce0425cce507f952fe750eb840a6cd4f24cf489a38c83dd7fd61db83510493b2b38024e78d732a8844b3f4

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
8568625bf81e22d017ccee113e4bb38b

SHA1
3fcf9977a1999f92a58216e0150df3902bbd9995

SHA256
6fc97d69585ea0e70cf7ec4d0578efb498bd143c3024a86ddf01fe8bfdcadad4

SHA512
41521a623b44b6ba611e66e69e0549d6a7e6c988c2d44896180521fe37fba7fa34c6dee21473c51828a73f4b6182b52d764ced98a3efc98527f5315e9c553f4d

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_da.dll

Filesize
43KB

MD5
f7fce643193582dda4391d1e7d2b35d5

SHA1
091e6e1d964ef562049f691d850c54a713a3f847

SHA256
610248a6e1bdfa702c8031c8823c6df012d685c28376925cf9b04b639dd0b34a

SHA512
e8428e37576c5cbbbbc613bf933b1d65c3669dd59f747d23e6072b7c3354410be02509625f930723845858327bbfb794898f4b9aad43092849c3d4488bf8e7d4

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_de.dll

Filesize
45KB

MD5
ea2960595acb7aee61765d10a8f65057

SHA1
5638321d4d23aa6e34ff920d815abd54a659e9ab

SHA256
15196485a833be0e701cfb9ff7ff739f0c80f7f6348c304ecd19c8407f7c8a91

SHA512
97b254adcf7ea8f2c9ff8a297d571f0af1ad69331912823a441dd7885cdab53131821b41371ca2701dd286516cfb4cda612f4aaa15b6085c592554fa11b2b73e

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_el.dll

Filesize
44KB

MD5
1e78b7d02bf12642f359b0bde4dc61a9

SHA1
332d5c865dfabf9f9e90ad3f23d82612dbc53cf8

SHA256
42c6ff09440acc90e3955bd3359bd825643700984fda5360784155d438675e30

SHA512
2858f7e24978bc4dd0e026b737230201bef48908a20ad3b8e7419a58093dbf5e04dbb69d0dadba4dbaa4e52722fc446153fccbe22fa20533cb3c9a70785a2a26

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
abe8123dbb140125da617bcaeb6af8c2

SHA1
a597b4fcbf53233b57351cd2c63bbe3a5948844e

SHA256
b04f3c0abe1762528ba5f857217f8af409d7760d36858b9a8d311d193c2acbc0

SHA512
3b12163d5e4f2369b564e290258663dc3dd5ff608b7821d606c01bd256101c55b2dcfb0fe8232354cb14d35beb8b17e6702385fd61f52a61aaad6f53dc6e733d

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_en.dll

Filesize
42KB

MD5
0cc76bc67ddb33b06ac150ebfd370467

SHA1
066846999ca208c1e26bb5c20168afd71c17f606

SHA256
d0470a9fd083027da90bd0c9a70ecdf9594acd22e9bebbc3cde0f9ec654bc392

SHA512
b18cb978b178c005ae1f1295172cc1d6ad5e480cae7c90de14a0b5a33f25c251ba3d015438d8981a4afb33e6826c2c68b5d63ad0b935d2c26874fbace56d98f4

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
049c34fa927f23e5c81a18ec978f3a44

SHA1
390aaa50db304a2725e6544b9c39bb513446edf4

SHA256
b550a53eecbdc49ad16c2daf33735adfb1941ed78caba5d938d74f71d018aad2

SHA512
1e38ab474d9446308683b736dcd6e903c8b2317857b7838892364dac8ce16d3ea0583b5e4ccea7180dbf717e2b802b4a202a25648112298ed080048f14dcaaf3

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_es.dll

Filesize
45KB

MD5
dc83a771603dfe1626661a57e911bbd5

SHA1
be1f606c8191351d40ead055cf3ea0ddc23aab13

SHA256
dc12a6cc9f0e7b42fe0523947e2c0e7d76b34c115c9d046ae2fe2249216fb6a7

SHA512
73248f963ea1b1bb108a4d612c83ed8e9c0c50a242e43f8190b5063a1608aa0923214458b3039eda2e66814220cd40b02207f321da8d71b238bf94b92c5b4fe8

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_et.dll

Filesize
42KB

MD5
46ae69610433225278d09edf90883a23

SHA1
43cf9adeda6b76eca372b467e37f56fada86d272

SHA256
d0b3d309b69f34bec54959b43db5949e07d0ec52572e32095d7f713244be67e2

SHA512
45e1f32625075dd7f61e6dd0908487727d13b950747b6c7e90d8cb822651c6a85c8ad4c22eaeef02f6fa6beb1a08715a9a350620b4d1024cffca6071993c8ff1

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
98ba88164aa9d6f72a0495aed9556739

SHA1
3bd4ed416375b6df06e01ebd3f28546d7b6c26f8

SHA256
98c802795f52c491828070ec1ed0fda7cdc88214a32571d71b850b71e692cbe0

SHA512
559586e45cd55bbe503ca5523a79a98f7538622c7c346be45ece772827dec44ce15e18bd24063ba7366d918263206d265613fa3fa90e336842ce72a249739188

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
c0b2ced345203c52e6f8f8ac660d896c

SHA1
f6628c0b93e6b0dbaf517c9e7a2d501569b8e8cf

SHA256
cccc2b33eab3e9ab08199f6c0ae616cb9ae8ff69ebaff34a10aa006daa02513c

SHA512
e2f2f5002cc48f5b89b61a77c2733ba7613833132962e0729e14124b761836a74598ba4c60fe30faa25b40decd038bd95070ef9e40af33ea2d33753cc68f49aa

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
a2a1bdfb491403e7e885bc1ee4048482

SHA1
97dd1e843ffc5ffbd3db00bbfad404706416dba2

SHA256
0b2f6738f3ae0803e09b84143806c3d2c4802cd8280a4d5c8b6f98cd2fd2d26b

SHA512
523b35c2c7f7ebe13b650e4b6451bf560e9efcb48042f95419bee4bd2c9e6ce5e5fefd60325609fdcb253be2150cfe61b1ddedaefe2ee576e47f8e97248e74e6

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
8c822fbd80e2eee51115106658242ca9

SHA1
12076b6d6e3597e347dd8092116190c273e080de

SHA256
bc0eedbd8fbcd16f94c965066056d4213fdea1df4686adbf8d2b4461c55d8a8c

SHA512
dba9e3d9a1bdd629b12bcba93146e531938647c063cd50259ce19dd36853e46ef232778a366f568e3d67b1e34bd1b853e86c556abc894a6a35f630f785d87476

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
105340ce56cf117c6ff0122b766815ff

SHA1
fab81414a5e1129b19e1c39ee31797db8ad44326

SHA256
99d066486cbe7d1c4f3f89c532604bb01c3e7692f188d8e13542e05c6f9f8105

SHA512
382c5dbaa3453e9d9a3c84c56d783e8395e889ce753a5646c04a0b73926e2ded7dfcf573d82b462233768b257d9aeca70cb9792122f53b3d535915c01621a31c

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
5de65feada2feea004675ccabd387c8f

SHA1
6e92fc8a9b2375119b61f782c74308409d1195a3

SHA256
28577481fd2af34317dff02a08942e42b6712d99301a50a9d5663a57a8d6d854

SHA512
04e38abbd0e591614ed57cb125fe82775bd53ce5f3ce8208d6d92238ccbbdd220a31497ffcddc0969f22f57fa7ec269d4621d1e1ccb89b8dc086c1163ce29486

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
b5fe35779549841566431f3c10e5503e

SHA1
555029e2c5bb95ee1c1d88e2895b5a2c925cea09

SHA256
0ca0e928804f179d6d5cf4a4208bcabd677c842fd1893e4b3dbe0cf7b7d52b80

SHA512
20bc3145cd19b17c27474e2f468fef8d4d410fd3b0bfe62fc6c52f565c627a80f53d234a7664900c90518cde98b331ccecb539d5df88228871abf3d572286277

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
d11b1c7e58dc9a3b4f2cfc653412ee5b

SHA1
8ec164e952701bfc4f0458cf021d2f595f4cd833

SHA256
6e7d405f2449e5dd322da970fe067ef9da1c10ca0556a3746a916a32c233d216

SHA512
70a259187bd8cd35174dade7a7feedb8676cae230c900664c46dddc0108cc71986940ac94cc4ab3c0f008f57af06a51d248e011d6a6dedc0e52531e23ddcdbb2

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_id.dll

Filesize
42KB

MD5
5ec2788ed75feb99d2ae277d8499c298

SHA1
dc1ae1ecc81a26d63913cc24360eb8f02ce93109

SHA256
e13b6ed7940546794bca72cfc430f650b1580cd4e5861a6d5cf462af4d13a356

SHA512
6bf90a19278868309c48079801021650363230f078a7246ae2ba742c1bb17176b292057e4f3b169a1def19c38805d0b2a7458deb5dc074161aa4a0f4a00aadc1

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_is.dll

Filesize
42KB

MD5
83d02a0d99e5800d97dc0ff53ae408b5

SHA1
6fd4fc0cb941fd211b78a54842792c3f3e169900

SHA256
405f8449368c4deb4f7666e22d3025022076d2dd2de1b1e3c84568a52af5c1f5

SHA512
04484cf9ed8f678e7493b692495e76fdb2240cb989f99dc00e531375e5ac51e446a9823d5055a43f0b4bcc57414f076ae278a6f5f7ecc5eefe9aca60b32c0641

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_it.dll

Filesize
44KB

MD5
0e85377644c3940efd5468f9700aa68a

SHA1
89fa9bcaa8e35b490f186bd27004450f606dbff1

SHA256
63186bccd65b6805b04e9bbd50e9995edc9d691911c1d7343ea5238aa28d8773

SHA512
73b941b9f18290fa4ce3976e9c72404d6d9a1ee94c6fe800c4ca821310849b5f4be728bfc8055d9a140d0a2cbfa7b0527834751468bc5e8ab5a3c9bbd51b632a

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
09e7fa1f0f4bf4921b6a2d0640b6e03d

SHA1
8b7099e6aa475df8683a35eaec69883a88fe3021

SHA256
6a92b2398956c2c08e4b8e5de13f03d76cc194aedc5a25fbaed1db977f1198da

SHA512
50856c6d0a8777cf07e344f089c5d3698c4c83df756d22080401ac7ca15bce334d95461bbb70251c5b77d6bc28c7bfd53483aa4dd1bcb68a497bed6dbbc3a305

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
03a863035551617985c6fab6b3855126

SHA1
954aac7e6d3e3f747cf83c13bd1a753035adfa72

SHA256
29fd19bfb80fce90bd70d72225b200c1f369b805bad5d655f0ac22320ce3cf37

SHA512
617ed398edf417472844e702ebad8ed562ec66f09df57c44ed9140343f3e8769762fd6c3df41bbe87adb0f897bbbc2c2de2c96d7b694847e998226fe728b91d5

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
5168e5763b03160539f4528aab136b63

SHA1
b14dd84f7f70db5f46bcd2a22ab8b0da8e9f9029

SHA256
fc71b62f5c8278c1400d12b823ca316bf70f19c436c9dae96779723a4018c32d

SHA512
6ea2414656c25e270ddbf8510e623c20d7a6c20a018c7eca465328478ebbea1d6bb43ee8277ffd0e01c7e1d05fe5f1c89f63453e37e852b10cffd34d4458ea4f

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
b50566b1febe1f3f24fe044c1780d018

SHA1
d1fa7fecb4ae6589714f49af23643f347c074736

SHA256
dcd3d6ab6360c04ebf5909744462e8ae2cb085df6b879751acd4ba8cd5f1c025

SHA512
515b27d621d5fafa67f21972f8271dc57cd70cd914e87492954fff70d36346f9e8fc30d3c63b66fdd5e866ac7a5bb6abe01ae621a84f79b6a181bff9151fcf68

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
70565e5616d236e8dd89e2ae4a31042e

SHA1
d9f690668348e1b71747f20acaf06031a799ff96

SHA256
ac2b1b0d94df88ff92c564d96efb1ecfcd6c0047a8f5543346905fdbad610c7e

SHA512
f9058b85b803b9381304228a634026fd7f219ba35aa7635c62118dccc9d1b98d90238fdae0372b0c0c5db32229d5a9ecc275e6cb5e80c3d293bdc6a8212f68ca

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
f32a6bf3c01fda7702a251b3d49de411

SHA1
f3619a21d365b82fc8761c373c93f8b4d198a863

SHA256
9357979ea096791040bdab213328186cc7c491bbfe7b2a8d1ae8d9dc67cd1628

SHA512
782857dcff67901e0b5758939b6386bb1dbab74a084580b754ff0d0f2b7ea281ab9d77a3bb6e35489f3376bf3bbf8faa74088d73bba23fdb6bade687941a00d3

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
50cd19013499dfde488dae01db2cd498

SHA1
b5befc603de96f3f6310049daca9403700733d45

SHA256
e1ad600c6bde2bdccb6ce9155d5995fdb643fbbd8356e4adb78135912d008108

SHA512
61eb00fad365feb71dcd024bf33b6718322b78765c817bb22dc18df2ba4ef117ebb2fa4e720c1f1bba2b87147986518cc2c839a2155cb24ffe38afaa0ecf7e28

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
1fc92feaf3fe7abdff8f44cd95a6d0ed

SHA1
49acfa74a1c86e40e0defe21b9d3fd37d7ac1751

SHA256
7dfb366ca592d21215a506a5de5e0d50c63b2bcc094e343ac95dd2056f13da41

SHA512
e9f43f3c2fa05efa6035c4ba8f14c44d1f61380d9a39d362e9b501ebeba554ec273f6c55de4805a9ac28c46c07070241805d313f7f93c35a28e68e0cf051a76c

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
e95320b6849fe54b05abe5d92accbb2a

SHA1
5b5979481bf1fb62a95f2cda7ac3dc8ab02d89b0

SHA256
e971cab088aff041bb65707f3b2412a896fa68f98430607a990217421b7e4ee3

SHA512
a4c824656a394925b6543f5f60645cf81917ec34ac7493b1b7148241ec6b5dd32ddcfde422fe361a47dc62f31715f059b992c8058618294147bce9f29134cf9a

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
e1f918f01151cccd9499bd3307f7f5fb

SHA1
6ce104960b1d1afcac4e1d8333885dd4e1fa1f64

SHA256
efe2d87e438799e6e92d6bdfdc99e9b72cebf7a19a1eaea50d90c7c65da50f61

SHA512
2281c63ec9dc159568643cd5000cbab879784e59d05eb4a402e6e687bbccaca18af670301e7861bfeb9b3255cb082a06d099778dee7e7ddada4dfb46e80bc636

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_no.dll

Filesize
43KB

MD5
16d108b1e085b0eeb1c756d9892f563a

SHA1
d3ba28af1d3ed3c50ada745164c7c3aba25963cf

SHA256
45f5806a19850f1995f3f64d265e695d1f7616d2be27567615b54eb2c7b57809

SHA512
349927045006a9d5cca0c4954ef319dc42131c5ebaeb2258243e9a7d77cb0a7ac2703768d48e88309b1d9adc8cd905af66ae33b5bde2378ef71ebe8a7d1b2943

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
56351d7fce1d515eb8955696c6b37398

SHA1
09de2c02b4f9aaed891d08a6af6af87104e5b088

SHA256
0be1a1ad74222d7e097cce36ff3ad682cb498e2734eb49a37dd787bef9ecd0cb

SHA512
42ce0a11d524b4372ca7d0efbbe72295aeda4a28ec2a11368914bed25a907b70c174e5312965dda8363dde7693cbecebdbc2f9bcd63b29048318965552592a76

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
e5c4afcec5ea579dcd31183b9b8b1280

SHA1
18d0578850166c77a3edaab9a362c7e30ec95f22

SHA256
75d93fcceab815fa1f81b250dff64f1a72478e16129f41c463d8ceee886d36c5

SHA512
576597262f452e23a36305d4be5b87c80ccaa2cb590923cade6b6e7d9a63993b2f219ceb49b736369cad440a31df536a5b667ec1e1302fa6c04ff1b5553d4e00

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_pt-PT.dll

Filesize
43KB

MD5
8ec1af53ccc008949f67d315e0347848

SHA1
5a1be298a84565f155151d3899f9df881b5d5723

SHA256
12be1148837accf4b61b990d5405d015aa1f60cf4875b954eeb64026d511827a

SHA512
8ed1fd97185a440287bd3ca0890d8911f4a0f3ed095ec581ffedddb3b3162ff91753870a3357bf7733f03766871a5e1e362b7a68dbc0dd4cd4dacc3be0ed7532

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ro.dll

Filesize
43KB

MD5
0892b7189e8e849bb6cb5573b1e39421

SHA1
5d2fcab8939116ba7ea46c469f0308a1fbfe0122

SHA256
ae261c004acde9f744d834c3950019060d248da1f03ebeb5cf27ad031d8cbd24

SHA512
2f5eb30c1d7afb58c1157265c8ce7704cac79fe9d603b3ac9b52ebe5bc2e6c36b5411234330c8854b4e050162892230eab40551b7220bec1094cbb5ea53c3a90

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ru.dll

Filesize
42KB

MD5
41fed39633cbffd4cd271fa35b7204b4

SHA1
afe4e7589b4bd8dda53ab224e9b6e8e05722c0fa

SHA256
26877f7cdfd55116602f78ec468cd6ead411336f0778b2a663c9e1160e79c83d

SHA512
a2ebec25629bd2f427f14deaf9a8891fcca7317a27c9d3abd116f77afb6e221ee2fc865d8495ff28216987e140f2e4650288bb87c1c0d5d7ca2c8cd0ee3b3d4e

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
40ac0ca0256859b4202562f6f8d43a2e

SHA1
7ded27857b368047bd390f2777acbbef7307e2ec

SHA256
0d16ba7035b90b888dddb2fcb2725c178054dd7336984dcf82b2c13bf9389cd2

SHA512
712fbb2bac1daf3fbb1de061412c8f6ccef00455b8d9c19450824df95f29d4e4d4bb623850532d153a4493df990d8937331f7eff9b182040e8dedbbbad6a9aca

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sl.dll

Filesize
43KB

MD5
d5504a4b05892e2ced7a1d7ef17c0fbe

SHA1
e2512d21805ad89f131f9864a9f0ad2d6841394a

SHA256
ebde3e7a2a0ec5e72b408b327c4bc0ae805be1a22165832657688dac530f2fd9

SHA512
a087f7dcc0ac3cff1548653f2641c59fb959d1aff68253ec75b0943f2cb963b75881b3c12fc0d6e472510b3e37d06403b9e86eca12e66468d7c7993ee41714b6

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
00b390ff48c734876bbf5b55e11863b3

SHA1
ebecc0f5114f8ab5d00f66e4eeece92466564fe6

SHA256
242e73248d5d4a77a0dd2305fb0c49c81b350a69ece69be37050e6255aaf5349

SHA512
3eda3eab9c10fca16ed5c22ab4d4e0009dcc2d1744dbcc291811ba293096ce9af1895134968ccc0d1c48ad1048b6fb44f6cc81d8e822d9cbb8673a13a95805ac

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
58367eb2c4369ba9d06b84fc17ad71f1

SHA1
b89194c674c1fbfd4c58d11a816c72d0a5930355

SHA256
22e2024163a70017f9537e4f593faa35ebbd085df0b4e24c645d56ba787be39a

SHA512
f24d106fb06ed70aef90f407c40b851ea3f99a887ea82ac17817c0a0dc64d82e2f9e8e9a6d8d52d6901ed4078c96b57ec2d7e5a69d259dcc1ead54c7fb22aee0

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_sw.dll

Filesize
44KB

MD5
4e7901e6256733322b3f5c0b9337befd

SHA1
0e78ecbb6c7dad2af2aaa474f8c8806bd4c24cd0

SHA256
b6252277c5f69e0d70b5e64b4a95f904528cf0acda0f9852894e22afc1304912

SHA512
0f90828ba3b0a88fdbdbbb1f68131cd324ae0e55e95fc4c33fe4bc8f7222d454b4ea6a940ce566a21695fc87679d7ce2f428da9790231959f686c34536ff193d

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
a1527795ae684f6e223fd469bdbdf3c4

SHA1
a37f1ebb1ec696e3fcccfe0331d1516c77d6caab

SHA256
9b5e34b5bb7081f2f396c8a5eb670617de388bd0baddbfb0009cd95f387ce79e

SHA512
0b0d9aecbc58bbf25836df7285b8bd4a66b0c43accc73d26b0d17c8738d01d18c9e9b476a61d65b677cac6fb3745c6a0021be91b41502fe50141653254ae2d73

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_te.dll

Filesize
44KB

MD5
65a7867b934e0414461365de9792abaf

SHA1
b33517c09a894c1baf8d683ef71482dc12d8374c

SHA256
7d27395c287eace4d9f3a8b4cd6d0f7e765ef1d54286666fbe7726b00624d698

SHA512
5fd019af5c7129a204bba17da99c1b8e53f36510380dd2d0731cb010ffdaed63095883a62f599871c43ead9c3bdebdfa6d18da92e990899c6a31871d8b0ff0cb

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_th.dll

Filesize
42KB

MD5
2324e0430131c09b05e0e244835b7ceb

SHA1
6050d1b764b88b6c8c0e522facbd6356f790698f

SHA256
22d133c9ff5048ea507106d2e23913cb13524fda65a8dd60c55ac6c9a729ab3a

SHA512
497c945b548249ffccf9a87e39ed3ed949b6d5654369cf8533a6894c02d0e6467fdf31eb74a00146f0a4ffe7f1543c54b2456eba165cd89e80c341729c06a40d

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
edf9fe5fa8a8039c81d3e76ba22239a5

SHA1
15947f4a240d124ca6341b2ccc9e5144bbe3c4eb

SHA256
64adf672cc7e74ad03ad6383d4034c11174e857be77cf1c8b3cdfa77eb0306e4

SHA512
e1a708d662949dbae418ae91c48b4d9e60b9554de8d8dbaa71dfd33d4976587fb3ec1992801538ebe663627d055c20e882381334f0f8341729893e45db330485

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
e5ff8cdf7ddad026ad9662ac70934800

SHA1
49e1943ab27f728abf917fc5f384b9ce8987d9a8

SHA256
dabe0697a3fd640fc4b53f9cbaf09d45cfb8eb0727c3d58d0dcc820e7d982159

SHA512
7f9ad7069411aae54bdc86f30d9cc6dde462bc09240d59a1a4ffc3baf46b7314a0eac0c521711208a4b7145131c900f70f4c8ceefc6c7910583b3241f1adb5cf

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_ur.dll

Filesize
42KB

MD5
496f78fe46282f097cf5cc9ad109c9a0

SHA1
d3e0005eecf4be8182d180889f8299cd9b626545

SHA256
fdc4ca8680dc0e2b7c7c8055f2a3dbfee5d20b8f6d7bdb42a171ce7a6716724a

SHA512
260c5a303f1d0fbfd8e689efad7221d4850b118010a6e5e83dcff96ff1b474bff67f95e3ec271f3e7f2f8c4157e9f291b51b9b7d33e31baa7a3ae0e3bb32e672

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_vi.dll

Filesize
42KB

MD5
2503389f278169c04432b1cdc6af6300

SHA1
c365343ed2d0867f27723559ab27271e92fa9a8e

SHA256
1e0ed72e9c9a5c95b181e6e3ae9a42d73122dc642e40e3aa354ff715ccbeda19

SHA512
4f70c41262f067d54268d9cf998002033843b3acbfb0d40cbd4a68ec8d21f0dbf3e902245102f7ca99402b947735f86014530c0b7ed59d97b8832e5e478ffab0

Download Submit
C:\Windows\SystemTemp\GUM5B8E.tmp\goopdateres_zh-CN.dll

Filesize
37KB

MD5
723b9a1b7831cba6e40b17dbfcbd20b2

SHA1
1acbbdff6b1b4a6f146a5427a39f15627020ff45

SHA256
f8625456d271ca97982d2b558ce1b082c94b978eab746e32189f58b178233387

SHA512
b43e232cf80fe8ba81e15be59630a061ec02a6c1ef28767d85f2089731a7bff127828e4f1ad86f46157f77b16f671592d26a5a11837763e43ea49be2950df525

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1123287582\manifest.json

Filesize
546B

MD5
f38c27ff92d4bcfb7b4f2d6dcd2fe435

SHA1
5c6e10d098ebb4df5c3f1b99647b4e755f85a85a

SHA256
cf25d9a2a07805c0e41f00e29197abefc9c7e01f52b1aaf964ae45664f8490ec

SHA512
45360b6e827122ddb63edfe91d77c6eb43a65c6c1dd6ad5fe312d24bd728e5ad35f46d8fddbb1111ddd65487c54c488a86dec1c1fc8d67ed3a821a05b73ac6ec

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_150417936\manifest.json

Filesize
557B

MD5
e1673f83f052194b99e9e60f9850d2f3

SHA1
da7d26779a9347250b9047f4e400338d37e17af1

SHA256
ad6461c8a07240c693aba1a512e8ca386188d85c18e2477c73dfc97a088f7417

SHA512
53241703c170af677b83b915578da4c43c16cff13a5c9db47b6bf1bfba3f2ab90002a135f3cecfe3b3c96106980da4b9026550a5b9357bf92b1b1546b710a934

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1591173360\manifest.json

Filesize
595B

MD5
d8a141b32ccf18f1078d5a79030a24e2

SHA1
9b2d7f5c01a6852dab23e410070e91df5b4b4eb9

SHA256
96db1cab782eab970ea3b92edd8f5cce329dd825cf822691d423bbe34a1b4f89

SHA512
8bfcae04098405fb7499e780cb7c0eadbc3165e3f432dd2082fabdfa19db0c4972918e99c7481423c8c96aa0c4ec4bd0080782148bf8e709a76b9aacebde4584

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1783413437\manifest.json

Filesize
95B

MD5
47fa2ed6a739483170725324293c4180

SHA1
7a6c622d4ed7962f05b762e12e483e569fcd7542

SHA256
019da1e80682b2e7eb09b4ee465a0b19698f8ebaa47a7d88007873adb2620cef

SHA512
e18529ff04525633cdb91d0d77dba67c81dc636e2f27ce776f6d4e60fc8d31216782334ebb254ca98b8bb1c67484ab389e776cd9f825d3bf60c70148b5a61b2f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1849919747\manifest.json

Filesize
591B

MD5
182013f93275834258aae541c4817299

SHA1
c3d91cc87e9ce91c0f3bc87d60be49846585cd6a

SHA256
bfd52568c719f0adca8688d5d8a1f9a72deb438e40ae838307ed90a0b8c8d0e7

SHA512
e166d59f57cc794abba3d60321628cc476ab519dc86020703445eeef8c4c5978a1d96dc81eebfd472a0025e7794f1571872d647028cd11251c045e738190cb7a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_18869233\manifest.json

Filesize
564B

MD5
1bb434da9f1b3bed945377bb15c0c018

SHA1
2b0dc6b3b116ea97bc04746878959c3728edd290

SHA256
c7e0bf97c4f454a9beebbb72d05d60cc36ae51e2b7a3f980e9a33ff085db0206

SHA512
9eca1653e85f1ad51384207a7eee914bfdc011ad52f78e657a76ebe7a7215780c44c6b8f609ec51d1430f28a6f8ff66cf79e08cc6f3131f7b7f7d2954aa3223e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_1949512041\manifest.json

Filesize
562B

MD5
112550c1d85cae08309caeac28f49ede

SHA1
8bb1db2198269534b55a89a85a5be7a4979d188b

SHA256
2471f99c6aab1c8e0f30eac6f99a47829b754fac453f240d75c684e8527050c2

SHA512
d82f02acbfe816b1560f555af564f662668700f29f5a6ea1ecd9493bf83d915f7738c3347a905f0b7285fe2b61a23f83a4647f7c62925370f92e481f3e6dc71c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_2089020320\manifest.json

Filesize
577B

MD5
e5c3677c1e314836ecbd6037f196bf4e

SHA1
de34ca54e7f226315d96e7cd9f5f17a9d87f0f51

SHA256
754fd8011a40bc0516d5b193aaaaa1c8af9668fb91d83472b2d212f168c478a0

SHA512
3efc1d4a8695f885c99b05061a09caff4c74f4b6429dd19f5ef527da55ef59e40f4d7eeb8a66563c764c4e53f98e92738bae0f9a7a9ca2ade8aa9900e9859f0f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_558828294\manifest.json

Filesize
76B

MD5
5dff1a50b2c589ab1a127b0d434bfea6

SHA1
2fa5759534795059d942e64862fc77d01d160dce

SHA256
02a9a124bbc2a5fe39f5f07b042e63bef30fae2493a5b0cd06141068ebb39ed2

SHA512
cfbd287407b1f7aa8d8ddd0743adae580090a5805158d1c1d0b300c43ed38e6001ab496e5d18ccbb7e3cbdddc9c2f46461f6a4cf95638ff052eff009799b3b8c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_572393133\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5008_831961585\manifest.json

Filesize
584B

MD5
aad9dd4aad1f2f938385a9c3ba710ce0

SHA1
c47d9d74e87b63991c0fce3a1bc06e6b0ea2bf2a

SHA256
816e255d4d75a327acc11f8cd7b5c3e1066418a0608c566c78819526bb18859b

SHA512
8b268d49e39f5adba1e2f24bea9be97c0cae9df8cba04b0d53013383d2d2181b3c921d686b592cc32eb795e84250fd5c67eec5b5d96967acbad0c4bdef47efbb

Download Submit