Analysis Overview
SHA256
b50d5ffaafa1f3367773029b0bfc39915cf83cef76fe01145272d6b6861073f8
Threat Level: Shows suspicious behavior
The file BraveBrowserSetup-BRV010.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Sets file execution options in registry
Checks computer location settings
Loads dropped DLL
Drops file in Program Files directory
Executes dropped EXE
Registers COM server for autorun
Enumerates physical storage devices
Modifies system certificate store
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:38
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:38
Reported
2024-06-13 04:41
Platform
win10v2004-20240508-es
Max time kernel
114s
Max time network
132s
Command Line
Signatures
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_no.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser_64.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_da.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ja.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pl.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en-GB.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_th.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\psuser.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ro.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_zh-TW.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ar.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_uk.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandler64.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sk.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ml.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-PT.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-CN.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ru.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fil.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_gu.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateBroker.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_lv.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_iw.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sw.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_et.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sv.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ta.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es-419.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_nl.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ta.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_mr.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BraveSoftware\Temp\GUT541D.tmp | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ms.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_de.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\psmachine.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_mr.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pt-BR.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_da.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fr.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdate.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_is.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ru.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateCore.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_te.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ur.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_en-GB.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fi.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ur.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\psuser_arm64.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ko.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bg.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\Elevation | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\LocalServer32 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher.1.0\CLSID\ = "{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ = "IAppVersionWeb" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ = "IPolicyStatusValue" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5F6C285-BAF8-485E-AE75-1F1EEC8135FB}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\LocalServer32 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\ProgID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\VersionIndependentProgID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ = "IPackage" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer\ = "BraveSoftwareUpdate.Update3COMClassService.1.0" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ = "ICredentialDialog" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback\CurVer\ = "BraveSoftwareUpdate.Update3WebMachineFallback.1.0" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateOnDemand.exe\"" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntERjc1NDlBNy00RjQ2LTRDNEEtOENFQi1GNkYzNkZCNUU3OEV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkVCNzUzRjMtNDUyQS00MTRELTlBMzktODdBNzgwRDZCNjU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2ODgiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{DF7549A7-4F46-4C4A-8CEB-F6F36FB5E78E}"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntERjc1NDlBNy00RjQ2LTRDNEEtOENFQi1GNkYzNkZCNUU3OEV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QjEyMzE5MjEtRjQyNi00QTFCLThCQzMtRDZFMzY4RTRFQjY3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg4OSIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjUwNzkiLz48L2FwcD48L3JlcXVlc3Q-
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | dl.brave.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
Files
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdate.exe
| MD5 | f0d250e7864b14a6bb54b3dafc8b6b36 |
| SHA1 | 3b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f |
| SHA256 | 32c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b |
| SHA512 | 60bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdate.dll
| MD5 | 425fb0ed44ecdab114df186a030547d8 |
| SHA1 | 1b0cd116d278df4226d9fc097b4693c9f358eb91 |
| SHA256 | f04aecd02f82ad74c20073e2332f40efb96682ba52365cc257e43adfd2eddafd |
| SHA512 | fe5d08636434246a77ca6133593eafd71f1cb61cd682dcf085f08dc1ba974607a779dfc45bf3490b8f1f6651f8b349989bef586477b961932dd770d2b487c4ba |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es.dll
| MD5 | 0f2303e57a3ef541e578d363da51d109 |
| SHA1 | 4101860a5e3d027ab6a298d97f8317c37815364b |
| SHA256 | eb0086e4a303374cdbc5c118d430b2d3bc66a658012bc52876b39a1867454fd3 |
| SHA512 | 27f85c516f2d6d6f6224afbc944f1dc7f7a3654e0d66d28fd55126650e3b9f28e7471738634cec5d3fbd53699bdc6005561ffe9c0c074ecf5acd871d1b4ff105 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateCore.exe
| MD5 | 446b52ab736570578f54bf7eb314c86b |
| SHA1 | 57c1f8619a911ba5918bb3f57cd37eba0972a7a1 |
| SHA256 | e4e87b90282fb321fe596cd98f7cfc18950bdb6092c5b7618fb5e3ba92847a13 |
| SHA512 | e564f4d2389616613a53c7c15b56779859cb2fe079a3c5a3e5be7cff6c1aa754cd8cba8f2c9d30463f06378e5f3e05fff01e27edbfae7cc3e97345646cd38066 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_en.dll
| MD5 | 6e49096336c7c85f926fa680899928b6 |
| SHA1 | f39b3e151de9622d36932e14af25cb1352fa5e7b |
| SHA256 | b3af09e3c984fbaf282d63b4eee7f3a1b6aeb658aedf74f097a0df1d725c5074 |
| SHA512 | df1567dbc9791ac18a11fb58783b96cf74d92076802f234f851ec10857190211dbd0240fcefc701cfe63eba97b3147e77098850cf087f334fffd498def3c754d |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_el.dll
| MD5 | b7146b5a2284caa34f796896be60c6c4 |
| SHA1 | 4d167a1c283e362456dba3f4cd4d3288ac373a4f |
| SHA256 | cfd331b344d1bc7cb3668e8a2befbba9e074d5925c690fe353d4942ec9683df4 |
| SHA512 | ed942c2fa844439bdf480d21f7f3f0645ffd134c987abbfe26b29bd0d196754d547a026138482f8e2fd6e01263f95e36d34a1acbaac4070c3c922365e3469534 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_is.dll
| MD5 | e17a245f877ea52ea79765cf445f72d6 |
| SHA1 | a98cac81db593f9d659368644ed23cc0c4a08cf2 |
| SHA256 | 5e2ddbdacf1859c554c033d6e5eacf4fa2ae580e9eb0f49d6a48480257f37901 |
| SHA512 | 32557cb0d30342cf7fa5a9221fe5120b59c3ebb3e0403b3160f9f1e59323990b16b543ec73768df5b2dc5250c098f07a05f385b7f893a9f1d4df4b25f1e53b32 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_kn.dll
| MD5 | 7ab202203c3e2e93cbfadf05f9415ef5 |
| SHA1 | 49e721c7948574534c0b89af37d92c361470df2d |
| SHA256 | e1c53bc58018eef074e489c179b29d8ccd07c12a2cde50b15530ccd209a5155f |
| SHA512 | 6827bfad1e79a514a434141792a9818daedc3dff3bb0eaca3d7d8e9e03838cdb86d3e4d0c8cb893bca2d6f5e44b435dbe779b2aa18c9d56446e3f49e8baefb5d |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_zh-CN.dll
| MD5 | 0807af67591a788a838c79d77b4f387a |
| SHA1 | d07992c36dcb8149abab3cfbf27d20f8af44b3f4 |
| SHA256 | 9088c76ea6e42f911692550fefa396db3fc53cf66e33a0984befaf3bf78eb2b6 |
| SHA512 | 2ff862e76900b40f273daeb52e8802aac7923b663339860442868173f3aec4cac697986d7f0ea0221b8d823d56021c589f2eaf76fe94e2281276ff646c9dcca6 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_vi.dll
| MD5 | c2725d70141461f3261050950d3f70ac |
| SHA1 | ae1cc4cf040f89ea1f5728602dd79496564736f8 |
| SHA256 | 54be4019c4200de7f8ca7f454fd45f5e20179214dab7dc2f5bc5e2cc0b62ef2b |
| SHA512 | c4226761cfec9c85638a61e0602c96850934085e8e8822a7046fe504fbc24a8bb20b47977ab29357daadb2974a6b653f4ab91934f04a083a82e2f9fddb5ce499 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ur.dll
| MD5 | 20957f5b49651646ca2f4762347081d3 |
| SHA1 | 5cda8ba0663d2903b50ceeb78df869771a207f36 |
| SHA256 | d2f2e50242024ebf733a8f5d3f9d730709dbab45f6a04c6d0b1c52e537ee695e |
| SHA512 | f3dff23e7085366906cc2d8d0d6e041c905fd2c27832aa0eaffab1a7c10e6adc0b5a1a7a4ba062a8f2c0dcbb9b6b2fb982bd994d99dfa5e7737b4adc7389c60c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_uk.dll
| MD5 | a71d507c173f643c1b34bcb991ed7461 |
| SHA1 | 0ece9f06faabb54aa1cccee9da41a20b0105a25d |
| SHA256 | 86cb6ab2d72905beaca1e07cef2e9c28f4ca701dbf3c7ac64347a81d51fba899 |
| SHA512 | 7f80dc6bef345ad5ec26074a11b811cc1a7a378848f984b1558514fb79fef6c159cc195e96c6c113ee90ca672c9b0d00ab938840fe90ad67c5e58549ad7d2236 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_tr.dll
| MD5 | 573d166d52b5f529b73148ff97c36b43 |
| SHA1 | 2d3bd899ad788701102f30c0709ce4741315ef91 |
| SHA256 | 3588ea973f174e8094e026c4cecea21899203a709b3d3d1e9d3c0c8025422136 |
| SHA512 | 2bdd2fb71025721759fde516249cc819b43adfc6a3b45a4ec370456b8878983c2a4784bd81e86290e80bf8426871b63555ce021f54148e1421d4f59d3a45ac2c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_th.dll
| MD5 | 6f105b58f0b8c834b5e09a0023bc85db |
| SHA1 | 47422bc162e8ef8ad2a5839eb3d9ac39ee7f24e0 |
| SHA256 | e2b0b292e94efda3540222a0fb50995243e048de5dd848cbdc7787e4da9886f4 |
| SHA512 | 4d837a129bc33092a036a32959a985723b815e5352b12468254d7c540e3661a1ab871e436d2089d770a7e62fa74a52d2f7a6458cec45a3ec9afd0a93a6f4105d |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_te.dll
| MD5 | 76a32900d5aa8725b0e92b166f6c8185 |
| SHA1 | a8ffdbe986abfa1c791dabce6afe5f97346378a4 |
| SHA256 | e523d100c82babccd5f3812b9046b0009481dc3acb012c66fe0a63fe9631e788 |
| SHA512 | 60aa73fd9eb5b603c0cde7dbb9255d8049e9b2c1b84d6424f371987afec4ffd212653c4acb9d9ced658b24c813ebbcd7f295725d80d61a256843584d2f0ac6b8 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ta.dll
| MD5 | a001e0b7b98b4b03f2d1930adfd18bcb |
| SHA1 | ea0508c7ac4492b7aae67d956208ddf32eac62b2 |
| SHA256 | d92fd88a65c82470708082db14c632cf435f2fcc440d70405d79ef46b71e1b44 |
| SHA512 | f094aa3ee4eb0fdcf7862eb7b1c3cc29749b398b34922220247dd4f5722a77bc9b29a0fb8a9e98093be281934e69ce260a3f9db1edff96bdccc0f8763e18f823 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sw.dll
| MD5 | c55d0485aa3efb1cd8d40502fcac6d42 |
| SHA1 | 98753e245e75dc836e4c1c7d3dd0f60f398a5a88 |
| SHA256 | 9970bfdeba8af473aebb8c1ac7a611a794470e6577836571b0841424f69aca5c |
| SHA512 | ab4cd9c930e3c574367d6335e5fdf62bede063e785de4e936716bf0b3de9d135c6918c10729614a8bd52f971c8e4cc696e8b3bbc02aa93823cc45b5eafdb8c54 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sv.dll
| MD5 | 14afb6448ec63a59c064e1673803b42c |
| SHA1 | 4d099f9f7f97867a6d4a9829cae420b3622704cf |
| SHA256 | 2c8a0b42d563ca46646a242203c2d9d5dad6f4e0711545e7126ee39df13ec3ec |
| SHA512 | 0563e35d823beaf2507c6049fedcc7d1f5c901f1244e6ddc267f6eeb76622243c9a7ea4b8c365db46a153901c859b025883fd647a8be40952de525c8b224fe41 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sr.dll
| MD5 | b6befac367c018108fd5906fc7d2566b |
| SHA1 | 55c10832d0c80c82c433664f87fd96e905b6c09d |
| SHA256 | 1171365e27f7e846077b2315df00bb4b680700d9878df20bacea70461e4b344c |
| SHA512 | d5a2ba5a578042ce945994d9359c285476bf322b22f8f447b752423821c346302be89eb813017c88b15c631a52393266d93f0c8b801ac76f92ccfcc7d246b83e |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sl.dll
| MD5 | a58b58776525a77d838f371c78712109 |
| SHA1 | a37b5fb6a5dc3a90a60c7729c13c3fa26e8d1fb9 |
| SHA256 | dbbb61e3be906add7e38e4cb0b9fc71e2c9f4acbd2ab8a33073213973c027abc |
| SHA512 | 108ae55708f1fa935886ee00da7ad96cf1e3e98e7f3fd5c1d70f1d5b574a46515e24a861072e3303c8472f3b193e479a6a8d94ac0186a67bb43e81dff1dbfdd0 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_sk.dll
| MD5 | de8341aa301b8f2423540460cf5c6a66 |
| SHA1 | c8b21576aa2eb7f5fc995d7495a2e0c9f35ebff5 |
| SHA256 | 3f2c2b18ed01af7c4752a550d19fed8c6600cd19ab18cdce1ca97a018cac2a7a |
| SHA512 | 6ccf015fe8fff65fd835af84013450451223d85c17c2b9b2e7bbc93239cf356c4c5925efaa42b82f708c493b0901407dddd74a891d37511e926486e3a4542050 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ru.dll
| MD5 | ce602cd1ddaab5278224effd2b90ec82 |
| SHA1 | 6f8f1d4b188406145ce53459e9955cc484b62e41 |
| SHA256 | aaf0079d188fa62e46541a0bdf289fd06034b651896aef61f5afda4b0e9940df |
| SHA512 | 5b7238d9a52be626a32e19149db1d9fb626a995fea3a219c6eda55a9c8c08e1f4053393d14a7c3e955c645653e14be275efc56530e9dee9fae495ca426a4b371 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ro.dll
| MD5 | 07e7507b73cc6c1e66525e51fd987673 |
| SHA1 | 3f6d737159cb1617d25b65fcec769bf503e4bf50 |
| SHA256 | 31550a0a85d539ad554f1813939cdbfe2201b74343d152e2b314f23fa2cf2cf2 |
| SHA512 | e84008a33644bf0ff58d4db9d0dc03c9866b43c96c28e5ea614b22e1f3d857fbb7f6500f412ec18daa9263e8df2e52b30e3b6d1d4b839fe7575572e590ffc9ae |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pt-PT.dll
| MD5 | a44b2951b8020b19f5e7033d86271501 |
| SHA1 | 12d2c7b1ce8771497bdb5ccbd1a0b865d780b7fb |
| SHA256 | 84cfbbefd4f907753a7be084508c837dc76d50eac7add47f84c08ab8325e0775 |
| SHA512 | 11dd842d978c0d68e3abd1832d96f005688abc67f463c5040ecea1ae30b68965d78b9eea3c20e5164ba7315fe4fe676b2fed6c63023af07241c26c799301f87c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pt-BR.dll
| MD5 | 06426adb39c7d04e154cef66f83bb76b |
| SHA1 | a77ffc4d4d0d1cae30a52eed7b22439a641654ba |
| SHA256 | 91912825171e691cc09d23c9700cc5e201c796dd1d05275fa5a410c20f16635e |
| SHA512 | a8a2a9f784d42ee90c67f9176dada4796ce966c002d6a1e229c901449e928bed3c626c53e261c46af4cd6bb0b866372d4172e41e3d50272a45c3f40472be0b53 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_pl.dll
| MD5 | 65d5304dc525e2d823b9b4e600a3a829 |
| SHA1 | 08ff5a65ad5b334514ef3d8d09ca7bef0106c5b6 |
| SHA256 | 6fa385b9686d1257d177797d44713e2b1a7637d3d4bef1e768df9ebd1666312c |
| SHA512 | 0282393dc68c6b62cd22ac077d04f6789e820d07e755f13c3e8611f2b90f4ad75f5054df76ad96b6444efe4c50e11c4f184f852ad37d427f7a4ddee4eb21df92 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_no.dll
| MD5 | a24dcb087fcaeacc025d843d0869f954 |
| SHA1 | 249ab66b5c1d669f3c0b6caa365d00c4146c0ab3 |
| SHA256 | bc45c21099f4a178fa5de3e2fd56d35b00b9a61e21a83bb9127633970d2d2132 |
| SHA512 | ecf43a01a59ca1968929ca5216d243cfae6f1f03a9479c698193088d1b4c2cb5ae8a3b0700de4661a5ce3f98519f2ec3d4461ac325b4435164445fd9cb040155 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_nl.dll
| MD5 | 3eb899744679efb5578c31b9c766bbf5 |
| SHA1 | dfcddbec505c669eba2186eae14e65ddecaa5eb2 |
| SHA256 | 056ed59f4a7828bd276cb8fd981b7fc6e3a0e87728ebff818b6b402222ee0692 |
| SHA512 | dc0859e5de747f3a7b2e60e59e77529c1ba890c12d7a800ca86b1658534ed2317c79ebd64258a302da949d4f2965ecb53ae1562e9627d0cdd09e821b179a3f23 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ms.dll
| MD5 | e1ba983bbb648f9c4eb34690bea2b3e2 |
| SHA1 | 378d8138e732cf8841ab00ad996cd83520135864 |
| SHA256 | 64e9ecdf1c3ac37bd76712bf245b5ac443361a33c0280436aacdca6fc0361156 |
| SHA512 | ef6c07dcd8dcf165b15b36f908ee1d3cbc8904059300ed325ebe44a695a84f82d6fdf77e2986ff862a4b6e5dd6951aafc0ed6cadb9bd4951958d78a26fc5ee8e |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_mr.dll
| MD5 | 5e9550fde47f0781b8e154ce5c2f5001 |
| SHA1 | 02542cc304c6836d50e14eac54dfdd81404d4ccf |
| SHA256 | 5d04d7c835c5e47b33801d6f7c653689e5fda10716aa7304775ed681f617a2f2 |
| SHA512 | 159cca5365dc319725493448ded909f91c23000d11facc30a4942e185775ab4910015ee54b10c4cef218dfadddba7be0f46c872e4442e40b86dde5a9d1c777df |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ml.dll
| MD5 | 31d5214ab31228c6d21a904b2928314d |
| SHA1 | bcf5325e3c7452a9bb7ea5aa089755af0f13beb1 |
| SHA256 | 3ba9949b02454c3dfa1e8dc1c9e7238df68903922ac571d69c5a0f752762d3de |
| SHA512 | 0bf4f3f9613254ac54440a12d308351f9cc151a22be0c7ddf74429cb99c80999c2a1fa06b9dfd7546a4c7a174417f98aef8bfc35d5a74919735cba9953db73fe |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_lv.dll
| MD5 | 6c0b96b659ba5341871b23cb35c6b075 |
| SHA1 | 62667ef0cc8a584fa9cf420255ccf4ef15cd796c |
| SHA256 | 6f3626ceccb4e6881f7a8c304fc1c2e61f349028a5707d3f0d0953607692e356 |
| SHA512 | e22d6033542b0e01da77fae6e2307a0d5040afab28c4ec18b08791d0f9ea1d12d22f17e9afb26329cff5e3154f9c150cfa0e9b2f1098fe74cd73db94b3eead20 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_lt.dll
| MD5 | 20d35ad38de3a2d6039ab7cbefefd934 |
| SHA1 | e63407bf6e24e84b8b79e0e9907a4ad50be9db6b |
| SHA256 | ddc2b0b06879646dae25628884791e83e44f643f7936f4e1afeb46fe821e2f27 |
| SHA512 | 8569a4531dc42df34cb51dca4755075cb72bd27ee9ef16c7f80c09c70ebe5149bd8fabd8de50ceddf09b66ece598bd00d9c8f881467c293d86d882dfb2a04370 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ko.dll
| MD5 | 694c6110a1e3000fa88f1446110ee47a |
| SHA1 | 918fa95ade538d63797f9d8e9a29097a6bf693b3 |
| SHA256 | 930571c7da4db2ef38dee8d73561638b46b3780fdce69f3e2e1024309d296be3 |
| SHA512 | 690f09eb85e425ffe005c99f8310482d1b3f263d7faf4ff12f409cdd5f7b396bc7970b022c07d5ffb6c194ce82728bc6c2a319736875e6da73503f500e3d5316 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ja.dll
| MD5 | fc0add911479cec4e7f0cba896fa98a9 |
| SHA1 | d6f5cadf35ce0703373f51d5c25bb85be9f155f0 |
| SHA256 | de6583309d8fec0c7d257957b84b6a88795f95ce1de676da580394f0c5e01a78 |
| SHA512 | b81dc8ca5efb51b9746cc5fd7acf54d3e6bbd7991289801598a5c8339db0e7d8a3c023b3e85924f0c6c57fb9dfc7bfc12b097bd2e9f713f3623cfc651ba5d0ee |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_iw.dll
| MD5 | f3122cd6edc860701d5470f7b1ec0b68 |
| SHA1 | 6ab7b6d47a390adcd4084607e9144fc1f8e86ece |
| SHA256 | 9a29d063946f8c0a5da0dcefbf78713bea82b1f9b57cf6b5b185887ceeed4a13 |
| SHA512 | 2772c467df0082b18ed56a6b3d344bbe7d9222dc3ce928a7976477d9b3abaaaf332048942f0aa0687db836a081035c6f9ef623d2f5750913e95bb6795f1eaf11 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_it.dll
| MD5 | a15bb0d59421547421d71d4962bdf795 |
| SHA1 | e48c005809bf22ded4ba75ef40cb741d85a96f05 |
| SHA256 | 0ed00bf389610495958fd6cbf55aecace8fca5b926eb775d261d381ce0389365 |
| SHA512 | 4f2ae1262f50cb5479d92fecc7d34bbbdca71c404cf74aa6b365b37081e938068c03d8361fe03577803d91ee3ad4d4932628f5e151f69e08b4eaf94563e18504 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_id.dll
| MD5 | ac167b4fa1fc881af6fab61a5cc71fa9 |
| SHA1 | c778c28fda65266e4e9cdd94b540d6bf29324f9d |
| SHA256 | 6467486124474582d15362b44a31277dfc66542c6dad46e2d088a51c53beb9a0 |
| SHA512 | 1c3afb502c9212bffbc70c27bd2309d6047b714b7f962bdef0e8451aafd89654909cb29f609e289f587e54c596e820e9cf50dba2f640840cc63a1555516bc53b |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_hu.dll
| MD5 | 9039222c620182dbd7196f2f6d45c2e7 |
| SHA1 | b10d174098932855148f9948efcd8896ff49c659 |
| SHA256 | 97e81e293bd72e7cd31f43035cb2725ce7bd0062ee31a1459480315266319c51 |
| SHA512 | 5eb42a09d01335b950425160e10498db4bd36ab78d24fa187ab226cdd72c1c03887e529e6a0897388a2a3925bf2ecbce8d5784ec7ab687f9e17b477e0d1a90fd |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_hr.dll
| MD5 | fc1a1ea0e66d6a11bb52a0f326d6dd9b |
| SHA1 | 97f80b2d3bcd04473f179382defeecd431233a44 |
| SHA256 | 323345ad30bcbc27b08d84d628e06265196faee0f33e27c99b0274525b9430dc |
| SHA512 | 63fa3b7cbbbfbebce445cf3afd856c13fbdd050b1f6625e17c9a5b8d95ae40eac0eebada1f436d119074b89c74e001fd23edb32d3c465204e9df1f089cdaec5a |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_hi.dll
| MD5 | 61ae65d900868de699ea1ad6477a4ffc |
| SHA1 | 05bd1542f5367f1b6cde1bb47e265e742b234ae4 |
| SHA256 | c694f476a771e31f3aacc0ffc1fed121d2d285785d8de2d5b20648fcc565c01e |
| SHA512 | 3a58d8ad6168a816cd15a329ff2cac593a983a163d5fda06dea182be2b10c4dba08dbfeb3fba6b0c84cdd8fdede29cf9fd88ce247bcb9d0c72ac67256db398a4 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_gu.dll
| MD5 | 8e18fbf488012ed9bd006c2b64ddbf91 |
| SHA1 | 65296023303ad62fe6f26fa3749a2e517fd97744 |
| SHA256 | e01cf3c2fc0d7c17565da5332d816a4e5bd6a4441d177c75f48b5ad98cb947fb |
| SHA512 | c404aa456ab0c72dcfbe00e27eeccc989b6cca38540a91c0affcbbb180e778d0dd31ba58a59503adfe27d76b0012941706a690e8d75f682917ffd5cc9d70c268 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fr.dll
| MD5 | 1fb7914225491072bd504285a259f363 |
| SHA1 | 0500cf0b9f8663cc67c24da2b76b7eb4698b6dde |
| SHA256 | c6a1f755892ab43ee301671ae204828b55fe76f106e6acb86a3c08e8f287e87a |
| SHA512 | f618bc1228d8f07abed48a203b0051b76119f7bdf4ad05d7d37c2c0e0241b79149fb8d17620b4b3a26ed026f3e102445e6ea9672f973fc2258595544477051dd |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fil.dll
| MD5 | 3f890f3ef795ff8d0f500f1886ac9f06 |
| SHA1 | 8ace45cc32c47f53fd811e36f6d2a8ab1ac802e9 |
| SHA256 | 95c44399a59c946bedb0299ff9544c049594c42d7e0cfd26c3d9c8d2e1d1b072 |
| SHA512 | 5370cc9cae35b78d142602a9041375bfb0b136953dbe42fd46e539a149dce0866edf4c393b548f79819a497f25a5441bd7f8f1c701df8894bdc977c7c901d599 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fi.dll
| MD5 | 0ff4e81ddfbdc555d6e8372e6defc303 |
| SHA1 | 27d301c951babc4be19d7043660a37c68a9a6f90 |
| SHA256 | a622f04d1f67ba72b32ef542b0389826a6b857b3bc43a6db4afeb7dd1b0ddfcc |
| SHA512 | 40a93ea44c38b4167ac19ec8c7a06d65bbf29d9bb7551a603e99d77c4e108f53c7fa884a16bea29c3d170088ce5dcdb73169650912891b3fbde703fd3011bacc |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_fa.dll
| MD5 | 29e5800dd3680b7556083d3c21aa7f9d |
| SHA1 | 9cb9e706b7db0683d6692ab1a2ddc76852848c25 |
| SHA256 | abd8f8fa1d2da479cee58995fa7bb58ee4cf667a707a06b59d69608275e106ab |
| SHA512 | 45cf0b891398330dca1ce681826a3fddc5f0d1e0032739cbde875c42bdc70eaee397dcf2cfea8c8365fa34569bccb897920d79dc7c6f5667cbafdcbb4444124f |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_et.dll
| MD5 | 20fd1d4375f3b12d26c318db7b6eabc1 |
| SHA1 | fba7ebdc65351ba9154856df4dbfc13d6430602d |
| SHA256 | ef6271ff6cf23e42f22b701bcb9fef7e171f388a338b7ac222b75eaf0ad1a8e5 |
| SHA512 | f8a41d86281993c306a92f3d92f9946d38d343ebd575e2ef57c3896fe6a8754a2342fe65d2858dcd2ff0a1f97cdf1df9cc2f1f46b2abdbb82ce0d8328eeb4876 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_es-419.dll
| MD5 | 42eea1071a5f56d408ae777eec906cac |
| SHA1 | afa8647d5b988796204aed778978fe6623b03c85 |
| SHA256 | 64cf61cce4eb4437883b8880a32b0e53fc4cfbe3da5c3e8fab51dfbb8c6aaf22 |
| SHA512 | 1a444f747dd0920bab930fc144df3b9c9b3552a0c93785583c047e564beff3cdaeee0b55dfcbc1dcf5652982d2ada53a0689745d4442e6169113d9c60cdab127 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_en-GB.dll
| MD5 | 697d46636189ad7f393d2c1c8a0e29b3 |
| SHA1 | 34c5826c09e292250ace3c44cb6cdbefe4328e6c |
| SHA256 | 52ea75950a01f3aef7bb373632987cced0e7d82c34e70a5f240bbd30ee80e0e4 |
| SHA512 | 2a91919386c8e40fb9194b996fb57574421e95e54306958d36850ebb4803b1a3f978562de9eb2e350e877bdc049f13f2c850a35ae97ad6c83ea77b424ee90afe |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_de.dll
| MD5 | 9efee16748f966afb5eb87c23cf48955 |
| SHA1 | 26a2e54936fb8ef7270b1aa25d29e915d1675bc3 |
| SHA256 | 90205eb284cc94fa83c051dd4c037764e1ad70bafa5ddd255cc202884529a3cd |
| SHA512 | 234abf150ebd9001b8fed17675872bd3adc9816724c06a8007c4d193f8c0dd8f52f695091a34c2481e7bfcf479692ab70883c8125ab990a8947f8ab34fe3afc1 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_da.dll
| MD5 | 3443f3593a93c3ec1c7b9af9bc0fc942 |
| SHA1 | c6325c215ae0fe9d110af75c18868f2d69dfb167 |
| SHA256 | d0b405eab9e2a572444e8bc5563d571861c5409538df80fe151155c953e687a4 |
| SHA512 | 3fcd0ec2ae5521801ed3020285c5f50162266167db4024c3330a0284b682414a3d5b3060239126bdf167f1ee23edb943890718e89ce033a9652c7078ebb50ef3 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_cs.dll
| MD5 | 8ecad669fa5eea1be1fed2ec53243197 |
| SHA1 | 19f931678fdffd726f613aed587c67e2c28b4d9a |
| SHA256 | 58fe2338f042124893a98847051bf34fca987ed8ba8bfc114b7548a692b7a0dc |
| SHA512 | 9904db317d304d80b26502b292edf4b51940802b9b3e5ad5a1ee642dcb1d8c5788768ae309aa29af603478e4c6c2755ad6c088cde18be2d6a975a3d3dd36398e |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ca.dll
| MD5 | 262cef98be21eaaeb6ef520e12d15350 |
| SHA1 | cb2d4532346a442b8ea8c74d95cbb37987d09630 |
| SHA256 | f253c1495083fda57f8211f8c9339cde93a1c746307ab012b83e4e1140d4f811 |
| SHA512 | 6531b0264b265af3be2cfe2757b47d9eecb9fb76e85b9c741b7a58401ba6c5d24d34cb1e7c4c85ecc14f256df30d1bf3a9ac602a4c7c368f1837ab7993a1e3eb |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_bn.dll
| MD5 | a7396703ba43c67fcaec6b8daa5dca50 |
| SHA1 | b24ea41d80de7c9f04ef1c15a8bd296ea604a136 |
| SHA256 | 9a6abae8d97d66ac871b71f02ad2281dbdbc3f91b92ff4d423f80a0839322cbf |
| SHA512 | acaefe1dbcb1297cbf89ad7f120e5f1216b39562d1a1ee170aa8b5dae1a29ba89565eac4550b41297ed0986f788a081729af757e7e0c240c38bf16fc1223a0d7 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_bg.dll
| MD5 | 5e7bf512451e8be7c6730a923e366ca6 |
| SHA1 | 5f7b5bd2d71fb12f685e09b453fc9c927b6ab715 |
| SHA256 | fc642a0ef0d30990d41695dd322ec8431dc735fc162fb33aa467f6acc39028f5 |
| SHA512 | 2fd07507ffc0361e3e3c2494bfe70f0c1da4f914d7a321dc611c649ae3699d0dd6a763d7ff518cf1ab0e34b43bdf567371b90edfdcadf551f9c387fd444c495f |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_ar.dll
| MD5 | d6cfec9d78ad35c085b90b31b9d0c391 |
| SHA1 | 53ee391109d899dadc0325bbc520e63eff69c2ab |
| SHA256 | aa5ecd1e8cf81247e38003aa2768a02756c98f6cb0e0015c8ee1d82ddc417195 |
| SHA512 | 74fe296f3b3a5ca9d0144f49dfbaf716780cf7033061dca9519cbec8795be1c52cf88c051934a951e6719e6053f9884b6531bddba0cc33169aba276cce437923 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\goopdateres_am.dll
| MD5 | 4bfcf96bca30c7596fdc8077d3f1b497 |
| SHA1 | 46d5076d8d789de2ee05dc4594ac4ecd3ba9bcd3 |
| SHA256 | dc6bcb120d3b92c4e91ab14466479530f4143aff5d10911f1106d5c465ad1106 |
| SHA512 | 931946343d6bcefdd6a9fbd06063956d971404bae4235a476a20601115a6a0b9add473a206d875ec940a0801763587dedb79115e29d7adb68aca85559273442b |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateComRegisterShellArm64.exe
| MD5 | 872c3539d0e09a3dba481e917ab95bc0 |
| SHA1 | 7bbff10934cc669d20eb3d5f17da3f875b5e51fb |
| SHA256 | f8955d34c1e9c043b76dfad0472561ba5b74eaec7667e461d745f9554e787f68 |
| SHA512 | e07907943b3a3133d74995d3b294c370adcb08750ece301b970c66d92451c6b08e9a68cf20d18be92782422275d3e550c7bb2c94c4f3f7832ccf76d5c4c7e6d6 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveUpdateComRegisterShell64.exe
| MD5 | e1b88b573ec7bb96c450a2d9dd23dbe7 |
| SHA1 | 1d46e35764a43515237570bab59c3a5077eec4df |
| SHA256 | 4417306699ca5d2265c0bcf312122883bf4cd44f2b78fa524e4dc15b76fd617c |
| SHA512 | 9fa7d3cc12f777ecb4980e4cf118b2a1cb47349b1c780665f0109593e8f4f8a4aef626dd080ade25f40a1380d46684707d202c465cf82b7f2db0aff9480e929c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandlerArm64.exe
| MD5 | 9a7b4118c28a676f1e9cc96b3ecaa502 |
| SHA1 | 4028efa79fa8264f99ad3387e63c4e241f33954e |
| SHA256 | 5414f9c3ccbbee1427ca73eddfea795952dfd47f86da45715492460ddc033842 |
| SHA512 | f7e755262d90f5b3175d2968805976e5fffcacba436ea19ac906a5788408987dd47f563a305629e4a1efe3783533a67b203a2a9a19eb89ff39db8f68f0ce942b |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandler64.exe
| MD5 | 5a0b2c88d214e16b4e1092842d8ef470 |
| SHA1 | e8c842568350fcdb552f7b735c87d2714dfb244d |
| SHA256 | f69597ec823be88eeb7148fac9387a6025dbcbdc665c1806dcc566c9d2d1bdca |
| SHA512 | 2abd57360f3c7badba40d7d273326aee2080740f454129384629996071a41be619fad9f1c0dc32167fa6506ea02a1421f64ad40249c997c8affd4242e5b09307 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM541C.tmp\BraveCrashHandler.exe
| MD5 | d77a3a619b3857fd8e44fe2cf6ad80bd |
| SHA1 | d37e6b4f5445210a0be96470ec530b695f3acf6d |
| SHA256 | 7fb51efc6b213b0358cbdd43468b2334cefb3e0cecdc6011284f44204c3a702c |
| SHA512 | 1cb6ad8c5138d25d715b0b70590dbe39caad6abdc2c650483519d21d3865e01b48cffbeb061c28a2010d729d07b94ab7efe6c1059206e7211990901b7eecbbe8 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:38
Reported
2024-06-13 04:41
Platform
win7-20240611-es
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bg.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_de.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-BR.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShell64.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psmachine.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-CN.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ro.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sv.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_te.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-TW.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_cs.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-PT.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_tr.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sr.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_gu.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ur.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_zh-TW.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sk.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sr.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_es.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ms.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_mr.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_am.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bn.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_et.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_iw.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fi.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ko.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_gu.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_kn.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_no.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_vi.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es-419.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hr.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ta.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_el.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sk.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psmachine_arm64.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fa.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_is.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fil.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sl.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sw.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ur.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psuser_64.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ar.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ru.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateBroker.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ro.dll | C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\VersionIndependentProgID | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods\ = "12" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\VersionIndependentProgID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer\ = "BraveSoftwareUpdate.Update3COMClassService.1.0" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine.dll" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods\ = "4" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods\ = "11" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback\CLSID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1\CLSID\ = "{3AD2D487-D166-4160-8E36-1AE505233A55}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{652886FF-517B-4F23-A14F-F99563A04BCC}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\Elevation\Enabled = "1" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods\ = "10" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync.1.0\CLSID\ = "{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}" | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine.1.0\CLSID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\VersionIndependentProgID | C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0\CLSID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5F6C285-BAF8-485E-AE75-1F1EEC8135FB}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91} | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QTk0NjdGOC03NTlDLTQ0RTktQjlENC04QjkxNTMyNzU5M0J9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkIwNkVFMTctQTA2RC00N0MyLTk4MTUtNzcyMTYxM0M1NkZGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyOTAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{7A9467F8-759C-44E9-B9D4-8B915327593B}"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QTk0NjdGOC03NTlDLTQ0RTktQjlENC04QjkxNTMyNzU5M0J9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzZDRTAzQTUtMzAxQS00Q0FGLUI4QjktNEMwQjU5REUyREJFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0NyIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzcxMiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /unregserver
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe" /unregsvc
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.brave.com | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| FR | 18.244.28.2:443 | updates.bravesoftware.com | tcp |
| FR | 18.244.28.2:443 | updates.bravesoftware.com | tcp |
| FR | 18.244.28.2:443 | updates.bravesoftware.com | tcp |
Files
\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe
| MD5 | f0d250e7864b14a6bb54b3dafc8b6b36 |
| SHA1 | 3b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f |
| SHA256 | 32c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b |
| SHA512 | 60bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdate.dll
| MD5 | 425fb0ed44ecdab114df186a030547d8 |
| SHA1 | 1b0cd116d278df4226d9fc097b4693c9f358eb91 |
| SHA256 | f04aecd02f82ad74c20073e2332f40efb96682ba52365cc257e43adfd2eddafd |
| SHA512 | fe5d08636434246a77ca6133593eafd71f1cb61cd682dcf085f08dc1ba974607a779dfc45bf3490b8f1f6651f8b349989bef586477b961932dd770d2b487c4ba |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es.dll
| MD5 | 0f2303e57a3ef541e578d363da51d109 |
| SHA1 | 4101860a5e3d027ab6a298d97f8317c37815364b |
| SHA256 | eb0086e4a303374cdbc5c118d430b2d3bc66a658012bc52876b39a1867454fd3 |
| SHA512 | 27f85c516f2d6d6f6224afbc944f1dc7f7a3654e0d66d28fd55126650e3b9f28e7471738634cec5d3fbd53699bdc6005561ffe9c0c074ecf5acd871d1b4ff105 |
memory/2656-81-0x00000000008A0000-0x00000000008A1000-memory.dmp
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateCore.exe
| MD5 | 446b52ab736570578f54bf7eb314c86b |
| SHA1 | 57c1f8619a911ba5918bb3f57cd37eba0972a7a1 |
| SHA256 | e4e87b90282fb321fe596cd98f7cfc18950bdb6092c5b7618fb5e3ba92847a13 |
| SHA512 | e564f4d2389616613a53c7c15b56779859cb2fe079a3c5a3e5be7cff6c1aa754cd8cba8f2c9d30463f06378e5f3e05fff01e27edbfae7cc3e97345646cd38066 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveCrashHandler.exe
| MD5 | d77a3a619b3857fd8e44fe2cf6ad80bd |
| SHA1 | d37e6b4f5445210a0be96470ec530b695f3acf6d |
| SHA256 | 7fb51efc6b213b0358cbdd43468b2334cefb3e0cecdc6011284f44204c3a702c |
| SHA512 | 1cb6ad8c5138d25d715b0b70590dbe39caad6abdc2c650483519d21d3865e01b48cffbeb061c28a2010d729d07b94ab7efe6c1059206e7211990901b7eecbbe8 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_am.dll
| MD5 | 4bfcf96bca30c7596fdc8077d3f1b497 |
| SHA1 | 46d5076d8d789de2ee05dc4594ac4ecd3ba9bcd3 |
| SHA256 | dc6bcb120d3b92c4e91ab14466479530f4143aff5d10911f1106d5c465ad1106 |
| SHA512 | 931946343d6bcefdd6a9fbd06063956d971404bae4235a476a20601115a6a0b9add473a206d875ec940a0801763587dedb79115e29d7adb68aca85559273442b |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShellArm64.exe
| MD5 | 872c3539d0e09a3dba481e917ab95bc0 |
| SHA1 | 7bbff10934cc669d20eb3d5f17da3f875b5e51fb |
| SHA256 | f8955d34c1e9c043b76dfad0472561ba5b74eaec7667e461d745f9554e787f68 |
| SHA512 | e07907943b3a3133d74995d3b294c370adcb08750ece301b970c66d92451c6b08e9a68cf20d18be92782422275d3e550c7bb2c94c4f3f7832ccf76d5c4c7e6d6 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShell64.exe
| MD5 | e1b88b573ec7bb96c450a2d9dd23dbe7 |
| SHA1 | 1d46e35764a43515237570bab59c3a5077eec4df |
| SHA256 | 4417306699ca5d2265c0bcf312122883bf4cd44f2b78fa524e4dc15b76fd617c |
| SHA512 | 9fa7d3cc12f777ecb4980e4cf118b2a1cb47349b1c780665f0109593e8f4f8a4aef626dd080ade25f40a1380d46684707d202c465cf82b7f2db0aff9480e929c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveCrashHandlerArm64.exe
| MD5 | 9a7b4118c28a676f1e9cc96b3ecaa502 |
| SHA1 | 4028efa79fa8264f99ad3387e63c4e241f33954e |
| SHA256 | 5414f9c3ccbbee1427ca73eddfea795952dfd47f86da45715492460ddc033842 |
| SHA512 | f7e755262d90f5b3175d2968805976e5fffcacba436ea19ac906a5788408987dd47f563a305629e4a1efe3783533a67b203a2a9a19eb89ff39db8f68f0ce942b |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveCrashHandler64.exe
| MD5 | 5a0b2c88d214e16b4e1092842d8ef470 |
| SHA1 | e8c842568350fcdb552f7b735c87d2714dfb244d |
| SHA256 | f69597ec823be88eeb7148fac9387a6025dbcbdc665c1806dcc566c9d2d1bdca |
| SHA512 | 2abd57360f3c7badba40d7d273326aee2080740f454129384629996071a41be619fad9f1c0dc32167fa6506ea02a1421f64ad40249c997c8affd4242e5b09307 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_cs.dll
| MD5 | 8ecad669fa5eea1be1fed2ec53243197 |
| SHA1 | 19f931678fdffd726f613aed587c67e2c28b4d9a |
| SHA256 | 58fe2338f042124893a98847051bf34fca987ed8ba8bfc114b7548a692b7a0dc |
| SHA512 | 9904db317d304d80b26502b292edf4b51940802b9b3e5ad5a1ee642dcb1d8c5788768ae309aa29af603478e4c6c2755ad6c088cde18be2d6a975a3d3dd36398e |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_en.dll
| MD5 | 6e49096336c7c85f926fa680899928b6 |
| SHA1 | f39b3e151de9622d36932e14af25cb1352fa5e7b |
| SHA256 | b3af09e3c984fbaf282d63b4eee7f3a1b6aeb658aedf74f097a0df1d725c5074 |
| SHA512 | df1567dbc9791ac18a11fb58783b96cf74d92076802f234f851ec10857190211dbd0240fcefc701cfe63eba97b3147e77098850cf087f334fffd498def3c754d |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_en-GB.dll
| MD5 | 697d46636189ad7f393d2c1c8a0e29b3 |
| SHA1 | 34c5826c09e292250ace3c44cb6cdbefe4328e6c |
| SHA256 | 52ea75950a01f3aef7bb373632987cced0e7d82c34e70a5f240bbd30ee80e0e4 |
| SHA512 | 2a91919386c8e40fb9194b996fb57574421e95e54306958d36850ebb4803b1a3f978562de9eb2e350e877bdc049f13f2c850a35ae97ad6c83ea77b424ee90afe |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fa.dll
| MD5 | 29e5800dd3680b7556083d3c21aa7f9d |
| SHA1 | 9cb9e706b7db0683d6692ab1a2ddc76852848c25 |
| SHA256 | abd8f8fa1d2da479cee58995fa7bb58ee4cf667a707a06b59d69608275e106ab |
| SHA512 | 45cf0b891398330dca1ce681826a3fddc5f0d1e0032739cbde875c42bdc70eaee397dcf2cfea8c8365fa34569bccb897920d79dc7c6f5667cbafdcbb4444124f |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fi.dll
| MD5 | 0ff4e81ddfbdc555d6e8372e6defc303 |
| SHA1 | 27d301c951babc4be19d7043660a37c68a9a6f90 |
| SHA256 | a622f04d1f67ba72b32ef542b0389826a6b857b3bc43a6db4afeb7dd1b0ddfcc |
| SHA512 | 40a93ea44c38b4167ac19ec8c7a06d65bbf29d9bb7551a603e99d77c4e108f53c7fa884a16bea29c3d170088ce5dcdb73169650912891b3fbde703fd3011bacc |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fr.dll
| MD5 | 1fb7914225491072bd504285a259f363 |
| SHA1 | 0500cf0b9f8663cc67c24da2b76b7eb4698b6dde |
| SHA256 | c6a1f755892ab43ee301671ae204828b55fe76f106e6acb86a3c08e8f287e87a |
| SHA512 | f618bc1228d8f07abed48a203b0051b76119f7bdf4ad05d7d37c2c0e0241b79149fb8d17620b4b3a26ed026f3e102445e6ea9672f973fc2258595544477051dd |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_gu.dll
| MD5 | 8e18fbf488012ed9bd006c2b64ddbf91 |
| SHA1 | 65296023303ad62fe6f26fa3749a2e517fd97744 |
| SHA256 | e01cf3c2fc0d7c17565da5332d816a4e5bd6a4441d177c75f48b5ad98cb947fb |
| SHA512 | c404aa456ab0c72dcfbe00e27eeccc989b6cca38540a91c0affcbbb180e778d0dd31ba58a59503adfe27d76b0012941706a690e8d75f682917ffd5cc9d70c268 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fil.dll
| MD5 | 3f890f3ef795ff8d0f500f1886ac9f06 |
| SHA1 | 8ace45cc32c47f53fd811e36f6d2a8ab1ac802e9 |
| SHA256 | 95c44399a59c946bedb0299ff9544c049594c42d7e0cfd26c3d9c8d2e1d1b072 |
| SHA512 | 5370cc9cae35b78d142602a9041375bfb0b136953dbe42fd46e539a149dce0866edf4c393b548f79819a497f25a5441bd7f8f1c701df8894bdc977c7c901d599 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hr.dll
| MD5 | fc1a1ea0e66d6a11bb52a0f326d6dd9b |
| SHA1 | 97f80b2d3bcd04473f179382defeecd431233a44 |
| SHA256 | 323345ad30bcbc27b08d84d628e06265196faee0f33e27c99b0274525b9430dc |
| SHA512 | 63fa3b7cbbbfbebce445cf3afd856c13fbdd050b1f6625e17c9a5b8d95ae40eac0eebada1f436d119074b89c74e001fd23edb32d3c465204e9df1f089cdaec5a |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hu.dll
| MD5 | 9039222c620182dbd7196f2f6d45c2e7 |
| SHA1 | b10d174098932855148f9948efcd8896ff49c659 |
| SHA256 | 97e81e293bd72e7cd31f43035cb2725ce7bd0062ee31a1459480315266319c51 |
| SHA512 | 5eb42a09d01335b950425160e10498db4bd36ab78d24fa187ab226cdd72c1c03887e529e6a0897388a2a3925bf2ecbce8d5784ec7ab687f9e17b477e0d1a90fd |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_id.dll
| MD5 | ac167b4fa1fc881af6fab61a5cc71fa9 |
| SHA1 | c778c28fda65266e4e9cdd94b540d6bf29324f9d |
| SHA256 | 6467486124474582d15362b44a31277dfc66542c6dad46e2d088a51c53beb9a0 |
| SHA512 | 1c3afb502c9212bffbc70c27bd2309d6047b714b7f962bdef0e8451aafd89654909cb29f609e289f587e54c596e820e9cf50dba2f640840cc63a1555516bc53b |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hi.dll
| MD5 | 61ae65d900868de699ea1ad6477a4ffc |
| SHA1 | 05bd1542f5367f1b6cde1bb47e265e742b234ae4 |
| SHA256 | c694f476a771e31f3aacc0ffc1fed121d2d285785d8de2d5b20648fcc565c01e |
| SHA512 | 3a58d8ad6168a816cd15a329ff2cac593a983a163d5fda06dea182be2b10c4dba08dbfeb3fba6b0c84cdd8fdede29cf9fd88ce247bcb9d0c72ac67256db398a4 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_is.dll
| MD5 | e17a245f877ea52ea79765cf445f72d6 |
| SHA1 | a98cac81db593f9d659368644ed23cc0c4a08cf2 |
| SHA256 | 5e2ddbdacf1859c554c033d6e5eacf4fa2ae580e9eb0f49d6a48480257f37901 |
| SHA512 | 32557cb0d30342cf7fa5a9221fe5120b59c3ebb3e0403b3160f9f1e59323990b16b543ec73768df5b2dc5250c098f07a05f385b7f893a9f1d4df4b25f1e53b32 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_et.dll
| MD5 | 20fd1d4375f3b12d26c318db7b6eabc1 |
| SHA1 | fba7ebdc65351ba9154856df4dbfc13d6430602d |
| SHA256 | ef6271ff6cf23e42f22b701bcb9fef7e171f388a338b7ac222b75eaf0ad1a8e5 |
| SHA512 | f8a41d86281993c306a92f3d92f9946d38d343ebd575e2ef57c3896fe6a8754a2342fe65d2858dcd2ff0a1f97cdf1df9cc2f1f46b2abdbb82ce0d8328eeb4876 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_it.dll
| MD5 | a15bb0d59421547421d71d4962bdf795 |
| SHA1 | e48c005809bf22ded4ba75ef40cb741d85a96f05 |
| SHA256 | 0ed00bf389610495958fd6cbf55aecace8fca5b926eb775d261d381ce0389365 |
| SHA512 | 4f2ae1262f50cb5479d92fecc7d34bbbdca71c404cf74aa6b365b37081e938068c03d8361fe03577803d91ee3ad4d4932628f5e151f69e08b4eaf94563e18504 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_iw.dll
| MD5 | f3122cd6edc860701d5470f7b1ec0b68 |
| SHA1 | 6ab7b6d47a390adcd4084607e9144fc1f8e86ece |
| SHA256 | 9a29d063946f8c0a5da0dcefbf78713bea82b1f9b57cf6b5b185887ceeed4a13 |
| SHA512 | 2772c467df0082b18ed56a6b3d344bbe7d9222dc3ce928a7976477d9b3abaaaf332048942f0aa0687db836a081035c6f9ef623d2f5750913e95bb6795f1eaf11 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es-419.dll
| MD5 | 42eea1071a5f56d408ae777eec906cac |
| SHA1 | afa8647d5b988796204aed778978fe6623b03c85 |
| SHA256 | 64cf61cce4eb4437883b8880a32b0e53fc4cfbe3da5c3e8fab51dfbb8c6aaf22 |
| SHA512 | 1a444f747dd0920bab930fc144df3b9c9b3552a0c93785583c047e564beff3cdaeee0b55dfcbc1dcf5652982d2ada53a0689745d4442e6169113d9c60cdab127 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ja.dll
| MD5 | fc0add911479cec4e7f0cba896fa98a9 |
| SHA1 | d6f5cadf35ce0703373f51d5c25bb85be9f155f0 |
| SHA256 | de6583309d8fec0c7d257957b84b6a88795f95ce1de676da580394f0c5e01a78 |
| SHA512 | b81dc8ca5efb51b9746cc5fd7acf54d3e6bbd7991289801598a5c8339db0e7d8a3c023b3e85924f0c6c57fb9dfc7bfc12b097bd2e9f713f3623cfc651ba5d0ee |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_el.dll
| MD5 | b7146b5a2284caa34f796896be60c6c4 |
| SHA1 | 4d167a1c283e362456dba3f4cd4d3288ac373a4f |
| SHA256 | cfd331b344d1bc7cb3668e8a2befbba9e074d5925c690fe353d4942ec9683df4 |
| SHA512 | ed942c2fa844439bdf480d21f7f3f0645ffd134c987abbfe26b29bd0d196754d547a026138482f8e2fd6e01263f95e36d34a1acbaac4070c3c922365e3469534 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_de.dll
| MD5 | 9efee16748f966afb5eb87c23cf48955 |
| SHA1 | 26a2e54936fb8ef7270b1aa25d29e915d1675bc3 |
| SHA256 | 90205eb284cc94fa83c051dd4c037764e1ad70bafa5ddd255cc202884529a3cd |
| SHA512 | 234abf150ebd9001b8fed17675872bd3adc9816724c06a8007c4d193f8c0dd8f52f695091a34c2481e7bfcf479692ab70883c8125ab990a8947f8ab34fe3afc1 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_da.dll
| MD5 | 3443f3593a93c3ec1c7b9af9bc0fc942 |
| SHA1 | c6325c215ae0fe9d110af75c18868f2d69dfb167 |
| SHA256 | d0b405eab9e2a572444e8bc5563d571861c5409538df80fe151155c953e687a4 |
| SHA512 | 3fcd0ec2ae5521801ed3020285c5f50162266167db4024c3330a0284b682414a3d5b3060239126bdf167f1ee23edb943890718e89ce033a9652c7078ebb50ef3 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_kn.dll
| MD5 | 7ab202203c3e2e93cbfadf05f9415ef5 |
| SHA1 | 49e721c7948574534c0b89af37d92c361470df2d |
| SHA256 | e1c53bc58018eef074e489c179b29d8ccd07c12a2cde50b15530ccd209a5155f |
| SHA512 | 6827bfad1e79a514a434141792a9818daedc3dff3bb0eaca3d7d8e9e03838cdb86d3e4d0c8cb893bca2d6f5e44b435dbe779b2aa18c9d56446e3f49e8baefb5d |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ca.dll
| MD5 | 262cef98be21eaaeb6ef520e12d15350 |
| SHA1 | cb2d4532346a442b8ea8c74d95cbb37987d09630 |
| SHA256 | f253c1495083fda57f8211f8c9339cde93a1c746307ab012b83e4e1140d4f811 |
| SHA512 | 6531b0264b265af3be2cfe2757b47d9eecb9fb76e85b9c741b7a58401ba6c5d24d34cb1e7c4c85ecc14f256df30d1bf3a9ac602a4c7c368f1837ab7993a1e3eb |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bn.dll
| MD5 | a7396703ba43c67fcaec6b8daa5dca50 |
| SHA1 | b24ea41d80de7c9f04ef1c15a8bd296ea604a136 |
| SHA256 | 9a6abae8d97d66ac871b71f02ad2281dbdbc3f91b92ff4d423f80a0839322cbf |
| SHA512 | acaefe1dbcb1297cbf89ad7f120e5f1216b39562d1a1ee170aa8b5dae1a29ba89565eac4550b41297ed0986f788a081729af757e7e0c240c38bf16fc1223a0d7 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bg.dll
| MD5 | 5e7bf512451e8be7c6730a923e366ca6 |
| SHA1 | 5f7b5bd2d71fb12f685e09b453fc9c927b6ab715 |
| SHA256 | fc642a0ef0d30990d41695dd322ec8431dc735fc162fb33aa467f6acc39028f5 |
| SHA512 | 2fd07507ffc0361e3e3c2494bfe70f0c1da4f914d7a321dc611c649ae3699d0dd6a763d7ff518cf1ab0e34b43bdf567371b90edfdcadf551f9c387fd444c495f |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ko.dll
| MD5 | 694c6110a1e3000fa88f1446110ee47a |
| SHA1 | 918fa95ade538d63797f9d8e9a29097a6bf693b3 |
| SHA256 | 930571c7da4db2ef38dee8d73561638b46b3780fdce69f3e2e1024309d296be3 |
| SHA512 | 690f09eb85e425ffe005c99f8310482d1b3f263d7faf4ff12f409cdd5f7b396bc7970b022c07d5ffb6c194ce82728bc6c2a319736875e6da73503f500e3d5316 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ar.dll
| MD5 | d6cfec9d78ad35c085b90b31b9d0c391 |
| SHA1 | 53ee391109d899dadc0325bbc520e63eff69c2ab |
| SHA256 | aa5ecd1e8cf81247e38003aa2768a02756c98f6cb0e0015c8ee1d82ddc417195 |
| SHA512 | 74fe296f3b3a5ca9d0144f49dfbaf716780cf7033061dca9519cbec8795be1c52cf88c051934a951e6719e6053f9884b6531bddba0cc33169aba276cce437923 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_lt.dll
| MD5 | 20d35ad38de3a2d6039ab7cbefefd934 |
| SHA1 | e63407bf6e24e84b8b79e0e9907a4ad50be9db6b |
| SHA256 | ddc2b0b06879646dae25628884791e83e44f643f7936f4e1afeb46fe821e2f27 |
| SHA512 | 8569a4531dc42df34cb51dca4755075cb72bd27ee9ef16c7f80c09c70ebe5149bd8fabd8de50ceddf09b66ece598bd00d9c8f881467c293d86d882dfb2a04370 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_lv.dll
| MD5 | 6c0b96b659ba5341871b23cb35c6b075 |
| SHA1 | 62667ef0cc8a584fa9cf420255ccf4ef15cd796c |
| SHA256 | 6f3626ceccb4e6881f7a8c304fc1c2e61f349028a5707d3f0d0953607692e356 |
| SHA512 | e22d6033542b0e01da77fae6e2307a0d5040afab28c4ec18b08791d0f9ea1d12d22f17e9afb26329cff5e3154f9c150cfa0e9b2f1098fe74cd73db94b3eead20 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ml.dll
| MD5 | 31d5214ab31228c6d21a904b2928314d |
| SHA1 | bcf5325e3c7452a9bb7ea5aa089755af0f13beb1 |
| SHA256 | 3ba9949b02454c3dfa1e8dc1c9e7238df68903922ac571d69c5a0f752762d3de |
| SHA512 | 0bf4f3f9613254ac54440a12d308351f9cc151a22be0c7ddf74429cb99c80999c2a1fa06b9dfd7546a4c7a174417f98aef8bfc35d5a74919735cba9953db73fe |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_mr.dll
| MD5 | 5e9550fde47f0781b8e154ce5c2f5001 |
| SHA1 | 02542cc304c6836d50e14eac54dfdd81404d4ccf |
| SHA256 | 5d04d7c835c5e47b33801d6f7c653689e5fda10716aa7304775ed681f617a2f2 |
| SHA512 | 159cca5365dc319725493448ded909f91c23000d11facc30a4942e185775ab4910015ee54b10c4cef218dfadddba7be0f46c872e4442e40b86dde5a9d1c777df |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ms.dll
| MD5 | e1ba983bbb648f9c4eb34690bea2b3e2 |
| SHA1 | 378d8138e732cf8841ab00ad996cd83520135864 |
| SHA256 | 64e9ecdf1c3ac37bd76712bf245b5ac443361a33c0280436aacdca6fc0361156 |
| SHA512 | ef6c07dcd8dcf165b15b36f908ee1d3cbc8904059300ed325ebe44a695a84f82d6fdf77e2986ff862a4b6e5dd6951aafc0ed6cadb9bd4951958d78a26fc5ee8e |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pl.dll
| MD5 | 65d5304dc525e2d823b9b4e600a3a829 |
| SHA1 | 08ff5a65ad5b334514ef3d8d09ca7bef0106c5b6 |
| SHA256 | 6fa385b9686d1257d177797d44713e2b1a7637d3d4bef1e768df9ebd1666312c |
| SHA512 | 0282393dc68c6b62cd22ac077d04f6789e820d07e755f13c3e8611f2b90f4ad75f5054df76ad96b6444efe4c50e11c4f184f852ad37d427f7a4ddee4eb21df92 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_no.dll
| MD5 | a24dcb087fcaeacc025d843d0869f954 |
| SHA1 | 249ab66b5c1d669f3c0b6caa365d00c4146c0ab3 |
| SHA256 | bc45c21099f4a178fa5de3e2fd56d35b00b9a61e21a83bb9127633970d2d2132 |
| SHA512 | ecf43a01a59ca1968929ca5216d243cfae6f1f03a9479c698193088d1b4c2cb5ae8a3b0700de4661a5ce3f98519f2ec3d4461ac325b4435164445fd9cb040155 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_nl.dll
| MD5 | 3eb899744679efb5578c31b9c766bbf5 |
| SHA1 | dfcddbec505c669eba2186eae14e65ddecaa5eb2 |
| SHA256 | 056ed59f4a7828bd276cb8fd981b7fc6e3a0e87728ebff818b6b402222ee0692 |
| SHA512 | dc0859e5de747f3a7b2e60e59e77529c1ba890c12d7a800ca86b1658534ed2317c79ebd64258a302da949d4f2965ecb53ae1562e9627d0cdd09e821b179a3f23 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-BR.dll
| MD5 | 06426adb39c7d04e154cef66f83bb76b |
| SHA1 | a77ffc4d4d0d1cae30a52eed7b22439a641654ba |
| SHA256 | 91912825171e691cc09d23c9700cc5e201c796dd1d05275fa5a410c20f16635e |
| SHA512 | a8a2a9f784d42ee90c67f9176dada4796ce966c002d6a1e229c901449e928bed3c626c53e261c46af4cd6bb0b866372d4172e41e3d50272a45c3f40472be0b53 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-PT.dll
| MD5 | a44b2951b8020b19f5e7033d86271501 |
| SHA1 | 12d2c7b1ce8771497bdb5ccbd1a0b865d780b7fb |
| SHA256 | 84cfbbefd4f907753a7be084508c837dc76d50eac7add47f84c08ab8325e0775 |
| SHA512 | 11dd842d978c0d68e3abd1832d96f005688abc67f463c5040ecea1ae30b68965d78b9eea3c20e5164ba7315fe4fe676b2fed6c63023af07241c26c799301f87c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ro.dll
| MD5 | 07e7507b73cc6c1e66525e51fd987673 |
| SHA1 | 3f6d737159cb1617d25b65fcec769bf503e4bf50 |
| SHA256 | 31550a0a85d539ad554f1813939cdbfe2201b74343d152e2b314f23fa2cf2cf2 |
| SHA512 | e84008a33644bf0ff58d4db9d0dc03c9866b43c96c28e5ea614b22e1f3d857fbb7f6500f412ec18daa9263e8df2e52b30e3b6d1d4b839fe7575572e590ffc9ae |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ru.dll
| MD5 | ce602cd1ddaab5278224effd2b90ec82 |
| SHA1 | 6f8f1d4b188406145ce53459e9955cc484b62e41 |
| SHA256 | aaf0079d188fa62e46541a0bdf289fd06034b651896aef61f5afda4b0e9940df |
| SHA512 | 5b7238d9a52be626a32e19149db1d9fb626a995fea3a219c6eda55a9c8c08e1f4053393d14a7c3e955c645653e14be275efc56530e9dee9fae495ca426a4b371 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sl.dll
| MD5 | a58b58776525a77d838f371c78712109 |
| SHA1 | a37b5fb6a5dc3a90a60c7729c13c3fa26e8d1fb9 |
| SHA256 | dbbb61e3be906add7e38e4cb0b9fc71e2c9f4acbd2ab8a33073213973c027abc |
| SHA512 | 108ae55708f1fa935886ee00da7ad96cf1e3e98e7f3fd5c1d70f1d5b574a46515e24a861072e3303c8472f3b193e479a6a8d94ac0186a67bb43e81dff1dbfdd0 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sv.dll
| MD5 | 14afb6448ec63a59c064e1673803b42c |
| SHA1 | 4d099f9f7f97867a6d4a9829cae420b3622704cf |
| SHA256 | 2c8a0b42d563ca46646a242203c2d9d5dad6f4e0711545e7126ee39df13ec3ec |
| SHA512 | 0563e35d823beaf2507c6049fedcc7d1f5c901f1244e6ddc267f6eeb76622243c9a7ea4b8c365db46a153901c859b025883fd647a8be40952de525c8b224fe41 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sr.dll
| MD5 | b6befac367c018108fd5906fc7d2566b |
| SHA1 | 55c10832d0c80c82c433664f87fd96e905b6c09d |
| SHA256 | 1171365e27f7e846077b2315df00bb4b680700d9878df20bacea70461e4b344c |
| SHA512 | d5a2ba5a578042ce945994d9359c285476bf322b22f8f447b752423821c346302be89eb813017c88b15c631a52393266d93f0c8b801ac76f92ccfcc7d246b83e |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ta.dll
| MD5 | a001e0b7b98b4b03f2d1930adfd18bcb |
| SHA1 | ea0508c7ac4492b7aae67d956208ddf32eac62b2 |
| SHA256 | d92fd88a65c82470708082db14c632cf435f2fcc440d70405d79ef46b71e1b44 |
| SHA512 | f094aa3ee4eb0fdcf7862eb7b1c3cc29749b398b34922220247dd4f5722a77bc9b29a0fb8a9e98093be281934e69ce260a3f9db1edff96bdccc0f8763e18f823 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_th.dll
| MD5 | 6f105b58f0b8c834b5e09a0023bc85db |
| SHA1 | 47422bc162e8ef8ad2a5839eb3d9ac39ee7f24e0 |
| SHA256 | e2b0b292e94efda3540222a0fb50995243e048de5dd848cbdc7787e4da9886f4 |
| SHA512 | 4d837a129bc33092a036a32959a985723b815e5352b12468254d7c540e3661a1ab871e436d2089d770a7e62fa74a52d2f7a6458cec45a3ec9afd0a93a6f4105d |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_te.dll
| MD5 | 76a32900d5aa8725b0e92b166f6c8185 |
| SHA1 | a8ffdbe986abfa1c791dabce6afe5f97346378a4 |
| SHA256 | e523d100c82babccd5f3812b9046b0009481dc3acb012c66fe0a63fe9631e788 |
| SHA512 | 60aa73fd9eb5b603c0cde7dbb9255d8049e9b2c1b84d6424f371987afec4ffd212653c4acb9d9ced658b24c813ebbcd7f295725d80d61a256843584d2f0ac6b8 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_uk.dll
| MD5 | a71d507c173f643c1b34bcb991ed7461 |
| SHA1 | 0ece9f06faabb54aa1cccee9da41a20b0105a25d |
| SHA256 | 86cb6ab2d72905beaca1e07cef2e9c28f4ca701dbf3c7ac64347a81d51fba899 |
| SHA512 | 7f80dc6bef345ad5ec26074a11b811cc1a7a378848f984b1558514fb79fef6c159cc195e96c6c113ee90ca672c9b0d00ab938840fe90ad67c5e58549ad7d2236 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_tr.dll
| MD5 | 573d166d52b5f529b73148ff97c36b43 |
| SHA1 | 2d3bd899ad788701102f30c0709ce4741315ef91 |
| SHA256 | 3588ea973f174e8094e026c4cecea21899203a709b3d3d1e9d3c0c8025422136 |
| SHA512 | 2bdd2fb71025721759fde516249cc819b43adfc6a3b45a4ec370456b8878983c2a4784bd81e86290e80bf8426871b63555ce021f54148e1421d4f59d3a45ac2c |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sw.dll
| MD5 | c55d0485aa3efb1cd8d40502fcac6d42 |
| SHA1 | 98753e245e75dc836e4c1c7d3dd0f60f398a5a88 |
| SHA256 | 9970bfdeba8af473aebb8c1ac7a611a794470e6577836571b0841424f69aca5c |
| SHA512 | ab4cd9c930e3c574367d6335e5fdf62bede063e785de4e936716bf0b3de9d135c6918c10729614a8bd52f971c8e4cc696e8b3bbc02aa93823cc45b5eafdb8c54 |
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sk.dll
| MD5 | de8341aa301b8f2423540460cf5c6a66 |
| SHA1 | c8b21576aa2eb7f5fc995d7495a2e0c9f35ebff5 |
| SHA256 | 3f2c2b18ed01af7c4752a550d19fed8c6600cd19ab18cdce1ca97a018cac2a7a |
| SHA512 | 6ccf015fe8fff65fd835af84013450451223d85c17c2b9b2e7bbc93239cf356c4c5925efaa42b82f708c493b0901407dddd74a891d37511e926486e3a4542050 |
C:\Users\Admin\AppData\Local\Temp\Cab9BA7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9BCA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2656-460-0x00000000008A0000-0x00000000008A1000-memory.dmp