Malware Analysis Report

2025-03-14 22:10

Sample ID 240613-e9eq9syajp
Target BraveBrowserSetup-BRV010.exe
SHA256 b50d5ffaafa1f3367773029b0bfc39915cf83cef76fe01145272d6b6861073f8
Tags
persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

b50d5ffaafa1f3367773029b0bfc39915cf83cef76fe01145272d6b6861073f8

Threat Level: Shows suspicious behavior

The file BraveBrowserSetup-BRV010.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Sets file execution options in registry

Checks computer location settings

Loads dropped DLL

Drops file in Program Files directory

Executes dropped EXE

Registers COM server for autorun

Enumerates physical storage devices

Modifies system certificate store

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:38

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:38

Reported

2024-06-13 04:41

Platform

win10v2004-20240508-es

Max time kernel

114s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"

Signatures

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_no.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser_64.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_da.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pl.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en-GB.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_th.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ar.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_uk.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sk.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ml.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-PT.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-CN.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sw.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_et.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sv.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ta.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_nl.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_mr.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File opened for modification C:\Program Files (x86)\BraveSoftware\Temp\GUT541D.tmp C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_de.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\psmachine.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_da.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fr.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdate.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_is.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ru.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_te.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ur.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\psuser_arm64.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File opened for modification C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bg.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\Elevation C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\LocalServer32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher.1.0\CLSID\ = "{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ = "IAppVersionWeb" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ = "IPolicyStatusValue" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5F6C285-BAF8-485E-AE75-1F1EEC8135FB}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\LocalServer32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\ProgID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\VersionIndependentProgID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ = "IPackage" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer\ = "BraveSoftwareUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ = "ICredentialDialog" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback\CurVer\ = "BraveSoftwareUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateOnDemand.exe\"" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 228 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe
PID 228 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe
PID 228 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe
PID 1660 wrote to memory of 3264 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 3264 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 3264 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 3964 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 3964 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 3964 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3964 wrote to memory of 2192 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 3964 wrote to memory of 2192 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 3964 wrote to memory of 4116 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 3964 wrote to memory of 4116 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 3964 wrote to memory of 2820 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 3964 wrote to memory of 2820 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1660 wrote to memory of 4516 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 4516 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 4516 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 1004 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 1004 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1660 wrote to memory of 1004 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 4432 wrote to memory of 3640 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 4432 wrote to memory of 3640 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 4432 wrote to memory of 3640 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe

"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntERjc1NDlBNy00RjQ2LTRDNEEtOENFQi1GNkYzNkZCNUU3OEV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkVCNzUzRjMtNDUyQS00MTRELTlBMzktODdBNzgwRDZCNjU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2ODgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{DF7549A7-4F46-4C4A-8CEB-F6F36FB5E78E}"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntERjc1NDlBNy00RjQ2LTRDNEEtOENFQi1GNkYzNkZCNUU3OEV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QjEyMzE5MjEtRjQyNi00QTFCLThCQzMtRDZFMzY4RTRFQjY3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg4OSIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjUwNzkiLz48L2FwcD48L3JlcXVlc3Q-

Network

Country Destination Domain Proto
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 dl.brave.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp

Files

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe

MD5 f0d250e7864b14a6bb54b3dafc8b6b36
SHA1 3b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f
SHA256 32c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b
SHA512 60bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdate.dll

MD5 425fb0ed44ecdab114df186a030547d8
SHA1 1b0cd116d278df4226d9fc097b4693c9f358eb91
SHA256 f04aecd02f82ad74c20073e2332f40efb96682ba52365cc257e43adfd2eddafd
SHA512 fe5d08636434246a77ca6133593eafd71f1cb61cd682dcf085f08dc1ba974607a779dfc45bf3490b8f1f6651f8b349989bef586477b961932dd770d2b487c4ba

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es.dll

MD5 0f2303e57a3ef541e578d363da51d109
SHA1 4101860a5e3d027ab6a298d97f8317c37815364b
SHA256 eb0086e4a303374cdbc5c118d430b2d3bc66a658012bc52876b39a1867454fd3
SHA512 27f85c516f2d6d6f6224afbc944f1dc7f7a3654e0d66d28fd55126650e3b9f28e7471738634cec5d3fbd53699bdc6005561ffe9c0c074ecf5acd871d1b4ff105

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateCore.exe

MD5 446b52ab736570578f54bf7eb314c86b
SHA1 57c1f8619a911ba5918bb3f57cd37eba0972a7a1
SHA256 e4e87b90282fb321fe596cd98f7cfc18950bdb6092c5b7618fb5e3ba92847a13
SHA512 e564f4d2389616613a53c7c15b56779859cb2fe079a3c5a3e5be7cff6c1aa754cd8cba8f2c9d30463f06378e5f3e05fff01e27edbfae7cc3e97345646cd38066

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_en.dll

MD5 6e49096336c7c85f926fa680899928b6
SHA1 f39b3e151de9622d36932e14af25cb1352fa5e7b
SHA256 b3af09e3c984fbaf282d63b4eee7f3a1b6aeb658aedf74f097a0df1d725c5074
SHA512 df1567dbc9791ac18a11fb58783b96cf74d92076802f234f851ec10857190211dbd0240fcefc701cfe63eba97b3147e77098850cf087f334fffd498def3c754d

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_el.dll

MD5 b7146b5a2284caa34f796896be60c6c4
SHA1 4d167a1c283e362456dba3f4cd4d3288ac373a4f
SHA256 cfd331b344d1bc7cb3668e8a2befbba9e074d5925c690fe353d4942ec9683df4
SHA512 ed942c2fa844439bdf480d21f7f3f0645ffd134c987abbfe26b29bd0d196754d547a026138482f8e2fd6e01263f95e36d34a1acbaac4070c3c922365e3469534

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_is.dll

MD5 e17a245f877ea52ea79765cf445f72d6
SHA1 a98cac81db593f9d659368644ed23cc0c4a08cf2
SHA256 5e2ddbdacf1859c554c033d6e5eacf4fa2ae580e9eb0f49d6a48480257f37901
SHA512 32557cb0d30342cf7fa5a9221fe5120b59c3ebb3e0403b3160f9f1e59323990b16b543ec73768df5b2dc5250c098f07a05f385b7f893a9f1d4df4b25f1e53b32

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_kn.dll

MD5 7ab202203c3e2e93cbfadf05f9415ef5
SHA1 49e721c7948574534c0b89af37d92c361470df2d
SHA256 e1c53bc58018eef074e489c179b29d8ccd07c12a2cde50b15530ccd209a5155f
SHA512 6827bfad1e79a514a434141792a9818daedc3dff3bb0eaca3d7d8e9e03838cdb86d3e4d0c8cb893bca2d6f5e44b435dbe779b2aa18c9d56446e3f49e8baefb5d

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_zh-CN.dll

MD5 0807af67591a788a838c79d77b4f387a
SHA1 d07992c36dcb8149abab3cfbf27d20f8af44b3f4
SHA256 9088c76ea6e42f911692550fefa396db3fc53cf66e33a0984befaf3bf78eb2b6
SHA512 2ff862e76900b40f273daeb52e8802aac7923b663339860442868173f3aec4cac697986d7f0ea0221b8d823d56021c589f2eaf76fe94e2281276ff646c9dcca6

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_vi.dll

MD5 c2725d70141461f3261050950d3f70ac
SHA1 ae1cc4cf040f89ea1f5728602dd79496564736f8
SHA256 54be4019c4200de7f8ca7f454fd45f5e20179214dab7dc2f5bc5e2cc0b62ef2b
SHA512 c4226761cfec9c85638a61e0602c96850934085e8e8822a7046fe504fbc24a8bb20b47977ab29357daadb2974a6b653f4ab91934f04a083a82e2f9fddb5ce499

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ur.dll

MD5 20957f5b49651646ca2f4762347081d3
SHA1 5cda8ba0663d2903b50ceeb78df869771a207f36
SHA256 d2f2e50242024ebf733a8f5d3f9d730709dbab45f6a04c6d0b1c52e537ee695e
SHA512 f3dff23e7085366906cc2d8d0d6e041c905fd2c27832aa0eaffab1a7c10e6adc0b5a1a7a4ba062a8f2c0dcbb9b6b2fb982bd994d99dfa5e7737b4adc7389c60c

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_uk.dll

MD5 a71d507c173f643c1b34bcb991ed7461
SHA1 0ece9f06faabb54aa1cccee9da41a20b0105a25d
SHA256 86cb6ab2d72905beaca1e07cef2e9c28f4ca701dbf3c7ac64347a81d51fba899
SHA512 7f80dc6bef345ad5ec26074a11b811cc1a7a378848f984b1558514fb79fef6c159cc195e96c6c113ee90ca672c9b0d00ab938840fe90ad67c5e58549ad7d2236

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_tr.dll

MD5 573d166d52b5f529b73148ff97c36b43
SHA1 2d3bd899ad788701102f30c0709ce4741315ef91
SHA256 3588ea973f174e8094e026c4cecea21899203a709b3d3d1e9d3c0c8025422136
SHA512 2bdd2fb71025721759fde516249cc819b43adfc6a3b45a4ec370456b8878983c2a4784bd81e86290e80bf8426871b63555ce021f54148e1421d4f59d3a45ac2c

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_th.dll

MD5 6f105b58f0b8c834b5e09a0023bc85db
SHA1 47422bc162e8ef8ad2a5839eb3d9ac39ee7f24e0
SHA256 e2b0b292e94efda3540222a0fb50995243e048de5dd848cbdc7787e4da9886f4
SHA512 4d837a129bc33092a036a32959a985723b815e5352b12468254d7c540e3661a1ab871e436d2089d770a7e62fa74a52d2f7a6458cec45a3ec9afd0a93a6f4105d

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_te.dll

MD5 76a32900d5aa8725b0e92b166f6c8185
SHA1 a8ffdbe986abfa1c791dabce6afe5f97346378a4
SHA256 e523d100c82babccd5f3812b9046b0009481dc3acb012c66fe0a63fe9631e788
SHA512 60aa73fd9eb5b603c0cde7dbb9255d8049e9b2c1b84d6424f371987afec4ffd212653c4acb9d9ced658b24c813ebbcd7f295725d80d61a256843584d2f0ac6b8

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ta.dll

MD5 a001e0b7b98b4b03f2d1930adfd18bcb
SHA1 ea0508c7ac4492b7aae67d956208ddf32eac62b2
SHA256 d92fd88a65c82470708082db14c632cf435f2fcc440d70405d79ef46b71e1b44
SHA512 f094aa3ee4eb0fdcf7862eb7b1c3cc29749b398b34922220247dd4f5722a77bc9b29a0fb8a9e98093be281934e69ce260a3f9db1edff96bdccc0f8763e18f823

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sw.dll

MD5 c55d0485aa3efb1cd8d40502fcac6d42
SHA1 98753e245e75dc836e4c1c7d3dd0f60f398a5a88
SHA256 9970bfdeba8af473aebb8c1ac7a611a794470e6577836571b0841424f69aca5c
SHA512 ab4cd9c930e3c574367d6335e5fdf62bede063e785de4e936716bf0b3de9d135c6918c10729614a8bd52f971c8e4cc696e8b3bbc02aa93823cc45b5eafdb8c54

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sv.dll

MD5 14afb6448ec63a59c064e1673803b42c
SHA1 4d099f9f7f97867a6d4a9829cae420b3622704cf
SHA256 2c8a0b42d563ca46646a242203c2d9d5dad6f4e0711545e7126ee39df13ec3ec
SHA512 0563e35d823beaf2507c6049fedcc7d1f5c901f1244e6ddc267f6eeb76622243c9a7ea4b8c365db46a153901c859b025883fd647a8be40952de525c8b224fe41

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sr.dll

MD5 b6befac367c018108fd5906fc7d2566b
SHA1 55c10832d0c80c82c433664f87fd96e905b6c09d
SHA256 1171365e27f7e846077b2315df00bb4b680700d9878df20bacea70461e4b344c
SHA512 d5a2ba5a578042ce945994d9359c285476bf322b22f8f447b752423821c346302be89eb813017c88b15c631a52393266d93f0c8b801ac76f92ccfcc7d246b83e

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sl.dll

MD5 a58b58776525a77d838f371c78712109
SHA1 a37b5fb6a5dc3a90a60c7729c13c3fa26e8d1fb9
SHA256 dbbb61e3be906add7e38e4cb0b9fc71e2c9f4acbd2ab8a33073213973c027abc
SHA512 108ae55708f1fa935886ee00da7ad96cf1e3e98e7f3fd5c1d70f1d5b574a46515e24a861072e3303c8472f3b193e479a6a8d94ac0186a67bb43e81dff1dbfdd0

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sk.dll

MD5 de8341aa301b8f2423540460cf5c6a66
SHA1 c8b21576aa2eb7f5fc995d7495a2e0c9f35ebff5
SHA256 3f2c2b18ed01af7c4752a550d19fed8c6600cd19ab18cdce1ca97a018cac2a7a
SHA512 6ccf015fe8fff65fd835af84013450451223d85c17c2b9b2e7bbc93239cf356c4c5925efaa42b82f708c493b0901407dddd74a891d37511e926486e3a4542050

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ru.dll

MD5 ce602cd1ddaab5278224effd2b90ec82
SHA1 6f8f1d4b188406145ce53459e9955cc484b62e41
SHA256 aaf0079d188fa62e46541a0bdf289fd06034b651896aef61f5afda4b0e9940df
SHA512 5b7238d9a52be626a32e19149db1d9fb626a995fea3a219c6eda55a9c8c08e1f4053393d14a7c3e955c645653e14be275efc56530e9dee9fae495ca426a4b371

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ro.dll

MD5 07e7507b73cc6c1e66525e51fd987673
SHA1 3f6d737159cb1617d25b65fcec769bf503e4bf50
SHA256 31550a0a85d539ad554f1813939cdbfe2201b74343d152e2b314f23fa2cf2cf2
SHA512 e84008a33644bf0ff58d4db9d0dc03c9866b43c96c28e5ea614b22e1f3d857fbb7f6500f412ec18daa9263e8df2e52b30e3b6d1d4b839fe7575572e590ffc9ae

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pt-PT.dll

MD5 a44b2951b8020b19f5e7033d86271501
SHA1 12d2c7b1ce8771497bdb5ccbd1a0b865d780b7fb
SHA256 84cfbbefd4f907753a7be084508c837dc76d50eac7add47f84c08ab8325e0775
SHA512 11dd842d978c0d68e3abd1832d96f005688abc67f463c5040ecea1ae30b68965d78b9eea3c20e5164ba7315fe4fe676b2fed6c63023af07241c26c799301f87c

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pt-BR.dll

MD5 06426adb39c7d04e154cef66f83bb76b
SHA1 a77ffc4d4d0d1cae30a52eed7b22439a641654ba
SHA256 91912825171e691cc09d23c9700cc5e201c796dd1d05275fa5a410c20f16635e
SHA512 a8a2a9f784d42ee90c67f9176dada4796ce966c002d6a1e229c901449e928bed3c626c53e261c46af4cd6bb0b866372d4172e41e3d50272a45c3f40472be0b53

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pl.dll

MD5 65d5304dc525e2d823b9b4e600a3a829
SHA1 08ff5a65ad5b334514ef3d8d09ca7bef0106c5b6
SHA256 6fa385b9686d1257d177797d44713e2b1a7637d3d4bef1e768df9ebd1666312c
SHA512 0282393dc68c6b62cd22ac077d04f6789e820d07e755f13c3e8611f2b90f4ad75f5054df76ad96b6444efe4c50e11c4f184f852ad37d427f7a4ddee4eb21df92

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_no.dll

MD5 a24dcb087fcaeacc025d843d0869f954
SHA1 249ab66b5c1d669f3c0b6caa365d00c4146c0ab3
SHA256 bc45c21099f4a178fa5de3e2fd56d35b00b9a61e21a83bb9127633970d2d2132
SHA512 ecf43a01a59ca1968929ca5216d243cfae6f1f03a9479c698193088d1b4c2cb5ae8a3b0700de4661a5ce3f98519f2ec3d4461ac325b4435164445fd9cb040155

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_nl.dll

MD5 3eb899744679efb5578c31b9c766bbf5
SHA1 dfcddbec505c669eba2186eae14e65ddecaa5eb2
SHA256 056ed59f4a7828bd276cb8fd981b7fc6e3a0e87728ebff818b6b402222ee0692
SHA512 dc0859e5de747f3a7b2e60e59e77529c1ba890c12d7a800ca86b1658534ed2317c79ebd64258a302da949d4f2965ecb53ae1562e9627d0cdd09e821b179a3f23

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ms.dll

MD5 e1ba983bbb648f9c4eb34690bea2b3e2
SHA1 378d8138e732cf8841ab00ad996cd83520135864
SHA256 64e9ecdf1c3ac37bd76712bf245b5ac443361a33c0280436aacdca6fc0361156
SHA512 ef6c07dcd8dcf165b15b36f908ee1d3cbc8904059300ed325ebe44a695a84f82d6fdf77e2986ff862a4b6e5dd6951aafc0ed6cadb9bd4951958d78a26fc5ee8e

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_mr.dll

MD5 5e9550fde47f0781b8e154ce5c2f5001
SHA1 02542cc304c6836d50e14eac54dfdd81404d4ccf
SHA256 5d04d7c835c5e47b33801d6f7c653689e5fda10716aa7304775ed681f617a2f2
SHA512 159cca5365dc319725493448ded909f91c23000d11facc30a4942e185775ab4910015ee54b10c4cef218dfadddba7be0f46c872e4442e40b86dde5a9d1c777df

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ml.dll

MD5 31d5214ab31228c6d21a904b2928314d
SHA1 bcf5325e3c7452a9bb7ea5aa089755af0f13beb1
SHA256 3ba9949b02454c3dfa1e8dc1c9e7238df68903922ac571d69c5a0f752762d3de
SHA512 0bf4f3f9613254ac54440a12d308351f9cc151a22be0c7ddf74429cb99c80999c2a1fa06b9dfd7546a4c7a174417f98aef8bfc35d5a74919735cba9953db73fe

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_lv.dll

MD5 6c0b96b659ba5341871b23cb35c6b075
SHA1 62667ef0cc8a584fa9cf420255ccf4ef15cd796c
SHA256 6f3626ceccb4e6881f7a8c304fc1c2e61f349028a5707d3f0d0953607692e356
SHA512 e22d6033542b0e01da77fae6e2307a0d5040afab28c4ec18b08791d0f9ea1d12d22f17e9afb26329cff5e3154f9c150cfa0e9b2f1098fe74cd73db94b3eead20

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_lt.dll

MD5 20d35ad38de3a2d6039ab7cbefefd934
SHA1 e63407bf6e24e84b8b79e0e9907a4ad50be9db6b
SHA256 ddc2b0b06879646dae25628884791e83e44f643f7936f4e1afeb46fe821e2f27
SHA512 8569a4531dc42df34cb51dca4755075cb72bd27ee9ef16c7f80c09c70ebe5149bd8fabd8de50ceddf09b66ece598bd00d9c8f881467c293d86d882dfb2a04370

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ko.dll

MD5 694c6110a1e3000fa88f1446110ee47a
SHA1 918fa95ade538d63797f9d8e9a29097a6bf693b3
SHA256 930571c7da4db2ef38dee8d73561638b46b3780fdce69f3e2e1024309d296be3
SHA512 690f09eb85e425ffe005c99f8310482d1b3f263d7faf4ff12f409cdd5f7b396bc7970b022c07d5ffb6c194ce82728bc6c2a319736875e6da73503f500e3d5316

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ja.dll

MD5 fc0add911479cec4e7f0cba896fa98a9
SHA1 d6f5cadf35ce0703373f51d5c25bb85be9f155f0
SHA256 de6583309d8fec0c7d257957b84b6a88795f95ce1de676da580394f0c5e01a78
SHA512 b81dc8ca5efb51b9746cc5fd7acf54d3e6bbd7991289801598a5c8339db0e7d8a3c023b3e85924f0c6c57fb9dfc7bfc12b097bd2e9f713f3623cfc651ba5d0ee

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_iw.dll

MD5 f3122cd6edc860701d5470f7b1ec0b68
SHA1 6ab7b6d47a390adcd4084607e9144fc1f8e86ece
SHA256 9a29d063946f8c0a5da0dcefbf78713bea82b1f9b57cf6b5b185887ceeed4a13
SHA512 2772c467df0082b18ed56a6b3d344bbe7d9222dc3ce928a7976477d9b3abaaaf332048942f0aa0687db836a081035c6f9ef623d2f5750913e95bb6795f1eaf11

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_it.dll

MD5 a15bb0d59421547421d71d4962bdf795
SHA1 e48c005809bf22ded4ba75ef40cb741d85a96f05
SHA256 0ed00bf389610495958fd6cbf55aecace8fca5b926eb775d261d381ce0389365
SHA512 4f2ae1262f50cb5479d92fecc7d34bbbdca71c404cf74aa6b365b37081e938068c03d8361fe03577803d91ee3ad4d4932628f5e151f69e08b4eaf94563e18504

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_id.dll

MD5 ac167b4fa1fc881af6fab61a5cc71fa9
SHA1 c778c28fda65266e4e9cdd94b540d6bf29324f9d
SHA256 6467486124474582d15362b44a31277dfc66542c6dad46e2d088a51c53beb9a0
SHA512 1c3afb502c9212bffbc70c27bd2309d6047b714b7f962bdef0e8451aafd89654909cb29f609e289f587e54c596e820e9cf50dba2f640840cc63a1555516bc53b

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_hu.dll

MD5 9039222c620182dbd7196f2f6d45c2e7
SHA1 b10d174098932855148f9948efcd8896ff49c659
SHA256 97e81e293bd72e7cd31f43035cb2725ce7bd0062ee31a1459480315266319c51
SHA512 5eb42a09d01335b950425160e10498db4bd36ab78d24fa187ab226cdd72c1c03887e529e6a0897388a2a3925bf2ecbce8d5784ec7ab687f9e17b477e0d1a90fd

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_hr.dll

MD5 fc1a1ea0e66d6a11bb52a0f326d6dd9b
SHA1 97f80b2d3bcd04473f179382defeecd431233a44
SHA256 323345ad30bcbc27b08d84d628e06265196faee0f33e27c99b0274525b9430dc
SHA512 63fa3b7cbbbfbebce445cf3afd856c13fbdd050b1f6625e17c9a5b8d95ae40eac0eebada1f436d119074b89c74e001fd23edb32d3c465204e9df1f089cdaec5a

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_hi.dll

MD5 61ae65d900868de699ea1ad6477a4ffc
SHA1 05bd1542f5367f1b6cde1bb47e265e742b234ae4
SHA256 c694f476a771e31f3aacc0ffc1fed121d2d285785d8de2d5b20648fcc565c01e
SHA512 3a58d8ad6168a816cd15a329ff2cac593a983a163d5fda06dea182be2b10c4dba08dbfeb3fba6b0c84cdd8fdede29cf9fd88ce247bcb9d0c72ac67256db398a4

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_gu.dll

MD5 8e18fbf488012ed9bd006c2b64ddbf91
SHA1 65296023303ad62fe6f26fa3749a2e517fd97744
SHA256 e01cf3c2fc0d7c17565da5332d816a4e5bd6a4441d177c75f48b5ad98cb947fb
SHA512 c404aa456ab0c72dcfbe00e27eeccc989b6cca38540a91c0affcbbb180e778d0dd31ba58a59503adfe27d76b0012941706a690e8d75f682917ffd5cc9d70c268

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fr.dll

MD5 1fb7914225491072bd504285a259f363
SHA1 0500cf0b9f8663cc67c24da2b76b7eb4698b6dde
SHA256 c6a1f755892ab43ee301671ae204828b55fe76f106e6acb86a3c08e8f287e87a
SHA512 f618bc1228d8f07abed48a203b0051b76119f7bdf4ad05d7d37c2c0e0241b79149fb8d17620b4b3a26ed026f3e102445e6ea9672f973fc2258595544477051dd

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fil.dll

MD5 3f890f3ef795ff8d0f500f1886ac9f06
SHA1 8ace45cc32c47f53fd811e36f6d2a8ab1ac802e9
SHA256 95c44399a59c946bedb0299ff9544c049594c42d7e0cfd26c3d9c8d2e1d1b072
SHA512 5370cc9cae35b78d142602a9041375bfb0b136953dbe42fd46e539a149dce0866edf4c393b548f79819a497f25a5441bd7f8f1c701df8894bdc977c7c901d599

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fi.dll

MD5 0ff4e81ddfbdc555d6e8372e6defc303
SHA1 27d301c951babc4be19d7043660a37c68a9a6f90
SHA256 a622f04d1f67ba72b32ef542b0389826a6b857b3bc43a6db4afeb7dd1b0ddfcc
SHA512 40a93ea44c38b4167ac19ec8c7a06d65bbf29d9bb7551a603e99d77c4e108f53c7fa884a16bea29c3d170088ce5dcdb73169650912891b3fbde703fd3011bacc

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fa.dll

MD5 29e5800dd3680b7556083d3c21aa7f9d
SHA1 9cb9e706b7db0683d6692ab1a2ddc76852848c25
SHA256 abd8f8fa1d2da479cee58995fa7bb58ee4cf667a707a06b59d69608275e106ab
SHA512 45cf0b891398330dca1ce681826a3fddc5f0d1e0032739cbde875c42bdc70eaee397dcf2cfea8c8365fa34569bccb897920d79dc7c6f5667cbafdcbb4444124f

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_et.dll

MD5 20fd1d4375f3b12d26c318db7b6eabc1
SHA1 fba7ebdc65351ba9154856df4dbfc13d6430602d
SHA256 ef6271ff6cf23e42f22b701bcb9fef7e171f388a338b7ac222b75eaf0ad1a8e5
SHA512 f8a41d86281993c306a92f3d92f9946d38d343ebd575e2ef57c3896fe6a8754a2342fe65d2858dcd2ff0a1f97cdf1df9cc2f1f46b2abdbb82ce0d8328eeb4876

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es-419.dll

MD5 42eea1071a5f56d408ae777eec906cac
SHA1 afa8647d5b988796204aed778978fe6623b03c85
SHA256 64cf61cce4eb4437883b8880a32b0e53fc4cfbe3da5c3e8fab51dfbb8c6aaf22
SHA512 1a444f747dd0920bab930fc144df3b9c9b3552a0c93785583c047e564beff3cdaeee0b55dfcbc1dcf5652982d2ada53a0689745d4442e6169113d9c60cdab127

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_en-GB.dll

MD5 697d46636189ad7f393d2c1c8a0e29b3
SHA1 34c5826c09e292250ace3c44cb6cdbefe4328e6c
SHA256 52ea75950a01f3aef7bb373632987cced0e7d82c34e70a5f240bbd30ee80e0e4
SHA512 2a91919386c8e40fb9194b996fb57574421e95e54306958d36850ebb4803b1a3f978562de9eb2e350e877bdc049f13f2c850a35ae97ad6c83ea77b424ee90afe

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_de.dll

MD5 9efee16748f966afb5eb87c23cf48955
SHA1 26a2e54936fb8ef7270b1aa25d29e915d1675bc3
SHA256 90205eb284cc94fa83c051dd4c037764e1ad70bafa5ddd255cc202884529a3cd
SHA512 234abf150ebd9001b8fed17675872bd3adc9816724c06a8007c4d193f8c0dd8f52f695091a34c2481e7bfcf479692ab70883c8125ab990a8947f8ab34fe3afc1

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_da.dll

MD5 3443f3593a93c3ec1c7b9af9bc0fc942
SHA1 c6325c215ae0fe9d110af75c18868f2d69dfb167
SHA256 d0b405eab9e2a572444e8bc5563d571861c5409538df80fe151155c953e687a4
SHA512 3fcd0ec2ae5521801ed3020285c5f50162266167db4024c3330a0284b682414a3d5b3060239126bdf167f1ee23edb943890718e89ce033a9652c7078ebb50ef3

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_cs.dll

MD5 8ecad669fa5eea1be1fed2ec53243197
SHA1 19f931678fdffd726f613aed587c67e2c28b4d9a
SHA256 58fe2338f042124893a98847051bf34fca987ed8ba8bfc114b7548a692b7a0dc
SHA512 9904db317d304d80b26502b292edf4b51940802b9b3e5ad5a1ee642dcb1d8c5788768ae309aa29af603478e4c6c2755ad6c088cde18be2d6a975a3d3dd36398e

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ca.dll

MD5 262cef98be21eaaeb6ef520e12d15350
SHA1 cb2d4532346a442b8ea8c74d95cbb37987d09630
SHA256 f253c1495083fda57f8211f8c9339cde93a1c746307ab012b83e4e1140d4f811
SHA512 6531b0264b265af3be2cfe2757b47d9eecb9fb76e85b9c741b7a58401ba6c5d24d34cb1e7c4c85ecc14f256df30d1bf3a9ac602a4c7c368f1837ab7993a1e3eb

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_bn.dll

MD5 a7396703ba43c67fcaec6b8daa5dca50
SHA1 b24ea41d80de7c9f04ef1c15a8bd296ea604a136
SHA256 9a6abae8d97d66ac871b71f02ad2281dbdbc3f91b92ff4d423f80a0839322cbf
SHA512 acaefe1dbcb1297cbf89ad7f120e5f1216b39562d1a1ee170aa8b5dae1a29ba89565eac4550b41297ed0986f788a081729af757e7e0c240c38bf16fc1223a0d7

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_bg.dll

MD5 5e7bf512451e8be7c6730a923e366ca6
SHA1 5f7b5bd2d71fb12f685e09b453fc9c927b6ab715
SHA256 fc642a0ef0d30990d41695dd322ec8431dc735fc162fb33aa467f6acc39028f5
SHA512 2fd07507ffc0361e3e3c2494bfe70f0c1da4f914d7a321dc611c649ae3699d0dd6a763d7ff518cf1ab0e34b43bdf567371b90edfdcadf551f9c387fd444c495f

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ar.dll

MD5 d6cfec9d78ad35c085b90b31b9d0c391
SHA1 53ee391109d899dadc0325bbc520e63eff69c2ab
SHA256 aa5ecd1e8cf81247e38003aa2768a02756c98f6cb0e0015c8ee1d82ddc417195
SHA512 74fe296f3b3a5ca9d0144f49dfbaf716780cf7033061dca9519cbec8795be1c52cf88c051934a951e6719e6053f9884b6531bddba0cc33169aba276cce437923

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_am.dll

MD5 4bfcf96bca30c7596fdc8077d3f1b497
SHA1 46d5076d8d789de2ee05dc4594ac4ecd3ba9bcd3
SHA256 dc6bcb120d3b92c4e91ab14466479530f4143aff5d10911f1106d5c465ad1106
SHA512 931946343d6bcefdd6a9fbd06063956d971404bae4235a476a20601115a6a0b9add473a206d875ec940a0801763587dedb79115e29d7adb68aca85559273442b

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateComRegisterShellArm64.exe

MD5 872c3539d0e09a3dba481e917ab95bc0
SHA1 7bbff10934cc669d20eb3d5f17da3f875b5e51fb
SHA256 f8955d34c1e9c043b76dfad0472561ba5b74eaec7667e461d745f9554e787f68
SHA512 e07907943b3a3133d74995d3b294c370adcb08750ece301b970c66d92451c6b08e9a68cf20d18be92782422275d3e550c7bb2c94c4f3f7832ccf76d5c4c7e6d6

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateComRegisterShell64.exe

MD5 e1b88b573ec7bb96c450a2d9dd23dbe7
SHA1 1d46e35764a43515237570bab59c3a5077eec4df
SHA256 4417306699ca5d2265c0bcf312122883bf4cd44f2b78fa524e4dc15b76fd617c
SHA512 9fa7d3cc12f777ecb4980e4cf118b2a1cb47349b1c780665f0109593e8f4f8a4aef626dd080ade25f40a1380d46684707d202c465cf82b7f2db0aff9480e929c

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandlerArm64.exe

MD5 9a7b4118c28a676f1e9cc96b3ecaa502
SHA1 4028efa79fa8264f99ad3387e63c4e241f33954e
SHA256 5414f9c3ccbbee1427ca73eddfea795952dfd47f86da45715492460ddc033842
SHA512 f7e755262d90f5b3175d2968805976e5fffcacba436ea19ac906a5788408987dd47f563a305629e4a1efe3783533a67b203a2a9a19eb89ff39db8f68f0ce942b

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandler64.exe

MD5 5a0b2c88d214e16b4e1092842d8ef470
SHA1 e8c842568350fcdb552f7b735c87d2714dfb244d
SHA256 f69597ec823be88eeb7148fac9387a6025dbcbdc665c1806dcc566c9d2d1bdca
SHA512 2abd57360f3c7badba40d7d273326aee2080740f454129384629996071a41be619fad9f1c0dc32167fa6506ea02a1421f64ad40249c997c8affd4242e5b09307

C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandler.exe

MD5 d77a3a619b3857fd8e44fe2cf6ad80bd
SHA1 d37e6b4f5445210a0be96470ec530b695f3acf6d
SHA256 7fb51efc6b213b0358cbdd43468b2334cefb3e0cecdc6011284f44204c3a702c
SHA512 1cb6ad8c5138d25d715b0b70590dbe39caad6abdc2c650483519d21d3865e01b48cffbeb061c28a2010d729d07b94ab7efe6c1059206e7211990901b7eecbbe8

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:38

Reported

2024-06-13 04:41

Platform

win7-20240611-es

Max time kernel

148s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"

Signatures

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_de.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psmachine.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-CN.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ro.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sv.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_te.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-TW.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sr.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sk.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sr.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_es.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ms.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_am.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bn.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_et.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fi.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_gu.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_kn.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_no.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_vi.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hr.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_el.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sk.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psmachine_arm64.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_is.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fil.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sl.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sw.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ur.dll C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File opened for modification C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateBroker.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\VersionIndependentProgID C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods\ = "12" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\VersionIndependentProgID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer\ = "BraveSoftwareUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine.dll" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods\ = "4" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods\ = "11" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback\CLSID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1\CLSID\ = "{3AD2D487-D166-4160-8E36-1AE505233A55}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{652886FF-517B-4F23-A14F-F99563A04BCC}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\Elevation\Enabled = "1" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods\ = "10" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync.1.0\CLSID\ = "{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine.1.0\CLSID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\VersionIndependentProgID C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0\CLSID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5F6C285-BAF8-485E-AE75-1F1EEC8135FB}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2196 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1248 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1520 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1520 wrote to memory of 2108 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 2108 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 2108 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 2108 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1324 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1324 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1324 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1324 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1904 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1904 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1904 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1520 wrote to memory of 1904 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1212 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 848 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3032 wrote to memory of 1884 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2656 wrote to memory of 1852 N/A C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1852 wrote to memory of 1720 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1852 wrote to memory of 1720 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
PID 1852 wrote to memory of 1720 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe

"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QTk0NjdGOC03NTlDLTQ0RTktQjlENC04QjkxNTMyNzU5M0J9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkIwNkVFMTctQTA2RC00N0MyLTk4MTUtNzcyMTYxM0M1NkZGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyOTAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{7A9467F8-759C-44E9-B9D4-8B915327593B}"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QTk0NjdGOC03NTlDLTQ0RTktQjlENC04QjkxNTMyNzU5M0J9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzZDRTAzQTUtMzAxQS00Q0FGLUI4QjktNEMwQjU5REUyREJFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0NyIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzcxMiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /unregserver

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe" /unregsvc

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0xc4

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl.brave.com udp
US 8.8.8.8:53 updates.bravesoftware.com udp
FR 18.244.28.2:443 updates.bravesoftware.com tcp
FR 18.244.28.2:443 updates.bravesoftware.com tcp
FR 18.244.28.2:443 updates.bravesoftware.com tcp

Files

\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe

MD5 f0d250e7864b14a6bb54b3dafc8b6b36
SHA1 3b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f
SHA256 32c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b
SHA512 60bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdate.dll

MD5 425fb0ed44ecdab114df186a030547d8
SHA1 1b0cd116d278df4226d9fc097b4693c9f358eb91
SHA256 f04aecd02f82ad74c20073e2332f40efb96682ba52365cc257e43adfd2eddafd
SHA512 fe5d08636434246a77ca6133593eafd71f1cb61cd682dcf085f08dc1ba974607a779dfc45bf3490b8f1f6651f8b349989bef586477b961932dd770d2b487c4ba

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es.dll

MD5 0f2303e57a3ef541e578d363da51d109
SHA1 4101860a5e3d027ab6a298d97f8317c37815364b
SHA256 eb0086e4a303374cdbc5c118d430b2d3bc66a658012bc52876b39a1867454fd3
SHA512 27f85c516f2d6d6f6224afbc944f1dc7f7a3654e0d66d28fd55126650e3b9f28e7471738634cec5d3fbd53699bdc6005561ffe9c0c074ecf5acd871d1b4ff105

memory/2656-81-0x00000000008A0000-0x00000000008A1000-memory.dmp

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateCore.exe

MD5 446b52ab736570578f54bf7eb314c86b
SHA1 57c1f8619a911ba5918bb3f57cd37eba0972a7a1
SHA256 e4e87b90282fb321fe596cd98f7cfc18950bdb6092c5b7618fb5e3ba92847a13
SHA512 e564f4d2389616613a53c7c15b56779859cb2fe079a3c5a3e5be7cff6c1aa754cd8cba8f2c9d30463f06378e5f3e05fff01e27edbfae7cc3e97345646cd38066

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveCrashHandler.exe

MD5 d77a3a619b3857fd8e44fe2cf6ad80bd
SHA1 d37e6b4f5445210a0be96470ec530b695f3acf6d
SHA256 7fb51efc6b213b0358cbdd43468b2334cefb3e0cecdc6011284f44204c3a702c
SHA512 1cb6ad8c5138d25d715b0b70590dbe39caad6abdc2c650483519d21d3865e01b48cffbeb061c28a2010d729d07b94ab7efe6c1059206e7211990901b7eecbbe8

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_am.dll

MD5 4bfcf96bca30c7596fdc8077d3f1b497
SHA1 46d5076d8d789de2ee05dc4594ac4ecd3ba9bcd3
SHA256 dc6bcb120d3b92c4e91ab14466479530f4143aff5d10911f1106d5c465ad1106
SHA512 931946343d6bcefdd6a9fbd06063956d971404bae4235a476a20601115a6a0b9add473a206d875ec940a0801763587dedb79115e29d7adb68aca85559273442b

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShellArm64.exe

MD5 872c3539d0e09a3dba481e917ab95bc0
SHA1 7bbff10934cc669d20eb3d5f17da3f875b5e51fb
SHA256 f8955d34c1e9c043b76dfad0472561ba5b74eaec7667e461d745f9554e787f68
SHA512 e07907943b3a3133d74995d3b294c370adcb08750ece301b970c66d92451c6b08e9a68cf20d18be92782422275d3e550c7bb2c94c4f3f7832ccf76d5c4c7e6d6

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShell64.exe

MD5 e1b88b573ec7bb96c450a2d9dd23dbe7
SHA1 1d46e35764a43515237570bab59c3a5077eec4df
SHA256 4417306699ca5d2265c0bcf312122883bf4cd44f2b78fa524e4dc15b76fd617c
SHA512 9fa7d3cc12f777ecb4980e4cf118b2a1cb47349b1c780665f0109593e8f4f8a4aef626dd080ade25f40a1380d46684707d202c465cf82b7f2db0aff9480e929c

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveCrashHandlerArm64.exe

MD5 9a7b4118c28a676f1e9cc96b3ecaa502
SHA1 4028efa79fa8264f99ad3387e63c4e241f33954e
SHA256 5414f9c3ccbbee1427ca73eddfea795952dfd47f86da45715492460ddc033842
SHA512 f7e755262d90f5b3175d2968805976e5fffcacba436ea19ac906a5788408987dd47f563a305629e4a1efe3783533a67b203a2a9a19eb89ff39db8f68f0ce942b

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveCrashHandler64.exe

MD5 5a0b2c88d214e16b4e1092842d8ef470
SHA1 e8c842568350fcdb552f7b735c87d2714dfb244d
SHA256 f69597ec823be88eeb7148fac9387a6025dbcbdc665c1806dcc566c9d2d1bdca
SHA512 2abd57360f3c7badba40d7d273326aee2080740f454129384629996071a41be619fad9f1c0dc32167fa6506ea02a1421f64ad40249c997c8affd4242e5b09307

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_cs.dll

MD5 8ecad669fa5eea1be1fed2ec53243197
SHA1 19f931678fdffd726f613aed587c67e2c28b4d9a
SHA256 58fe2338f042124893a98847051bf34fca987ed8ba8bfc114b7548a692b7a0dc
SHA512 9904db317d304d80b26502b292edf4b51940802b9b3e5ad5a1ee642dcb1d8c5788768ae309aa29af603478e4c6c2755ad6c088cde18be2d6a975a3d3dd36398e

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_en.dll

MD5 6e49096336c7c85f926fa680899928b6
SHA1 f39b3e151de9622d36932e14af25cb1352fa5e7b
SHA256 b3af09e3c984fbaf282d63b4eee7f3a1b6aeb658aedf74f097a0df1d725c5074
SHA512 df1567dbc9791ac18a11fb58783b96cf74d92076802f234f851ec10857190211dbd0240fcefc701cfe63eba97b3147e77098850cf087f334fffd498def3c754d

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_en-GB.dll

MD5 697d46636189ad7f393d2c1c8a0e29b3
SHA1 34c5826c09e292250ace3c44cb6cdbefe4328e6c
SHA256 52ea75950a01f3aef7bb373632987cced0e7d82c34e70a5f240bbd30ee80e0e4
SHA512 2a91919386c8e40fb9194b996fb57574421e95e54306958d36850ebb4803b1a3f978562de9eb2e350e877bdc049f13f2c850a35ae97ad6c83ea77b424ee90afe

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fa.dll

MD5 29e5800dd3680b7556083d3c21aa7f9d
SHA1 9cb9e706b7db0683d6692ab1a2ddc76852848c25
SHA256 abd8f8fa1d2da479cee58995fa7bb58ee4cf667a707a06b59d69608275e106ab
SHA512 45cf0b891398330dca1ce681826a3fddc5f0d1e0032739cbde875c42bdc70eaee397dcf2cfea8c8365fa34569bccb897920d79dc7c6f5667cbafdcbb4444124f

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fi.dll

MD5 0ff4e81ddfbdc555d6e8372e6defc303
SHA1 27d301c951babc4be19d7043660a37c68a9a6f90
SHA256 a622f04d1f67ba72b32ef542b0389826a6b857b3bc43a6db4afeb7dd1b0ddfcc
SHA512 40a93ea44c38b4167ac19ec8c7a06d65bbf29d9bb7551a603e99d77c4e108f53c7fa884a16bea29c3d170088ce5dcdb73169650912891b3fbde703fd3011bacc

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fr.dll

MD5 1fb7914225491072bd504285a259f363
SHA1 0500cf0b9f8663cc67c24da2b76b7eb4698b6dde
SHA256 c6a1f755892ab43ee301671ae204828b55fe76f106e6acb86a3c08e8f287e87a
SHA512 f618bc1228d8f07abed48a203b0051b76119f7bdf4ad05d7d37c2c0e0241b79149fb8d17620b4b3a26ed026f3e102445e6ea9672f973fc2258595544477051dd

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_gu.dll

MD5 8e18fbf488012ed9bd006c2b64ddbf91
SHA1 65296023303ad62fe6f26fa3749a2e517fd97744
SHA256 e01cf3c2fc0d7c17565da5332d816a4e5bd6a4441d177c75f48b5ad98cb947fb
SHA512 c404aa456ab0c72dcfbe00e27eeccc989b6cca38540a91c0affcbbb180e778d0dd31ba58a59503adfe27d76b0012941706a690e8d75f682917ffd5cc9d70c268

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fil.dll

MD5 3f890f3ef795ff8d0f500f1886ac9f06
SHA1 8ace45cc32c47f53fd811e36f6d2a8ab1ac802e9
SHA256 95c44399a59c946bedb0299ff9544c049594c42d7e0cfd26c3d9c8d2e1d1b072
SHA512 5370cc9cae35b78d142602a9041375bfb0b136953dbe42fd46e539a149dce0866edf4c393b548f79819a497f25a5441bd7f8f1c701df8894bdc977c7c901d599

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hr.dll

MD5 fc1a1ea0e66d6a11bb52a0f326d6dd9b
SHA1 97f80b2d3bcd04473f179382defeecd431233a44
SHA256 323345ad30bcbc27b08d84d628e06265196faee0f33e27c99b0274525b9430dc
SHA512 63fa3b7cbbbfbebce445cf3afd856c13fbdd050b1f6625e17c9a5b8d95ae40eac0eebada1f436d119074b89c74e001fd23edb32d3c465204e9df1f089cdaec5a

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hu.dll

MD5 9039222c620182dbd7196f2f6d45c2e7
SHA1 b10d174098932855148f9948efcd8896ff49c659
SHA256 97e81e293bd72e7cd31f43035cb2725ce7bd0062ee31a1459480315266319c51
SHA512 5eb42a09d01335b950425160e10498db4bd36ab78d24fa187ab226cdd72c1c03887e529e6a0897388a2a3925bf2ecbce8d5784ec7ab687f9e17b477e0d1a90fd

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_id.dll

MD5 ac167b4fa1fc881af6fab61a5cc71fa9
SHA1 c778c28fda65266e4e9cdd94b540d6bf29324f9d
SHA256 6467486124474582d15362b44a31277dfc66542c6dad46e2d088a51c53beb9a0
SHA512 1c3afb502c9212bffbc70c27bd2309d6047b714b7f962bdef0e8451aafd89654909cb29f609e289f587e54c596e820e9cf50dba2f640840cc63a1555516bc53b

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hi.dll

MD5 61ae65d900868de699ea1ad6477a4ffc
SHA1 05bd1542f5367f1b6cde1bb47e265e742b234ae4
SHA256 c694f476a771e31f3aacc0ffc1fed121d2d285785d8de2d5b20648fcc565c01e
SHA512 3a58d8ad6168a816cd15a329ff2cac593a983a163d5fda06dea182be2b10c4dba08dbfeb3fba6b0c84cdd8fdede29cf9fd88ce247bcb9d0c72ac67256db398a4

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_is.dll

MD5 e17a245f877ea52ea79765cf445f72d6
SHA1 a98cac81db593f9d659368644ed23cc0c4a08cf2
SHA256 5e2ddbdacf1859c554c033d6e5eacf4fa2ae580e9eb0f49d6a48480257f37901
SHA512 32557cb0d30342cf7fa5a9221fe5120b59c3ebb3e0403b3160f9f1e59323990b16b543ec73768df5b2dc5250c098f07a05f385b7f893a9f1d4df4b25f1e53b32

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_et.dll

MD5 20fd1d4375f3b12d26c318db7b6eabc1
SHA1 fba7ebdc65351ba9154856df4dbfc13d6430602d
SHA256 ef6271ff6cf23e42f22b701bcb9fef7e171f388a338b7ac222b75eaf0ad1a8e5
SHA512 f8a41d86281993c306a92f3d92f9946d38d343ebd575e2ef57c3896fe6a8754a2342fe65d2858dcd2ff0a1f97cdf1df9cc2f1f46b2abdbb82ce0d8328eeb4876

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_it.dll

MD5 a15bb0d59421547421d71d4962bdf795
SHA1 e48c005809bf22ded4ba75ef40cb741d85a96f05
SHA256 0ed00bf389610495958fd6cbf55aecace8fca5b926eb775d261d381ce0389365
SHA512 4f2ae1262f50cb5479d92fecc7d34bbbdca71c404cf74aa6b365b37081e938068c03d8361fe03577803d91ee3ad4d4932628f5e151f69e08b4eaf94563e18504

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_iw.dll

MD5 f3122cd6edc860701d5470f7b1ec0b68
SHA1 6ab7b6d47a390adcd4084607e9144fc1f8e86ece
SHA256 9a29d063946f8c0a5da0dcefbf78713bea82b1f9b57cf6b5b185887ceeed4a13
SHA512 2772c467df0082b18ed56a6b3d344bbe7d9222dc3ce928a7976477d9b3abaaaf332048942f0aa0687db836a081035c6f9ef623d2f5750913e95bb6795f1eaf11

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es-419.dll

MD5 42eea1071a5f56d408ae777eec906cac
SHA1 afa8647d5b988796204aed778978fe6623b03c85
SHA256 64cf61cce4eb4437883b8880a32b0e53fc4cfbe3da5c3e8fab51dfbb8c6aaf22
SHA512 1a444f747dd0920bab930fc144df3b9c9b3552a0c93785583c047e564beff3cdaeee0b55dfcbc1dcf5652982d2ada53a0689745d4442e6169113d9c60cdab127

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ja.dll

MD5 fc0add911479cec4e7f0cba896fa98a9
SHA1 d6f5cadf35ce0703373f51d5c25bb85be9f155f0
SHA256 de6583309d8fec0c7d257957b84b6a88795f95ce1de676da580394f0c5e01a78
SHA512 b81dc8ca5efb51b9746cc5fd7acf54d3e6bbd7991289801598a5c8339db0e7d8a3c023b3e85924f0c6c57fb9dfc7bfc12b097bd2e9f713f3623cfc651ba5d0ee

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_el.dll

MD5 b7146b5a2284caa34f796896be60c6c4
SHA1 4d167a1c283e362456dba3f4cd4d3288ac373a4f
SHA256 cfd331b344d1bc7cb3668e8a2befbba9e074d5925c690fe353d4942ec9683df4
SHA512 ed942c2fa844439bdf480d21f7f3f0645ffd134c987abbfe26b29bd0d196754d547a026138482f8e2fd6e01263f95e36d34a1acbaac4070c3c922365e3469534

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_de.dll

MD5 9efee16748f966afb5eb87c23cf48955
SHA1 26a2e54936fb8ef7270b1aa25d29e915d1675bc3
SHA256 90205eb284cc94fa83c051dd4c037764e1ad70bafa5ddd255cc202884529a3cd
SHA512 234abf150ebd9001b8fed17675872bd3adc9816724c06a8007c4d193f8c0dd8f52f695091a34c2481e7bfcf479692ab70883c8125ab990a8947f8ab34fe3afc1

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_da.dll

MD5 3443f3593a93c3ec1c7b9af9bc0fc942
SHA1 c6325c215ae0fe9d110af75c18868f2d69dfb167
SHA256 d0b405eab9e2a572444e8bc5563d571861c5409538df80fe151155c953e687a4
SHA512 3fcd0ec2ae5521801ed3020285c5f50162266167db4024c3330a0284b682414a3d5b3060239126bdf167f1ee23edb943890718e89ce033a9652c7078ebb50ef3

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_kn.dll

MD5 7ab202203c3e2e93cbfadf05f9415ef5
SHA1 49e721c7948574534c0b89af37d92c361470df2d
SHA256 e1c53bc58018eef074e489c179b29d8ccd07c12a2cde50b15530ccd209a5155f
SHA512 6827bfad1e79a514a434141792a9818daedc3dff3bb0eaca3d7d8e9e03838cdb86d3e4d0c8cb893bca2d6f5e44b435dbe779b2aa18c9d56446e3f49e8baefb5d

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ca.dll

MD5 262cef98be21eaaeb6ef520e12d15350
SHA1 cb2d4532346a442b8ea8c74d95cbb37987d09630
SHA256 f253c1495083fda57f8211f8c9339cde93a1c746307ab012b83e4e1140d4f811
SHA512 6531b0264b265af3be2cfe2757b47d9eecb9fb76e85b9c741b7a58401ba6c5d24d34cb1e7c4c85ecc14f256df30d1bf3a9ac602a4c7c368f1837ab7993a1e3eb

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bn.dll

MD5 a7396703ba43c67fcaec6b8daa5dca50
SHA1 b24ea41d80de7c9f04ef1c15a8bd296ea604a136
SHA256 9a6abae8d97d66ac871b71f02ad2281dbdbc3f91b92ff4d423f80a0839322cbf
SHA512 acaefe1dbcb1297cbf89ad7f120e5f1216b39562d1a1ee170aa8b5dae1a29ba89565eac4550b41297ed0986f788a081729af757e7e0c240c38bf16fc1223a0d7

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bg.dll

MD5 5e7bf512451e8be7c6730a923e366ca6
SHA1 5f7b5bd2d71fb12f685e09b453fc9c927b6ab715
SHA256 fc642a0ef0d30990d41695dd322ec8431dc735fc162fb33aa467f6acc39028f5
SHA512 2fd07507ffc0361e3e3c2494bfe70f0c1da4f914d7a321dc611c649ae3699d0dd6a763d7ff518cf1ab0e34b43bdf567371b90edfdcadf551f9c387fd444c495f

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ko.dll

MD5 694c6110a1e3000fa88f1446110ee47a
SHA1 918fa95ade538d63797f9d8e9a29097a6bf693b3
SHA256 930571c7da4db2ef38dee8d73561638b46b3780fdce69f3e2e1024309d296be3
SHA512 690f09eb85e425ffe005c99f8310482d1b3f263d7faf4ff12f409cdd5f7b396bc7970b022c07d5ffb6c194ce82728bc6c2a319736875e6da73503f500e3d5316

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ar.dll

MD5 d6cfec9d78ad35c085b90b31b9d0c391
SHA1 53ee391109d899dadc0325bbc520e63eff69c2ab
SHA256 aa5ecd1e8cf81247e38003aa2768a02756c98f6cb0e0015c8ee1d82ddc417195
SHA512 74fe296f3b3a5ca9d0144f49dfbaf716780cf7033061dca9519cbec8795be1c52cf88c051934a951e6719e6053f9884b6531bddba0cc33169aba276cce437923

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_lt.dll

MD5 20d35ad38de3a2d6039ab7cbefefd934
SHA1 e63407bf6e24e84b8b79e0e9907a4ad50be9db6b
SHA256 ddc2b0b06879646dae25628884791e83e44f643f7936f4e1afeb46fe821e2f27
SHA512 8569a4531dc42df34cb51dca4755075cb72bd27ee9ef16c7f80c09c70ebe5149bd8fabd8de50ceddf09b66ece598bd00d9c8f881467c293d86d882dfb2a04370

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_lv.dll

MD5 6c0b96b659ba5341871b23cb35c6b075
SHA1 62667ef0cc8a584fa9cf420255ccf4ef15cd796c
SHA256 6f3626ceccb4e6881f7a8c304fc1c2e61f349028a5707d3f0d0953607692e356
SHA512 e22d6033542b0e01da77fae6e2307a0d5040afab28c4ec18b08791d0f9ea1d12d22f17e9afb26329cff5e3154f9c150cfa0e9b2f1098fe74cd73db94b3eead20

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ml.dll

MD5 31d5214ab31228c6d21a904b2928314d
SHA1 bcf5325e3c7452a9bb7ea5aa089755af0f13beb1
SHA256 3ba9949b02454c3dfa1e8dc1c9e7238df68903922ac571d69c5a0f752762d3de
SHA512 0bf4f3f9613254ac54440a12d308351f9cc151a22be0c7ddf74429cb99c80999c2a1fa06b9dfd7546a4c7a174417f98aef8bfc35d5a74919735cba9953db73fe

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_mr.dll

MD5 5e9550fde47f0781b8e154ce5c2f5001
SHA1 02542cc304c6836d50e14eac54dfdd81404d4ccf
SHA256 5d04d7c835c5e47b33801d6f7c653689e5fda10716aa7304775ed681f617a2f2
SHA512 159cca5365dc319725493448ded909f91c23000d11facc30a4942e185775ab4910015ee54b10c4cef218dfadddba7be0f46c872e4442e40b86dde5a9d1c777df

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ms.dll

MD5 e1ba983bbb648f9c4eb34690bea2b3e2
SHA1 378d8138e732cf8841ab00ad996cd83520135864
SHA256 64e9ecdf1c3ac37bd76712bf245b5ac443361a33c0280436aacdca6fc0361156
SHA512 ef6c07dcd8dcf165b15b36f908ee1d3cbc8904059300ed325ebe44a695a84f82d6fdf77e2986ff862a4b6e5dd6951aafc0ed6cadb9bd4951958d78a26fc5ee8e

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pl.dll

MD5 65d5304dc525e2d823b9b4e600a3a829
SHA1 08ff5a65ad5b334514ef3d8d09ca7bef0106c5b6
SHA256 6fa385b9686d1257d177797d44713e2b1a7637d3d4bef1e768df9ebd1666312c
SHA512 0282393dc68c6b62cd22ac077d04f6789e820d07e755f13c3e8611f2b90f4ad75f5054df76ad96b6444efe4c50e11c4f184f852ad37d427f7a4ddee4eb21df92

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_no.dll

MD5 a24dcb087fcaeacc025d843d0869f954
SHA1 249ab66b5c1d669f3c0b6caa365d00c4146c0ab3
SHA256 bc45c21099f4a178fa5de3e2fd56d35b00b9a61e21a83bb9127633970d2d2132
SHA512 ecf43a01a59ca1968929ca5216d243cfae6f1f03a9479c698193088d1b4c2cb5ae8a3b0700de4661a5ce3f98519f2ec3d4461ac325b4435164445fd9cb040155

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_nl.dll

MD5 3eb899744679efb5578c31b9c766bbf5
SHA1 dfcddbec505c669eba2186eae14e65ddecaa5eb2
SHA256 056ed59f4a7828bd276cb8fd981b7fc6e3a0e87728ebff818b6b402222ee0692
SHA512 dc0859e5de747f3a7b2e60e59e77529c1ba890c12d7a800ca86b1658534ed2317c79ebd64258a302da949d4f2965ecb53ae1562e9627d0cdd09e821b179a3f23

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-BR.dll

MD5 06426adb39c7d04e154cef66f83bb76b
SHA1 a77ffc4d4d0d1cae30a52eed7b22439a641654ba
SHA256 91912825171e691cc09d23c9700cc5e201c796dd1d05275fa5a410c20f16635e
SHA512 a8a2a9f784d42ee90c67f9176dada4796ce966c002d6a1e229c901449e928bed3c626c53e261c46af4cd6bb0b866372d4172e41e3d50272a45c3f40472be0b53

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-PT.dll

MD5 a44b2951b8020b19f5e7033d86271501
SHA1 12d2c7b1ce8771497bdb5ccbd1a0b865d780b7fb
SHA256 84cfbbefd4f907753a7be084508c837dc76d50eac7add47f84c08ab8325e0775
SHA512 11dd842d978c0d68e3abd1832d96f005688abc67f463c5040ecea1ae30b68965d78b9eea3c20e5164ba7315fe4fe676b2fed6c63023af07241c26c799301f87c

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ro.dll

MD5 07e7507b73cc6c1e66525e51fd987673
SHA1 3f6d737159cb1617d25b65fcec769bf503e4bf50
SHA256 31550a0a85d539ad554f1813939cdbfe2201b74343d152e2b314f23fa2cf2cf2
SHA512 e84008a33644bf0ff58d4db9d0dc03c9866b43c96c28e5ea614b22e1f3d857fbb7f6500f412ec18daa9263e8df2e52b30e3b6d1d4b839fe7575572e590ffc9ae

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ru.dll

MD5 ce602cd1ddaab5278224effd2b90ec82
SHA1 6f8f1d4b188406145ce53459e9955cc484b62e41
SHA256 aaf0079d188fa62e46541a0bdf289fd06034b651896aef61f5afda4b0e9940df
SHA512 5b7238d9a52be626a32e19149db1d9fb626a995fea3a219c6eda55a9c8c08e1f4053393d14a7c3e955c645653e14be275efc56530e9dee9fae495ca426a4b371

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sl.dll

MD5 a58b58776525a77d838f371c78712109
SHA1 a37b5fb6a5dc3a90a60c7729c13c3fa26e8d1fb9
SHA256 dbbb61e3be906add7e38e4cb0b9fc71e2c9f4acbd2ab8a33073213973c027abc
SHA512 108ae55708f1fa935886ee00da7ad96cf1e3e98e7f3fd5c1d70f1d5b574a46515e24a861072e3303c8472f3b193e479a6a8d94ac0186a67bb43e81dff1dbfdd0

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sv.dll

MD5 14afb6448ec63a59c064e1673803b42c
SHA1 4d099f9f7f97867a6d4a9829cae420b3622704cf
SHA256 2c8a0b42d563ca46646a242203c2d9d5dad6f4e0711545e7126ee39df13ec3ec
SHA512 0563e35d823beaf2507c6049fedcc7d1f5c901f1244e6ddc267f6eeb76622243c9a7ea4b8c365db46a153901c859b025883fd647a8be40952de525c8b224fe41

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sr.dll

MD5 b6befac367c018108fd5906fc7d2566b
SHA1 55c10832d0c80c82c433664f87fd96e905b6c09d
SHA256 1171365e27f7e846077b2315df00bb4b680700d9878df20bacea70461e4b344c
SHA512 d5a2ba5a578042ce945994d9359c285476bf322b22f8f447b752423821c346302be89eb813017c88b15c631a52393266d93f0c8b801ac76f92ccfcc7d246b83e

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ta.dll

MD5 a001e0b7b98b4b03f2d1930adfd18bcb
SHA1 ea0508c7ac4492b7aae67d956208ddf32eac62b2
SHA256 d92fd88a65c82470708082db14c632cf435f2fcc440d70405d79ef46b71e1b44
SHA512 f094aa3ee4eb0fdcf7862eb7b1c3cc29749b398b34922220247dd4f5722a77bc9b29a0fb8a9e98093be281934e69ce260a3f9db1edff96bdccc0f8763e18f823

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_th.dll

MD5 6f105b58f0b8c834b5e09a0023bc85db
SHA1 47422bc162e8ef8ad2a5839eb3d9ac39ee7f24e0
SHA256 e2b0b292e94efda3540222a0fb50995243e048de5dd848cbdc7787e4da9886f4
SHA512 4d837a129bc33092a036a32959a985723b815e5352b12468254d7c540e3661a1ab871e436d2089d770a7e62fa74a52d2f7a6458cec45a3ec9afd0a93a6f4105d

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_te.dll

MD5 76a32900d5aa8725b0e92b166f6c8185
SHA1 a8ffdbe986abfa1c791dabce6afe5f97346378a4
SHA256 e523d100c82babccd5f3812b9046b0009481dc3acb012c66fe0a63fe9631e788
SHA512 60aa73fd9eb5b603c0cde7dbb9255d8049e9b2c1b84d6424f371987afec4ffd212653c4acb9d9ced658b24c813ebbcd7f295725d80d61a256843584d2f0ac6b8

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_uk.dll

MD5 a71d507c173f643c1b34bcb991ed7461
SHA1 0ece9f06faabb54aa1cccee9da41a20b0105a25d
SHA256 86cb6ab2d72905beaca1e07cef2e9c28f4ca701dbf3c7ac64347a81d51fba899
SHA512 7f80dc6bef345ad5ec26074a11b811cc1a7a378848f984b1558514fb79fef6c159cc195e96c6c113ee90ca672c9b0d00ab938840fe90ad67c5e58549ad7d2236

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_tr.dll

MD5 573d166d52b5f529b73148ff97c36b43
SHA1 2d3bd899ad788701102f30c0709ce4741315ef91
SHA256 3588ea973f174e8094e026c4cecea21899203a709b3d3d1e9d3c0c8025422136
SHA512 2bdd2fb71025721759fde516249cc819b43adfc6a3b45a4ec370456b8878983c2a4784bd81e86290e80bf8426871b63555ce021f54148e1421d4f59d3a45ac2c

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sw.dll

MD5 c55d0485aa3efb1cd8d40502fcac6d42
SHA1 98753e245e75dc836e4c1c7d3dd0f60f398a5a88
SHA256 9970bfdeba8af473aebb8c1ac7a611a794470e6577836571b0841424f69aca5c
SHA512 ab4cd9c930e3c574367d6335e5fdf62bede063e785de4e936716bf0b3de9d135c6918c10729614a8bd52f971c8e4cc696e8b3bbc02aa93823cc45b5eafdb8c54

C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sk.dll

MD5 de8341aa301b8f2423540460cf5c6a66
SHA1 c8b21576aa2eb7f5fc995d7495a2e0c9f35ebff5
SHA256 3f2c2b18ed01af7c4752a550d19fed8c6600cd19ab18cdce1ca97a018cac2a7a
SHA512 6ccf015fe8fff65fd835af84013450451223d85c17c2b9b2e7bbc93239cf356c4c5925efaa42b82f708c493b0901407dddd74a891d37511e926486e3a4542050

C:\Users\Admin\AppData\Local\Temp\Cab9BA7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9BCA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/2656-460-0x00000000008A0000-0x00000000008A1000-memory.dmp