Malware Analysis Report

2024-12-07 03:06

Sample ID 241113-x15v7sxlas
Target BraveBrowserSetup-BRV002.exe
SHA256 a88a51f4eb871cfc88eb51969a6ff335cf0ac5e255ad21f4ca4b09ea144c2838
Tags
discovery persistence privilege_escalation spyware stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a88a51f4eb871cfc88eb51969a6ff335cf0ac5e255ad21f4ca4b09ea144c2838

Threat Level: Shows suspicious behavior

The file BraveBrowserSetup-BRV002.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence privilege_escalation spyware stealer

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Drops file in Program Files directory

Checks system information in the registry

Drops file in Windows directory

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Reads user/profile data of web browsers

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 19:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 19:20

Reported

2024-11-13 19:22

Platform

win11-20241007-en

Max time kernel

115s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave" C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1" C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0" C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B} C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave" C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.89\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\de\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\fa\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\lt\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ru.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\icudtl.dat C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\it\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\kn\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\ro\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\chrome_200_percent.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\am.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\zh-CN.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\gu\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_en.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\sk.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\ms\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ms.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ur.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\bn\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_es-419.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\es-419.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\es.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\sl.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_hi.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_is.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\libGLESv2.dll C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\zh-TW.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ca.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lt.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\chrome.7z C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\fil\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\zh_TW\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\es\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\lv\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\sr\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fa.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ko.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lv.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\fr.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\ko.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\guiC594.tmp C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\bn.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\en-GB.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\pl.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_te.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\en-US.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\kn.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\BraveVpnWireguardService\wireguard.dll C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_cs.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\hr\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ja.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sr.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File opened for modification C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\Locales\bg.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_gu.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_vi.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\BraveVpnWireguardService\brave_vpn_wireguard_service.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3748_1764163796\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\nl\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pl.dll C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\scripts\brave_rewards\publisher\reddit\redditAutoContribution.bundle.js C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1880218483\dnryisldmaqljgwaxeqbuuhuvrbboqlf C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_es.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_2732_1577803205\extension_1_0_103.crx C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1889398285\resources.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\scripts\brave_rewards\publisher\twitter\twitterAutoContribution.bundle.js C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1868312341\manifest.fingerprint C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_527248887\manifest.fingerprint C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\BraveCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sw.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1343890931\manifest.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1331434137\StudentNTP_Aurora-Tennant_x1140.jpg C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1880218483\manifest.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_no.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_is.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_te.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_2732_945842716\extension_1_0_11.crx C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File opened for modification C:\Windows\SystemTemp\chromium_installer.log C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp\chromium_installer.log C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ca.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_id.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1343890931\manifest.fingerprint C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\request-otr.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\clean-urls-permissions.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1543063805\manifest.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_hi.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
File opened for modification C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\webcompat-exceptions.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_553699009\manifest.fingerprint C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1029890814\manifest.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_2732_2136634350\extension_1_0_1787.crx C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\scripts\brave_rewards\publisher\twitter\twitterBase.bundle.js C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_527248887\list.txt C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1331434137\minkyeong-shin.jpg C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_et.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_553699009\_metadata\verified_contents.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_2732_1192141911\extension_1_0_244.crx C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
File created C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_el.dll C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\elevation_service.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Enumerates physical storage devices

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759992813875308" C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2} C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods\ = "10" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\VersionIndependentProgID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{914BC57E-6016-406A-9B4D-42290DD6DBA2}\InprocHandler32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{914BC57E-6016-406A-9B4D-42290DD6DBA2}\InprocHandler32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\ = "Google Update Process Launcher Class" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ = "IProcessLauncher" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ProxyStubClsid32\ = "{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32\ = "{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine\CurVer\ = "BraveSoftwareUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\CLSID\ = "{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback.1.0\ = "BraveUpdate Update3Web" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation\Enabled = "1" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods\ = "9" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1\CLSID\ = "{F7FF255A-A593-41BD-A69B-E05D72B72756}" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods\ = "10" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ = "IApp" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\ProgID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0\0 C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\CLSID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ = "IApp" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ = "IAppCommand2" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods\ = "13" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1\ = "Google Update Core Class" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ProxyStubClsid32\ = "{3DE9870C-FF9D-4DC6-95A6-647E7493ACD9}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback\CurVer C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods\ = "10" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ = "ICredentialDialog" C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ = "IGoogleUpdate3" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1380 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe
PID 1380 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe
PID 1380 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe
PID 452 wrote to memory of 4932 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 4932 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 4932 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 1152 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 1152 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 1152 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 1152 wrote to memory of 1460 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
PID 1152 wrote to memory of 1460 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
PID 1152 wrote to memory of 4972 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
PID 1152 wrote to memory of 4972 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
PID 1152 wrote to memory of 3128 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
PID 1152 wrote to memory of 3128 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
PID 452 wrote to memory of 1228 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 1228 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 1228 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 3572 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 3572 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 452 wrote to memory of 3572 N/A C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 5008 wrote to memory of 1776 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe
PID 5008 wrote to memory of 1776 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe
PID 1776 wrote to memory of 3748 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 1776 wrote to memory of 3748 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 3748 wrote to memory of 3780 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 3748 wrote to memory of 3780 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 3748 wrote to memory of 2968 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 3748 wrote to memory of 2968 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 2968 wrote to memory of 2236 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 2968 wrote to memory of 2236 N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe
PID 5008 wrote to memory of 3564 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 5008 wrote to memory of 3564 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 5008 wrote to memory of 3564 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2852 wrote to memory of 3916 N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2852 wrote to memory of 3916 N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 2852 wrote to memory of 3916 N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
PID 3916 wrote to memory of 2732 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 3916 wrote to memory of 2732 N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 4916 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 4916 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
PID 2732 wrote to memory of 1400 N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe

"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV002.exe"

C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe

C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4QTRCQUYxRi0zMUVELTQxMjgtOUQyMi0zODU1NDNBNTM2RkN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QTM0ODc2NzYtRkQ2Ri00MDFELUI4NjktMDk4MUI4QzMzQzc2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjEwMzIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{8A4BAF1F-31ED-4128-9D22-385543A536FC}"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc

C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\guiC594.tmp"

C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\guiC594.tmp" --brave-referral-code="BRV002"

C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff79e549498,0x7ff79e5494a4,0x7ff79e5494b0

C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\guiC594.tmp" --create-shortcuts=0 --install-level=1

C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{88A4DCC5-54F1-40BE-A6BD-3E8B52E69B0A}\CR_D4AA1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff79e549498,0x7ff79e5494a4,0x7ff79e5494b0

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4QTRCQUYxRi0zMUVELTQxMjgtOUQyMi0zODU1NDNBNTM2RkN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RkFBMTgxNTctOENERi00MjU0LTgxQTYtRjE0OUJBMUIyRjg4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4xLjczLjg5IiBhcD0icmVsZWFzZSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS9yZWxlYXNlL3dpbi8xMzEuMS43My44OS94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMDcwMjg2NCIgdG90YWw9IjEzMDcwMjg2NCIgZG93bmxvYWRfdGltZV9tcz0iMTE4OTEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM3NSIgZG93bmxvYWRfdGltZV9tcz0iMTMwMzEiIGRvd25sb2FkZWQ9IjEzMDcwMjg2NCIgdG90YWw9IjEzMDcwMjg2NCIgaW5zdGFsbF90aW1lX21zPSIzMDgyOCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd69270d18,0x7ffd69270d24,0x7ffd69270d30

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1904,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2164,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=2232 /prefetch:11

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2368,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=2552 /prefetch:13

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\elevation_service.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\elevation_service.exe"

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6179249407465146487 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3396,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6179249407465146487 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3404,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4920,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=4932 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4992,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5028 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5184,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5008 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4560,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5328 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5188,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5336 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4788,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5632 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4872,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=4792 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5176,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5856 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6dacd9498,0x7ff6dacd94a4,0x7ff6dacd94b0

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6dacd9498,0x7ff6dacd94a4,0x7ff6dacd94b0

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5752,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=4548 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5848,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5520 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5576,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5640 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5692,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5716 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5708,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=5832 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6112,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=6072 /prefetch:14

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6179249407465146487 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6044,i,5556428576991902579,1603341064656251058,262144 --variations-seed-version=main@885f01c8877394881fa8edec3c161bfbe12ef7d3 --mojo-platform-channel-handle=6104 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 updates.bravesoftware.com udp
FR 18.244.28.66:443 updates.bravesoftware.com tcp
FR 18.244.28.66:443 updates.bravesoftware.com tcp
FR 18.244.28.88:443 dl.brave.com tcp
FR 3.165.130.26:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 26.130.165.3.in-addr.arpa udp
FR 18.245.199.96:443 updates-cdn.bravesoftware.com tcp
FR 18.244.28.66:443 updates.bravesoftware.com tcp
US 8.8.8.8:53 star-randsrv.bsg.brave.com udp
US 8.8.8.8:53 star-randsrv.bsg.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 variations.brave.com udp
US 8.8.8.8:53 variations.brave.com udp
US 8.8.8.8:53 laptop-updates.brave.com udp
US 8.8.8.8:53 laptop-updates.brave.com udp
US 151.101.1.32:443 laptop-updates.brave.com tcp
FR 3.165.136.20:443 variations.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 52.42.28.117:443 star-randsrv.bsg.brave.com tcp
US 52.42.28.117:443 star-randsrv.bsg.brave.com tcp
US 52.42.28.117:443 star-randsrv.bsg.brave.com tcp
US 8.8.8.8:53 117.28.42.52.in-addr.arpa udp
US 8.8.8.8:53 brave-core-ext.s3.brave.com udp
US 8.8.8.8:53 brave-core-ext.s3.brave.com udp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 8.8.8.8:53 componentupdater.brave.com udp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
US 44.238.25.243:443 componentupdater.brave.com tcp
US 44.238.25.243:443 componentupdater.brave.com tcp
US 8.8.8.8:53 redirector.brave.com udp
US 8.8.8.8:53 redirector.brave.com udp
FR 18.245.175.17:443 redirector.brave.com tcp
FR 18.245.175.17:443 redirector.brave.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 usage-ping.brave.com udp
US 8.8.8.8:53 usage-ping.brave.com udp
US 151.101.129.32:443 usage-ping.brave.com tcp
US 52.33.38.58:443 go-updater.brave.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
FR 18.164.52.118:443 brave-core-ext.s3.brave.com tcp
US 8.8.4.4:443 dns.google udp
FR 52.222.201.108:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 tcp
FR 3.165.113.106:443 udp
FR 3.165.113.106:443 udp
FR 18.164.52.85:443 tcp
FR 18.164.52.85:443 tcp
FR 18.164.52.85:443 tcp
FR 18.164.52.85:443 tcp
FR 18.164.52.85:443 tcp
FR 18.164.52.85:443 tcp
FR 52.222.201.108:443 udp
US 52.41.162.215:443 go-updater.brave.com tcp
US 8.8.4.4:443 dns.google udp
US 35.82.40.21:443 componentupdater.brave.com tcp
US 35.164.117.179:443 tcp
US 35.164.117.179:443 tcp
US 35.164.117.179:443 tcp

Files

C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdate.exe

MD5 d55e8fcb623390099f1e6bf7fcca2015
SHA1 b050b7acf6c2598387f09730eb59d39ad242f2c2
SHA256 fc66203d61ad7d9ad061c8189fdce8ac36980fb743a85d826c075b7ee77bc7d0
SHA512 29ca04d70d8543d9ca2a3877a76bbdf2ca238f63828fc5f231aa7284eef38688d45b4b17ddb56a2868867d914b0712df02d6a735ab2f08a0fbc0654c530f4dc8

C:\Windows\SystemTemp\GUM735C.tmp\goopdate.dll

MD5 3d1eb817cb5e263dddf71c8919dd1feb
SHA1 b10a12e740a82ad364113b5fbb00e859978a461f
SHA256 6f04bee43327bb175bf0a6911c7a1e2acde73ddba348f5f7603d593125e82abb
SHA512 36729e52a3f0cc8eae9ae0dd63a70706df70fac3cd784771d0e417a84654f67f84ba6f13923919ffde99d9657e4db98f07ff2b0ac823b86b01435ad6fa117cfc

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_en.dll

MD5 253b16c9821bb040b4ab25134c08124c
SHA1 fd457a09c4454f0b1df8d8ec04a398327a5cafe5
SHA256 0d4fbd82ba5da7929c3e889841bead79f404f873d96378c70c8b994f19e3e1f3
SHA512 1ff2b8db894e42fb59b334982e56eced59057ed5a0bead31efb238f20bcc20c84a8b0f46a585667b55680e80a2675a3733ad7f99c90cf59bd78863a0b2e9f5ea

C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdateCore.exe

MD5 1fc30c9b1cb6e175886bbc38f9f4c695
SHA1 cbdda008f0dbb1a7da6922939596b70f920c9251
SHA256 50a87f7f8d7559aa7103b99e034f82893cdcbc9c83761d87f41403aca221eb28
SHA512 f24e804fa60bfc1a18e3b2b60eee611c432438d089a16ba3fa075080137b8a9e39f82af30ffb1f9f7b8060c40a671d374c2a3c9bfd227df94a6fc479be415f3b

C:\Windows\SystemTemp\GUM735C.tmp\BraveCrashHandler64.exe

MD5 63af62b81f55e37b231a1c6f25e68882
SHA1 e42802c9081cfa20db5cf847e06e5d5d952abc66
SHA256 31c098528ccd0a870718d5613bda451557c4481b65cf9ec14121f63b98780d01
SHA512 cbf62505929523da55a054ae7a76b20cc9dcc4b2f79f4ee6802b352c9d11f24031bc8b9920b2da0ba36e1006d472beeaee87054ca40a3305ad9ea99ff05962fa

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ar.dll

MD5 10bb94bf36660620dfb98e62fe295198
SHA1 cb6970adc5d5954c523510b01443c565f375062f
SHA256 2910baafcbe9a5880bdfaceea66bae0e72a9ed0eca672ff4572f78e46f7031b9
SHA512 c487aa517ede863e89b360cdd56944b6c63e0bb07ea9ac39ac5db269503c2cae0a7a8a41d64f1144e6fbbbe5eced8ae7c4d2ac3494666fcaca950e29da072b95

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_id.dll

MD5 8a645cdc1de175d837acb56a638f25c5
SHA1 91dfc9cce94b4c53f3a8cf696a52786f89a5da33
SHA256 092c689b701facf07cf258a647d037adf1379e78ac41f4dfb6a7cbfd53f6c142
SHA512 0b2fcbcac4695459218aad6d0196bee07d3c1745d43d4c2ae575602c0c83ef8a5af08789a8df497e4b33f245ff90246ecc484c4b3e4a13858c556a3507711478

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_zh-CN.dll

MD5 824df3a4ab0a3af90437fd043d83debf
SHA1 8f0f4d8dfd0568dd10231c70068b56774aea928f
SHA256 8b8936fcf660cadd5829bfc603c30545a18270a8f16404e526cb20bb73187d48
SHA512 24704ad21e5f8260fe3f320b49dfb56e42cd773d448a2de42cc9ce429bc57c2de89fe214d6541395aef71fd779d0bd325693c7646bc8e07ca76d530fc1cf1bf7

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_vi.dll

MD5 975b92dd40d875404704923e07dbad20
SHA1 4eab2416210c661330e35262d73ccd1eab3f1d3e
SHA256 88de142641b3dd9cf5bf525b1460948ab549add43015ec86e9c81349e002ca55
SHA512 ac88813aade75c2864d61ae168e1ba3c258dc9a68a02c15a9300d38b1681b89015388231871f879595d415b45283606acd1f3570912aefe39f9f6560e0ddf272

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ur.dll

MD5 7b879c8fb4830493b60436f74315e9f2
SHA1 8498d2dccf700afa4a503a8bf154abfac2fd5f07
SHA256 9b5faa978dfeec9d3f7e068e041fc95240b8f7a6ef746fc716c5a9c15ee974ee
SHA512 8d33a5e27dcc7dbf60cede49d388912f5f8c2a6e2d7e2abbdd400e598a0c0bdb61ef6ba9d1f23d653a7c2d7ad37199634f6a7c5bf62b24acfa7a08564b645860

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_uk.dll

MD5 ec148792a3d0e3a8f889dd24fa778ba6
SHA1 c13f54835940fe908b08c1d986791448fb775063
SHA256 6ca2d80b32cd981a9f5d9a4d4b9200ae6b2b24c403f2548f2914a056ff7a23d7
SHA512 275cfd9bcd7de7831849996c2b558f75908b8d8d17b0e1cdd6ab2f7a99d28924bff9336e006771742353aa0e4284098f20a313b6c598a1fbf1151480ddadc008

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_tr.dll

MD5 33bc9fcc660bed50681e17dc760ed547
SHA1 6a80255de14b243e331bd7483460a313e055b18e
SHA256 115374754d0cab96380a9185fa7841d5d5a40740eb51b1208a4c14b5b849afa0
SHA512 15fff37ee18768a436f730e5494d21488169518d6f8b4ea92f79337768ed192b9b28c2c5eb3a3383590bdca2d5fe834d1caab98fcdf0af765bb47fdc77eca9f0

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_th.dll

MD5 623154c5f39bd94730c91c1ca6f8db86
SHA1 b4406e330b14fc88c54a766586f240eb5430f2eb
SHA256 dd7475f44f27cf1de092567bf6056d0acff65738ee18282dab76a3a3f245f95f
SHA512 1cef3cd57ff186b162dd08f658bb0d06a67b8d6ad751831be903967fa5111e0cff83878cfa396dc979e7ef4f0e662afbce46763ed11b822b4c4c5c8c6fb44eb8

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_te.dll

MD5 cb7833fed737bd8b477cd1afb37e5ecc
SHA1 997567686fd7444b2317a08e0d14949d2d820282
SHA256 96270fdc4d5bc4b009e8f30c77ea8e5c2fe686279c17533371b92ed454826f29
SHA512 6db2ab0b838ebb40ffb038417f7c5e8276928946d807d6976fc2b3d4ca7423dacd29e77b4e350c0d7379244b5e2d5f92898791c5b6693a30e8f3f0e87e038f96

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ta.dll

MD5 ac9370254da66c1f92107ae74ac5b935
SHA1 7ad132d1a8dc592c2907f3f831edadb89e5bca59
SHA256 b7f771b4fade2f5216366364bd22b8ac3c7a5d1e730565dbf9ae4304d0cd1359
SHA512 a05fa6a6c6e446e979e3770b26d713b7aeadb6cabfeeea0e6fe9df79d1cbbe00e52d9d90f0c53439b35e4787aaacb52046966ee28fdb848389013848702d3a9b

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sw.dll

MD5 df265d3a004b9d5b28c50adae2dcb1c8
SHA1 b0c681e4620b1c7ba854801a70ac2573a81589e7
SHA256 2a0652dc1afdb3c540b7deffe36e377f8b0635bce682bfd4ac7f4c101235aee5
SHA512 2cbf4b984e97f3f4dd76a659c348bd50da8e3036b94e1a78db9a62d63435e1547d58e12c53d2858255d8350aaa366b1497c8613bcef7e3a55e8728a22edcc530

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sv.dll

MD5 0f84219ad93a0f8338f2810c647df2e5
SHA1 6cf228e34ec9a84dbbc0f49da43bf00e5c052ba2
SHA256 fb0b66b72f1633ac2d55c957161c9c7ebb7018b699c0fed45fd948376fc134ee
SHA512 5cbdc6adb5051f64714a136c495f242274a0ec168060084e199359ef7aec573bdd0a846aad0b9235fc6f3cae49292071b103943fc9106dfa556ea46759cf82f2

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sr.dll

MD5 a79ec3431c339f84db261bbbd7a0962a
SHA1 7be627ed67dd4a5cd50d81f601709a2f088312aa
SHA256 5a6f34c232bc45b06455dd7f8bcb8346e4c413bc64f10194c7c97c24c5c9b12e
SHA512 955475afbc9b57512b5bf2247cbf5f97485213ddb2579aa1770a5d336d0138dbd480b6abdf220b5965728b7ec1a97347236e0bd1c2d50d67125ba237b1f0784e

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sl.dll

MD5 32a785a4cb4506b85e59d8a6df5223b1
SHA1 36c301b58f63f72c22f9e2183eb8684d6a28cd8a
SHA256 8993208d3bf473f860d9f4034d26592627a68ecb74dad23ca9eb18c90b27adf1
SHA512 957b676026526ed703b8c45ac48c7db13e96fe9a5a353fcfff14465e0e1a803cc11c83a69802c06fd5077c78b844c1588ac96d79c40293b77bde15a31777de32

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_sk.dll

MD5 a3d3d3e846ee0f23d8bf5deabbb8a61e
SHA1 296a019023ded3633eab6f84fe67a4617e393326
SHA256 2d9edf2df9e9c82d0710e2a8657c71332a30be1c27efaf4c2d8278dae14ffff2
SHA512 36e2491ddf60636ba132ddfebbe6088546ea4efba9fc150c04f6b19ca49c677e829faaa47299169b782e74f73adfd813b7e29b2171374e9899dbbd1bf5c0b883

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ru.dll

MD5 a9074779af6a416ceddc6e951a2d855a
SHA1 06d44b869822c84f1659d8945898ebb66aa812a2
SHA256 69203fdbe9869fde811a20b6d2c39ab71b89f24b22a8194d005747d13e0504b3
SHA512 57608e7bd24cefa3a4c2ee5bfc5efe010f46edd7c99639e73a4ab53a2e7f1f8605385019a9a45eb61fa5e38c25e30ad94e9c2a92b6d66ba7ae470a542eda8fed

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ro.dll

MD5 b23060b2cf17616b17a7d42b323dbeeb
SHA1 b9c4da1347bc3327d54581f92ba3f22ea9b33f78
SHA256 bc828e826d2a8543cbc7f229311459d6e298d1a6d16ca15ade8ac0bd2f43296f
SHA512 577f8a3489449f44c14e91503cb586294c5c216739903392f771e06ab171824f41838a58b466de5d8f76acaeaa79f0dd991539607aa8338957c7fbcba50542a3

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_pt-PT.dll

MD5 4aabcb988c50d7812fa720e9599cebf4
SHA1 80153e57bd38a258ee2aaed51ca4591eb73c0a8a
SHA256 dba1ff27184152b6dfd52c45d3e244148557f14152131fbeecedbcb00dcdb7e7
SHA512 7347855c27e8f1cd701ce7eb765c29fc8718a6da44830381d0213d3feec9651eac25668dee9d75a76b995c5819452a15842c6d434c71a91cc7ee186900bf00a2

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_pt-BR.dll

MD5 2350ccaee4ecfd7ef6fbc007606cb65c
SHA1 7e1f93aafed4c49896a402fcc01e7c839c2f9751
SHA256 8dce89d55bbae9f9cfee47516db01f2dab2d9f809f691c3774ba3974056a2aeb
SHA512 4e3af1e300edf9992a18cb7a13a182c183c6299e525b7ad9afb4b31612cdc183fd2f192e69628005bcabd83deb00a8a4a37c976acf538caddb505f015884b6c4

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_pl.dll

MD5 19d947455a1cd9629f2fc5800caefd90
SHA1 9bc80247e7bd8b78cb3c2fa7f53188f77655b12c
SHA256 54b1c26e01ed780337b8a81772d97bba8a79656dbb61ed251bd318c0dc092777
SHA512 e2ffbe1de09029a356de046f2a0888480728556acf2ef8bc6ef44ba35d222275d84ba9b794136d1bfae48ec71d4d7810801547c8634cde017b161c6f0f93cafd

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_no.dll

MD5 293e14b024bbc343d7be3e6bd4602e48
SHA1 2379dd8ec0c392c6b0236ad8241bf0d46fce023e
SHA256 716ad11b58614bd11dacca023affad285ae518e39137c0056eb564a0d2543bd4
SHA512 d4d56409696e640183117548a221a02e85166dc98a9e58cd201c685181922efdac1cb7334fa13192b85181915844c841746b2227f5eb9d102049c05f1666ec71

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_nl.dll

MD5 4273206bcaa8230dc7788133074be5c8
SHA1 cf3328d0a68b0d26a7e0b993924be8497a4ff489
SHA256 605ec2e86662f85a4d71d167f8478ca1ce85a6795e31e65abc7e2a2e845f6da1
SHA512 d05d0d9f090693393a9cef74ef42be347f3f8cf47f1ccb522dc21592f05aa54f31c3a04021427b72315e856238ef1c62458fe1fa3673a0b15cde05e08a11aa15

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ms.dll

MD5 39880c64958b66eedc4d910ab8d5f6b3
SHA1 288fe8dd688d78204c8faa2c7c3378bd52b38ad3
SHA256 48f96338cdc981fdd92f93c34ec3d0d0c6d123f6036e46dcd0ac818506ae0d54
SHA512 66940a2f4c2f9485ce7d2107c3abf22cc3b21667d2671ac4ee7833f4426da8df118a387c807f397c2e79182d9a2b284a21dfeec7813f366f11bc7214632d384a

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_mr.dll

MD5 21688cca4c4fadc1cbc410cf7378bcfb
SHA1 46f7130db5ce5817a400ab0e5764ba983d28a3d0
SHA256 347b6d93fbe02166c024ea6e0137145bf22ef319e69169bf003d8c9a13cb39a3
SHA512 8122af063c849b2a0cad7a339d27fc29932b2cdb537756bab4aadc651631254ebcb25b3b3f37a8806dc6b63dee195f1b5cc9db4c3a2bcdde5353e38fc43701e6

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ml.dll

MD5 7ef49807071444b4972efbacd4bd072b
SHA1 99059a0f76b3ba891bbf0e4b2c9ace62ea954fc1
SHA256 ecc5a18ae22c8b535d3b0618a28d4080c59516d254f69f40f24e0583ee148b75
SHA512 433bd83463e7eba5b9a2b09f12aa1c0951a7e46b639850e058c9a84ac5a8c9fa96b8101340a70caa4ce1f224c4e92732c183e0917993e40056cfbb14c2f8d724

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_lv.dll

MD5 cf128b399f167cbd1781668c5908155e
SHA1 787206ab643ddc9419bcc8d243e7265bd27eee82
SHA256 28b43b27d628c1170c8f0e164cd1239ed57c3bc3eab6ba00682f411df531005c
SHA512 7a7eb52d32ba48b77bacf31962a73b42deb3a2d4bd5f01a37819c5b48ca1dd37974da2e2a41ed4b558f20f65a04011d73ad8a36d829e35a84b66817ed2e60246

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_lt.dll

MD5 dd0b03f119712e69b50a6a4377be3b10
SHA1 5d1b1204d16c2c0d02e86e62c801c2dc90692362
SHA256 15dacac659386efb0c932652e9b3c679039cbf332e2957cde4b059dc3c50fa45
SHA512 0721dc9b13a581026101ffb2bb55eb7122eec70f5a9cca7a83cf745cec42bfef68258b3c7e43a46d8c53e54ec165b88149d6eafa2055c803a70067d875de2999

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ko.dll

MD5 b08475f18efa27cd08a4982565d744df
SHA1 9873f089d2196922eb54d8c37a7ff34f309126d6
SHA256 58b4a83a07f2c8f115f51ff170f7c0721736d081d0766a0d017a0e33e6279995
SHA512 d7d2ff8541482b9040b177e023755f4c17ccd7d104cf28c603b2522f19425b5fc9148fcbd0ce5acfd3c618c46655262943bd38fe222808d92855fee31c7f370b

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_kn.dll

MD5 016fea5c4d8b2aefb49e34fa08919f34
SHA1 84c953d687df62ff139e6f887a861cede831e2c0
SHA256 7d803f6055dc3030a3a30bd59f86df7b3726d26884e9ba94597bedc031fcc856
SHA512 d85953d435d1031fa83fe60e33bd888aaada78a0e936cd0ba1860a70a6f5c512476f38ff460c8057cffb186ac17bbde39b30b90e962a397bd2f04f4c0a89576c

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ja.dll

MD5 0298be9043ecb7f01491ca244fc0a967
SHA1 df3b4f7ffb8e1a2b4343f92ab9ecd56a78900424
SHA256 afa21384815f7b8526cbb91294db6b0928104df2eb3bf3fc3f5db773982bc29a
SHA512 58721e5915c04954e9ff90614883b553723cdf65e191f68a0dcf08137f32d8a41c35a57e10b80b736da97a035dfacb80a7626485d7a961352254f147c20faecd

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_iw.dll

MD5 a539de9c0afa595fbb84be719816c406
SHA1 816750ea319d5b0617b5341eb19b582bfe01879e
SHA256 a9c1728d9f248a4be0944fde7de91ecab0818dcef20e406a43fc6a557b4b4788
SHA512 63935f7e6e2b2ef8b85fa18747c0e68792ae5b1893fe75a59739c2dbbb5886746e500b945d37d4fad0aabcd4d993e6dba6ccecfdd5ce7c7ad8fd5029464985b3

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_it.dll

MD5 806764bd6a978b5742e9549ca133914c
SHA1 a59fd620f7d4a46e3119ffe08622c88b5d5fbc41
SHA256 4dcab469a1d9ef8a3f8193591604ea57c2229300726603411ec883f0c009fd8d
SHA512 81f27a02c7e13daca7759116b3ccf26cb79322d9d26748be09b8958f9bbae2582d30df0c45afb719de92ecd4544c5b3dd87a53b5912f21e244e8b622ea685aa8

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_is.dll

MD5 0112b4f64425c5e2eacae70d6777375b
SHA1 716a396d8d119ce57b22b097836a49cdd7e42cd8
SHA256 ac607918bc5f848cfbc7cec2633834d009bce79de996eeebcca23eaa7f87c072
SHA512 174bd28a1b9254540e8976aea9618306694db72fa5bf5c3f81e59a073feffee3108acd3b06b1241c02c775a106a4ff7cdac3604eae7d5460d0ca227702ae6222

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_hu.dll

MD5 969d54db8de320f3c812ba4b205ca1b9
SHA1 1e9588c47937246996c5dc731750fa011a2444a7
SHA256 a789906bb83f5ab7961d44b960fa136f20b2509c4890d4b0d3232bfee7f70b1b
SHA512 e65c2861eead766f7f9619f8bb354383483bbd26780e34ef138d892a167f2033f444dcaa463e5396f981286b16159a2a8d1e21409066279524f3899f76482593

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_gu.dll

MD5 8b0f6fe5113e0ec09fef546cb23e57fa
SHA1 74b8f64f04b6fe2787eb1f57010dfc3528f7dd52
SHA256 9cd57e82bf2afb49f3066431aaacc4e7b7abd1afc24d5a3db6ea834f138641b9
SHA512 0b8b2fb09350c4b347556bef0c44d75716c248d95a50d8601a267b36cc7f6636bbe8598defcef2a0994e6dabc43296d8484c882d788a234ff9efcfe8a602a2fb

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_fr.dll

MD5 7de446fc0236f2c9a7d3c7efe1624399
SHA1 cf47321f63ff226cc3b4724bb89c9bf191914dde
SHA256 2a58133fe646241772a4bf884c49ecb7dbc888ab2c53def74c59b659b94e911e
SHA512 3843fa75ce902feacd7016c8fe9a2d3159112c790908c949095ddc67bc015f14bf2bb6f3debcad57c3970a86fac1b1d26531fc5a98f54b3c08aa066b2ec72fa1

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_fil.dll

MD5 e2a4f6ae020551059f2e67b14744c717
SHA1 718a26bb33dd4ab7b0ece743879491e5a4e28e6d
SHA256 e50ddb1d12a0a31ed37a821699cb221ace67475c08a7494e9603766fc8936738
SHA512 df8429d21b76ead317b8bbd799abc33455460d5c51e75ed2fbe5ba316f30fad508a1886875fad5f2ee6b8bcc52346dbda029f85c14bff5ef6f8039307a675d6f

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_fi.dll

MD5 8a69c46679ee063c423562371ff365ab
SHA1 f4a3f4969cd65385dcee65c5a56fa19cad333775
SHA256 64281fa3b64175f18911a2af8a8a4805ab93fdf26181afec9a9a16b795f1a8f2
SHA512 0f5eb63334e5caf4ebd8e1957ce5ae1ef7251115a2e47fe133bdf54b3270333271ba587b8b48b4efee4f3204ce4b6187fc98461fbd49859708f3a9e5fbb7f248

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_fa.dll

MD5 408fa11eafd74084cf3c4c950c8d9a50
SHA1 9f7203612f7aa5dea139fc895c7cfae22113c259
SHA256 270019a1ee03894a8ede10d89388be2fa6f8052d4b1a17a09f2a74e758942df7
SHA512 cccd26941a4bb750a5741e6055c0fa4377b4d4a7c97f99eb8434b708e0bec608ab8da8f4214cf5e33f6fc8a4f0d908db6d222b2d7935513464d8e7841ec9c81e

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_et.dll

MD5 7ba9f7eedb4a6784b1bf8d8dd080e63e
SHA1 b15c614566954dbcd2f0ed5cb8f9271894d906d0
SHA256 eba2fe15c73525e17ccacb85d43b77659611d7630f102d6086be3126a26adef8
SHA512 a339ee776481f5bef46f25d91b7999a230fb4b173e3876b66cede26b5bb24d85d9e32a8a4820e09b205f4f06221aa14bd280de9947bb81711bfb6c2a91aadbb6

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_es-419.dll

MD5 af4a2d569f9704b5b0a302c39e410425
SHA1 499068ccdf88383d53ca55048a3de4c2abd06593
SHA256 22dd5b98893469d54bc9280f332cfe0aba57e2ab38e0eca7f619e6f40b33d3ca
SHA512 1e82b933d1f412a2ab50c4a51185744e1f2a7956ae2a8e63a537b37db701867b8166b5387d9ec9ee669487831fdf063899598eb04fa755735596ea723a402974

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_es.dll

MD5 ed4c27a3bf79dcbc593466f81de0590a
SHA1 a15d22c6c3a4afa255f03ed81c2cc18feb6fa0ae
SHA256 2c7833ed96e7b3a988f38574bb32fcb7c796243ef060fe83e2c2b502d4089451
SHA512 360fb6d9ec1a2ff82d4378d1bc4763ddb83709cf275fcfaf98d9a5b14fbf19f8495209021a0cf280e35570f45786f4003c07cd17467b6b622e8515a0dc3b29d2

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_en-GB.dll

MD5 0902fddc26065546d22edfb28976262d
SHA1 c518e4c5eb2f7cdde6a4af61fe028cc67e21096e
SHA256 f1b4b3cc464d29dafc78e8d016c182c6603f45e48998004bdce8eace2ce4f57b
SHA512 ab33ab123ca6e0b07f8f4ef33009586043beb1b17a67f49f61377a3a1a7ad53266473f452c49c13a493479aaa9cfc4e156ab8be3efdcad9f3899a9fceaf2256d

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_el.dll

MD5 77495892637563f86ac6e03ac04fe600
SHA1 731a7ddf9ca0df90291c93eaf7f6e0e043a31b32
SHA256 0859df5d784299a1926fdf4d9379ea42143bd6c85a3dcdb09aaff9eb93176768
SHA512 f9294f9053991f08df1bc04ce686333c7f956ad7e7ee307fb703964911b8a71849ae82c876207dd9e834678c85ab234acdf0672f07c40785dd722fd64103cab8

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_de.dll

MD5 a977557df7f8e4d88496063888da6beb
SHA1 d94ab4b69a3e63a711a3507be61c5ba1088c4195
SHA256 a7306abc8d186f69a61ee11ebf973926631e0aa9de77b4298487a0da8e673272
SHA512 76b0fd459f7cf64d862642f592227801e8b4f12bf1c0d4624d333125c30e308e21ee38311e248e707d4ff8279f943f47a180ad3d184829bdeeacf1a35ad19c75

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_da.dll

MD5 40477e11f483286ad1af8e0f9b9b685e
SHA1 f64eb8ebd4a008f331abaf14085a0b019e74173d
SHA256 2f26f1a50591ea08835b48e75d829d150bb2a6651e23c508d48e97768a20ff11
SHA512 46f4e396b2884101110aba5036ac1373ec34f0d38f65413c10ca1f2694241928d549ec4e4c4824f42bc61e4aa3758c3f2259ed90a9a7bfd9e8dbdac57f07f91a

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_cs.dll

MD5 92123c98e9fb75bad45576d7bbe6e6ef
SHA1 51fd7074fbab13728e94d88bb7012025b3590439
SHA256 08a5b6b24ec78d3b9e49521f3cdc15df97000ed77b9f148919bd9ab6ab33fcb5
SHA512 87877cbadf38f9c96d920957a8194cdb01b7860e01534c002a317b6137d66448cf6d87329e021be6c4d90e8544ab3ae6f9ecbba0bec8153d595fd2cb1bef639b

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_ca.dll

MD5 5e0091e6bf446bd0123cc70de00a0d11
SHA1 d1af62bce4290fe1a198d7a00897329742e84e54
SHA256 e62b332ae0736c5177d9bffb8441ab8466d93465d3a9e9ddac9eebab07aa2f1d
SHA512 580b4d6ed02f75629eb43307b17128eed48b2760236cdd0f537e788f3cb087871994c330520cc6750b9a50a5c22cf59956883c44cfacceb1eef26b8e64c1c4a5

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_bn.dll

MD5 2ca07b3e9a0604ebe37e7d9e291048dd
SHA1 b7df932312171eff4396758984705ae341f90e54
SHA256 bf05d3bdfce24af39dcabaf57bb8bc43c59711f9b05340446d4bbf93b96384c9
SHA512 f272a7d014192b8d605412384b4c1d7d018195961cb682583fd9dc5a9e6e6986707e6f5561f0f349a44f05c0bb0ef2e3a462a1dfd8ee920a68de34e36b79a5a4

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_bg.dll

MD5 49f7a934b85b2e24ce71ce0bf1df5cf2
SHA1 e3bc9204c41e72bfb01a43d57ece2e5ea40a2ac0
SHA256 788e007e144a113ee0dc211e49cc03f663e8021027b0c880eb6dffd0ada45e6c
SHA512 48470c8482bbb1e42da1e9c7232428b3adf149aa3b580ba2cff6aeb2faea47138c166844dacbc8a8be0c4e64f62aa8b342be245b24959ed934242b3759dfc612

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_am.dll

MD5 1f72deeac814bb6f120916dbad9b6e97
SHA1 edd8724fede99bb5dfa3bc6410aa67a06e04c61a
SHA256 6a7c2fa47082c722fd8ff0629a6c138d090035e1c24f26139b49c7a8cb91cc45
SHA512 047d45d21ca17e53974f646971f5c7c6e983e3b31744b5dcf2286b6859ec6c56d013e9b1b20de646902af8c6e8401f822cc0b2729244d8211b10f79b8cafbc31

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_hr.dll

MD5 e1fa15f02719d5c253eaf1c15c60c231
SHA1 f8791b6047053c59d077be0bb74aeb834e689c86
SHA256 a51267b1ac9d1b04c2984cb541a335c241a0efe3a010b65c0132952000bdd9c4
SHA512 1d3c40bd4a6923f04213141558e38bdbeab648e29a54d6691698bdb852326dfc97bcf78ed60ea94c028f87c9e6f0b1fb5aadc6a66917ab70c93520193af38e10

C:\Windows\SystemTemp\GUM735C.tmp\goopdateres_hi.dll

MD5 8008a4790a6681d71e326d9e6d1cb25c
SHA1 56cef51991439ad51a92fd229ef765a514a3a8a1
SHA256 8bb4465d79b65f142f869eb41635db979b0ff6f8cca8454a6e7189ea050d557d
SHA512 2be58566041a200bf33d3fd01b2b48963b6463e2886965f18ba9ac841398d99b58ad844145f93b4ecc21f7df407134b507f5b75abe7807fc2a62b996bdd8fab6

C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdateComRegisterShellArm64.exe

MD5 dd704e928d8a9774344adb6edf20c02d
SHA1 e61d894ff145a7a095d8cc2d8e631ed504925740
SHA256 361d9360f45e734253e21898ffd3c312d4c71c29b28d42f8ec36edf98ca593ad
SHA512 d989ebd9579f5f42f5b31ccdb8a96915f5d1ea67667349f12abb8753b2b3f37c33a068d47c4114046126e1fd65d5a733bd41f7bbe7e17ab57bbd63936feee97a

C:\Windows\SystemTemp\GUM735C.tmp\BraveUpdateComRegisterShell64.exe

MD5 11ef0a4e5e555094312c31c1ad90bdfe
SHA1 6e635508767a4d87c88da0fa7318feaca93918ac
SHA256 44b870bc166335790dda90d4fe4599789585ba7e9f75aa601a8b825caffc82a2
SHA512 f3894a093fba1d9dc1bee63d3564f1d32ab00fb6cb710f701cbcb51ccd5324efd87a50a12aefa1809b6a502c5790b11e61ac1537dfbe32bd54298505f9346557

C:\Windows\SystemTemp\GUM735C.tmp\BraveCrashHandler.exe

MD5 227a6cc37a2016d38db6e7df9ef2520e
SHA1 4489b2fbb560c06d9ebedb2a4421c3d34b475853
SHA256 a4dc5febade56401b9b94f81504989d0eeac8473884604642d07d7d1712a78a1
SHA512 bd477c76462ae0a8c11cc6eb7a1651e48692a567b98f4fa5b3a9c63462625353d7bed95e2b2107bf7c095f88a2eccc25d76d43122d76e812b7729a54dcc915dd

C:\Windows\SystemTemp\GUM735C.tmp\BraveCrashHandlerArm64.exe

MD5 b6e9048eedaabfc97061a3035e8a25ec
SHA1 77b80cc9b3b9901ceff68dd3e71200fac6b5e58f
SHA256 a375165a4b7d9c73f70f04d3c8800c49336c26ab2bd29504b5f07432e5eb7ace
SHA512 8dd187fdc99284b32916be748e9192a02a88623f9b5d900dcf4e83211fa8ddd2bcd488eac5b81ce1896f47ef137480928383f9f1d80ebec3244499ec415d6555

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\setup.exe

MD5 48648d4bac82740ffb724cb331f60f8f
SHA1 a0bd78aa8b2e4c8d8405d45ca399efbb1c7a9a5a
SHA256 1be01760ac83da7f5861b441a5b9aa0ddfbaf76228ff62d9ddd9ee6cb2740cb7
SHA512 f8831b6e8028f22205b12a368469dd679a88d1e46c8b90212d8ec3b064c2daf03aa9e98cd656aa288b293cc9ffec349f933b0c1077788e4e98ed2716780664c5

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 30f024f745602770c6f9f9557791826d
SHA1 77b9b1c6c535b5fae6d6e1e4c035f9d22d25d024
SHA256 11b6dabd3080e8109e57075017d209b490c7fbfd4622df7bb7acafecf09f05c6
SHA512 431e7e9a5fc0ea1ef442bff862713b31b24ceb4e938dbf79dec04ee950db74197df70fe1fd0dba7daaa7f7593aae8e0632eb5ed3b8c124a47cb1eac0381a28ee

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe584215.TMP

MD5 a7be08076739705a847905a86c6727a6
SHA1 e1f6edf6eaed5ac958bd92cf1692beaacf452332
SHA256 fd0fa791893afdf66c7431548dcbc9886c66d4e35b33a28b815443cb7a269b0d
SHA512 9e364b1f9759bb29739afe32bfc437f7c3e70ecc24793fc5fef5124ae879123d7eceb85c75abbdcfb7a3384f2b84a47c269a2fe0fe44d4eb6e2242f1b2d07a01

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\171293f7-5335-4a4e-9e06-8077a9d747e4.tmp

MD5 dceb0cfa9b61effc8788488f43747572
SHA1 c43235ebfd21469a747e8a264b67f874e0400cb9
SHA256 4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a
SHA512 a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

MD5 0612c12fc161380d8e486bf2edc0e3e4
SHA1 f5314293fd37342ed9ad5a777d64132eb26c8d9f
SHA256 47fdeabd2da57eda69a4a6e228c8fca4647b1136a514333b1300208ed1aac63f
SHA512 e1ab4257ece331a22c8793c2b88ef1e015a9d45841c28ea59dcc0ce3657adf48191f5c19b0ac42a46fc9e24f4196fa1720d5f2e225cec0c0b7bc1002842f5c97

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

MD5 86797c681b31be4800968a8c0bb9e588
SHA1 062d81347c6d71cf58ef17d0caaf7ad784e3aca5
SHA256 cdd580471833ffa8f6eb32cf8f1f5ea9b5bb9ae4b2ea108222fef8169bd432d9
SHA512 76bba86b4aab0f26840307c9a8732f551b3b070bbb2320333f8c66cd207078ca39311ff279cdfe39ae7ab65d441c6fb58af6f93e41af338eab57fcd83db36662

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

MD5 365d6caad9626622bdf9980c18232110
SHA1 764a077a480337dabbd96cbe987f95e2f0e0d606
SHA256 aaf7459b8429e35169cf13b8b1392b3800bb2bb2eedc3c240850d94e69fbe75b
SHA512 c8dcc79861cc9974527ce4f8f926d8cc783d19f8643276ef050046936e6dbaea2dce6dbc8362ae82286a5fce502e29cd9fa937d5dbdc3b0d5f12838f985c7fbd

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_ef46bc0eb4964941eda6cef8c6a4feba90dbd8f96a88492689485b40f3b358ff

MD5 00128ecb04200fe447cc1cdf6c6b83f9
SHA1 b4c8a71e72c0b7502f348e88180e2afc46ba33da
SHA256 ef46bc0eb4964941eda6cef8c6a4feba90dbd8f96a88492689485b40f3b358ff
SHA512 543f00597fbd8867f5c69af96f5781db3a4663290f1165a0e5320b1754a89abb70b5860e6b1d72c54eef2258bb686c0167c4666cdb658abf821a59d752bdf27a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.68\list_catalog.json

MD5 986712f893817366c582c3dd2e24451c
SHA1 5ad4c249712657f438950a7ba379e53a0e3304fc
SHA256 8be9fc0f7a67d492fc01b2c001562f27328cbd7403ede81221ed489850f5dbd0
SHA512 00d3882404f59cd93a05d118c511ca23ba2984d352e97e4c6283cd09b68faa1e1498636e2e310afcdc86284bd5ead091903b6537750795db5ee55fa5b8a38edf

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_630641939\manifest.json

MD5 b2a19aa845bc89bd0970c1a1cd2c4dd5
SHA1 487b6b6f909f9de24852d791ab23ae206070db6a
SHA256 10b088025febd5fa580164d49bcfb4e10f23e75a4a390d4456d588b71c8a0967
SHA512 5fc288a500681cdd8a3d75df4129cec439aa1bf29733be8b216115bb308abba980f81a5e5c6e2f7111ac2652f95ee54aefe90bf479eecefed90d6d99a034f622

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

MD5 3a03f3ab4119a23fa6b70a32a6fcd4b0
SHA1 5d047a5da7c7f388416aa50b5fba745bf5f36eb8
SHA256 69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f
SHA512 8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

MD5 57ff689022f2d93d2287ac3b48daec73
SHA1 937b7dc21193a27607340af7fb7b987b8ea50582
SHA256 4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c
SHA512 1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1343890931\manifest.json

MD5 32c91bf9b8f95b4b2330a1b7d8b6c359
SHA1 32589e12e041bbc42fb3a66c489b39ef380fc1fd
SHA256 cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1
SHA512 2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1889398285\manifest.json

MD5 2faeb3e0e757333cae6daf0f9168dc59
SHA1 81df7a54a04e464912e60c734cac52d54fa5cb97
SHA256 f83c8107be252372255ea78d0388930e04440a35ad9a8a2c6cabffe85a8362fa
SHA512 6ba4c4de41d1bd7afd6b1137fd553f8e189829cc4818a9901dfac5543f8d53dc9ba802180b2fc8989dae5e9f636e17051db6d2a75726578f3f340adedd05eca1

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_b34ad09c934ac476add2620f05a2fc082e30d5e937a8344021ce4774a6a8ec2d

MD5 e0b3f89522afb5a2d085c5c50718237b
SHA1 23b46fc4befbe1ea75cdc8a27a40e3b8097829cd
SHA256 b34ad09c934ac476add2620f05a2fc082e30d5e937a8344021ce4774a6a8ec2d
SHA512 681eef1beab82c645265d05fb9e72a83ad7d80b0cb2d7b73e05da2c6ac35664a686a165b5f266361b9242c97f0bdd136f988a6ca954db21429746fdd7082e006

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.103\resources.json

MD5 ae253a2d754a18ffaa0fe4d23ad1d9d4
SHA1 e305b9941ff315727d7fbb042e2d73bedae7b9ea
SHA256 9a2a13acbea6af3b8882e4a433a9a6d579ed7c12f1321e2794f92c64c713f80b
SHA512 fd9b81090af2af941432ac47a67943843f960353ee0b30a5a86e5bfecfb54d6920f87ae9b71dc87f612da4f1fa6ba72c2a36ce0b97175c55c9bfb6e1c7c80267

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1787\photo.json

MD5 089ec691329d6258b8faf48e820728cf
SHA1 6651335a8f2c5c67858f610db963a5e5000afb79
SHA256 70d8205d6c6c58a9097b301e2b0a8d53b273baacc599ebe80be8dfa8a491446a
SHA512 ba71585536495071b686d7b225d2695d4f2c71c1939cf7015f0c5281e4d4a4e6de8e5dbe74e8688a422e6b5da9f287a0aca52ba09343c4620ea74cc47aad6457

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_858829449\manifest.json

MD5 de7e2d53057197290b680ca7e7df2750
SHA1 f24cf39b7dbf2f5be874ce48d9911385e354efe4
SHA256 56bf0e761d85008015058d1a0ea8e7229e4d7171c3bca690ca90626e1c022acf
SHA512 2a4def48d28dc7f583c464bacf112f8d696e99b2fa63fb14c5534f260f50040e180dd24e552ebcc5e4c00c6c73cd6f78be44fee52b1f8abc2b43053f8bf0d39f

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.962\1\debounce.json

MD5 dce4aecdd67737593ebe45f77d5d2a89
SHA1 7fdac6756832329e398657372a0492fb012affbf
SHA256 f5f0640cefbd17c915c36c97a2fd010dfe0e3b7f6b136b78b5a84715eefbf07e
SHA512 2828896a359d7b3446aa1b779a794d6582b9c04547415b83ffd24c7891ff0ab67d75a073ec754a91948c3eb3ddac754308482b16a7394aa734d09cf504910e2d

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.962\1\webcompat-exceptions.json

MD5 73efd4f2973d32f34fd972ef984ae5fb
SHA1 b2d4a140a058554444382991ac53b9d1c61fb323
SHA256 65bf4ad5589291d1556325a8b0528cec6d45c241aa21c74b5a441dba986a3754
SHA512 edc515a41ba75ae60e169e21b7c8005fd9a033eae2d1e46d1d93c44bbe457508e22ec9a7c089f8735d270217f299872cf8dd22f4fc527cb733961f3548388959

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.896c75659a04bc1847724e97dab9bb883ae59ab048e996fcc88fba12a0fca3fc

MD5 b443bb668efd3420537edd25f95b0ff5
SHA1 7edeb0d999df2c09aba9b01550fb3c9b6e86862a
SHA256 896c75659a04bc1847724e97dab9bb883ae59ab048e996fcc88fba12a0fca3fc
SHA512 274cddf526eac903563bb6debb85a7fbc5c90fe6108da66322df1b46531a207320f809fbd6958c015082fc4e3fa87229a05f14cb81f811d46c11a5b38f17041f

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_553699009\manifest.json

MD5 7ac5795e8828d3a8e81745315a4f202b
SHA1 96696e82e1ea4b5d04825cbf9bcf68da55c5c5d2
SHA256 d5da2396045c0eb46184c557506730ef426bcd0cb30828109a587ee7e9315039
SHA512 a0887c0cb50c9c7a58e8dd767c34c89cc685468dbfa9b973be6c87974cbdd41cfce012e850ef277d07c1bb2dfe0b5e6d7e235aabdb3a8dcfa32ecd51cf689203

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.962\1\https-upgrade-exceptions-list.txt

MD5 b8ebe8c70e14e1bdff4bf04cee9055a4
SHA1 6a8eeeb539eb5f630091a971585bc77731c24b12
SHA256 a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e
SHA512 9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.962\1\clean-urls-permissions.json

MD5 351c91d85743457459b407c3d615c29e
SHA1 31fe0021bd483f0cd7da19bca1701726c9e18849
SHA256 b6c1539e6fca24756df35a508b1b6d739f221c0fee1e10a9fbf586946d9c9791
SHA512 f121deea582711a690b274e6fda46e59af3a0d131a5d7750cde586017634bf753ed5c3a6f2d2c919f49ce42fa8425c36b4aa00a08dc1dc69e8f60f3e559b468c

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.962\1\clean-urls.json

MD5 a98fe7937a75056049da4e475d5c8e71
SHA1 a7c77f1aa0f3ff27c35ba2b8bdaba6da4baa606f
SHA256 e6b40ecdf55cdb25cc5a8338b09226021660b569aa7b06c4bcda35984762bc7b
SHA512 d0c04ff55339483670bc9d5ad628ad7d4a98b1d302837c1841fe7f74431609cd8bc82c497da4aeee6625bab957031d6a106811177727fe39105f9734b6c2a594

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.962\1\Greaselion.json

MD5 7a611abbb6a9a924867db6020cb190d0
SHA1 e2f19e2ef273b9f5ae247873ce3306e774961d3d
SHA256 b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402
SHA512 6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

MD5 93e97a6ae8c0cc4acaa5f960c7918511
SHA1 5d61c08dde1db8a4b27e113344edc17b2f89c415
SHA256 44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319
SHA512 e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_745678280\manifest.json

MD5 c08a4e8fe2334119d49ca6967c23850f
SHA1 13c566b819d8e087246c80919e938ef2828b5dc4
SHA256 5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0
SHA512 506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_8240e2b1a6fbe5d640a61414129aa75e9ed2aee419cc2d084ef129d00117a6ab

MD5 ef5950605661c4b17aa16e25a40dd239
SHA1 8fb876ab99a304cea37cb36419168d0787de85ee
SHA256 8240e2b1a6fbe5d640a61414129aa75e9ed2aee419cc2d084ef129d00117a6ab
SHA512 aa3b4ecc39a0aa98af6be48947c2ad26241a7f0b8e783d2fdf52c9bfe579470318e4789b9bfed1883fc0c164cbf99b53fc2420590fd572f5a39b20c566dc11a0

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1063931784\manifest.json

MD5 cca35824332c16caca109b5b1447ddbb
SHA1 4b921c5b715a29bd73f5576e9cf4d1aea11df260
SHA256 078567ee859a0bd0018e7d5b3aaa4025beaf646426b1eaec806dc85fcc5bf627
SHA512 71ddb4a5bc042fb17eb058732ebbd8913d51948b52adf78f1d9d81af0cd09f651ee9a63a3ec2afcafc8351b32092df63aa70ab8aa2476cb718f685509ab68cb4

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_5ebd58ff069bc0a0093aebfaeec4368004a50e4a05235fc12f30e402888a24a0

MD5 ed17bf9ccc8944f3641abaa6af0eaed8
SHA1 451d5dfc81eead15020b7d65a6825f5029c15702
SHA256 5ebd58ff069bc0a0093aebfaeec4368004a50e4a05235fc12f30e402888a24a0
SHA512 28b987645f11c9efd3c2e9869eeb196f671eeefc7f063827ab718634bd0f9a24c96da0c873af670a0e4953684bb9e20304892bde7224c217f51d9b42d3d0b793

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

MD5 7ae8ae5282426136bea6bd5499248065
SHA1 3a11a5a459a17df40b30446532baa87bbb70e56f
SHA256 b893cd111e2af7f7597b830eab64de48cdb9447098e3dd70f9519645a73b181a
SHA512 d597a6edbdf2079bdd443014ecfd744971b42ffd9818510266837ad649bf640e6451812eec7931ec3e6422f27f9c43c1c406f1d48a4a561a1301179f9ff60018

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9296\crl-set

MD5 67dab0a4e04cc6863465b170dae7b460
SHA1 566ca17372e61df2ae2c42a94965e4711ade095e
SHA256 1ae6e188cc81803d5ea59f9bcd808b6f6817de3e82faf5625d3654a965e47604
SHA512 2319efa1d9ed2dd89c6124afacd4f05d586669868508459faba72080a4056a700666d77696049c9b891bd5f547f3f58cf268036bb9cfa2089d71ad5383212ff8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1868312341\manifest.json

MD5 7100714e944246c0d4b1f190f33e2764
SHA1 21958bc393a9ff23bdd775902edbf457323bee87
SHA256 dc469734058be9ac307caab96d9f8b80ab27730169ffb805d6bee666e7fe80f9
SHA512 33e91b0fcb7e3694d048db97f4eedbbb5f5f615e0a73a6338ca49fd1c16010064fbc5b43bc5714c1ae5997b80fe982431d2e17d319fa7dacab8d8332d0bc9895

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_460285d58574ee6b20760a64e5a2fe382c79457697357ff0a9ef6d510e48f6d9

MD5 b599d546c0a17a0ebe16b2e8d8c84622
SHA1 e1c6bdd9da334007c10d1836f277cfb3313ce6a0
SHA256 460285d58574ee6b20760a64e5a2fe382c79457697357ff0a9ef6d510e48f6d9
SHA512 359b5addb2e7be0304b33e32e3f406a90af284c8da2b7f5f48089fd8542d87f3c0215982ddbe2d154b43fb579427efa7f44bef597588fb7e8d2747b014d7de76

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_c1bd9d24b0dd9b337910ed27d276ea457c7a76df0f526ef974f6e6d6113683ee

MD5 23ad842d887a908a97a83b8a94d10b40
SHA1 58377c81d048c5614a96d98b714b29828ba5bf94
SHA256 c1bd9d24b0dd9b337910ed27d276ea457c7a76df0f526ef974f6e6d6113683ee
SHA512 cb090df97c0d3e467b760795d79d1e69d6e77ff71601ceeb00d33b8b77aa268d642c39cdc61f9cd9540791c3681127b2629b4655075289a70e0d4bc5a0be6102

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.9581\list.txt

MD5 700a47170887052844d39c6d1b80c396
SHA1 2ddc9ba33fa0f8bcc9b5d592f3c5a46f09b357e7
SHA256 574202504b5f0d0f1b117703f5793b169c53571839450b2381632fbc6e4b9121
SHA512 f4b4ab90e55211d6c18aa4303cee11e7a36cd4ae9a889fd074cdfcaece2f9fdcc5cd24853ae1dd1563d2ede70e363efee1a2bee77b7c56fac4324ff67bb9c00b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.244\list.txt

MD5 f719c1213219bdcc6946bcd4e31ee574
SHA1 166107631bdbe5a30f0ba8f53e01101bb4c6538f
SHA256 8cd9d9be3c5f45c81241c7eb7c04e989f755037af586183c77d405d2e8bf521f
SHA512 aba864ba9a1be8142c18679b70210b1c6cc5e91b9c881ce643a7b6c1c4ae71b68f756f0b2c2a99f4b2b2fccf5735718c418d5366eda4a2b8ccffdeea1a9ada70

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_527248887\manifest.json

MD5 607ff98268eccdd36abb9ef4d18f1557
SHA1 847929ff2aae367a75b93f12f35eed5db07793a2
SHA256 7f0507f06834d1107e7394efc416640d64e69ed6ad2145315c42eb24e56d4572
SHA512 0f2184afeb71a3fd8c5189eb273c5e6d8f4588feba7a026f8f8f8d894d74f4af8226ded7737bfc555b14ae5f8d4ce428aad6e4549bdd886960b2d76007ca45e2

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

MD5 d28b6246cba1d78930d98b7b943d4fc0
SHA1 4936ebc7dbe0c2875046cac3a4dcaa35a7434740
SHA256 239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6
SHA512 b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_eca398012df427eda10ac468e455d586f77426ac631096e8f140d7da56e61f0e

MD5 d1085336cb6855dc2917d31ac81c31d0
SHA1 df748a85f685bda1ddcb1c658830a3a1964a84e5
SHA256 eca398012df427eda10ac468e455d586f77426ac631096e8f140d7da56e61f0e
SHA512 27f1302b45edb0b121364e5f348252940feb5afc719dee848f97bd3b7b6f0da321410b76899ffe44deee725ab8c793022ef68addb2f4fec0d6ec6b3064b4e0eb

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_8c678b13ab7032f9ac91285b1c492aca38682e52221cc57665f4eb70c47bfff2

MD5 6cb03ddf5595c89eb8d0c885a893e7fe
SHA1 46e5760da70e33799a6ec44708b6a6f2163e4be7
SHA256 8c678b13ab7032f9ac91285b1c492aca38682e52221cc57665f4eb70c47bfff2
SHA512 ee7b081a5054c52562f1951b46d52b4e863453e4da566d28aca1c97fb46bd739dd50d97c33be25c8a42eee23770c91201881138971e5209bcf6e2c17d7f5bb10

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1029890814\manifest.json

MD5 392b8c38900e3c9d66f0f5e60fbba7b1
SHA1 b8b1fcfb32357399f0b967bb5b56c1d2b1f3db55
SHA256 a9f6316cb2541a9dae4f43ad0e1680c76837cb708f9bcbc1e5e298cd788bf9cd
SHA512 607ae80222a8abdd91d8e9dbedd39b66039564b87eb2b0ac08e84a8ffefe11f0f59f0dd6f6d408efdd6ac265687f9faf05a39be6c542c5ff765b83b91325c8c0

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.8941\list.txt

MD5 77847420e158afe823eb150dbfb1a72c
SHA1 a7a328309219c35519f6be26239f3fbf738b137c
SHA256 f013d65a1633e4a7d817305881807522359b9b50dc5c614d994deba1e8efe17a
SHA512 ad45d5c3c058aea8d754c6c740bc1125f62c3b24ec71e3e480ea4483a9f5451f42daacc669dece05649fe26128b29addf59146671ec8ea8aa0702445bbb3ab4e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

MD5 a7e80c8cc5121a2febc654140e53ac32
SHA1 c3b1b578dcbf91aa19e65d0ef6974c165723828e
SHA256 a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99
SHA512 d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2732_1331434137\manifest.json

MD5 42009b4dd959e3bc13f18be4df9274fd
SHA1 587ae3aa747b57ee96f44ff231efec1cc594dc97
SHA256 c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92
SHA512 6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

MD5 89c01a540e21a6012c4292eac6100dbb
SHA1 2bf600a9d372f38d37c64a9df5cb26d5cb046cf9
SHA256 9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a
SHA512 abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_648ccaf92d914a27d4fe0c68a8d323e845e64a5c0bb71e7401aa04f59b387f0f

MD5 bc5e6bcddd3fee166c5ae7d1ef7a219d
SHA1 5680b10917f09d286caf5ac348e0c5bf38a10aa6
SHA256 648ccaf92d914a27d4fe0c68a8d323e845e64a5c0bb71e7401aa04f59b387f0f
SHA512 e4765fdff67a996f1d8f148de16f75ecef814608b26e595eedc79b2e1a6d0222cf90a1db00d80c29a0dcbffa3f1a78faad7f7da9560cc634257b863c1ef40693

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.105\resources.json

MD5 20effecf10eeb0456cc6f537c802f172
SHA1 8fb3968af27ad30c639f45a6fcee99b48ef79878
SHA256 044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d
SHA512 6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 8e1be46c882e52f0731dcd37154f47d8
SHA1 f600af508a3d24f4fef76a66dc07b433db74da60
SHA256 558ea57606cf11a66ccd03361ed722ae99bbb2c72387136bc8e837049aab1856
SHA512 6fcc87465231c77027c9005ffa042834f4935003fe8a99541f578bd86442527340199914dc5ee6b240e343432bab112fe14d372d4c5d1b516a47f27d32037a89

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

MD5 8c089574db6597d95afa0d014d758717
SHA1 8feae9ace978a0c12ee3ff1928f030f5da07af4d
SHA256 86b3b40e31a4403b4b1a9ccbee2900f8bfe54390fd7b6734883ce3811b61f224
SHA512 4362bbc1dd523bf158c2accbeaafda248558d00dd68b9cd0156acb6c4e367b44e9eebbd0dcd0ed237ae742d7666dc4c64f3ad73536f29bd448541e16ae633948

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe586944.TMP

MD5 efc5f41c9663f240ed1a06bb21ae0e8b
SHA1 eac856809c79c7fc63bb49072d47c9dbe3556831
SHA256 cb21dae9333ceb81bc24de4e4944553354268d0d7439eab810fb75ca297394f5
SHA512 adb6e9c4ca4e6688ca7f450c938179e455f4b4f2afafcabe1a40fe81a6e9cff52d238c620a0cef5e1616119941ad75a3db27eb2cbf3abd0421d1ad060d462e11

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 708d2a17fde88b16b4d324b2125ac9ac
SHA1 d6383183b17604bed7b393a07239af70b31c425a
SHA256 a45f40eb8d99c22d0da6de5b02e43ae8e6e76e4ba378f6872b20f81154ddeb86
SHA512 179f907c6adf656ca25baf05866e099f98780ce808e31931aa3117383c7b5323b4507d2be6691cb9ba385bac77ac58d7ea392255a1441b1bb48bd7d15bfe6ab6

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\e724a9d0-3f7e-4d0a-8a5c-67353cea1b21.tmp

MD5 78bfcecb05ed1904edce3b60cb5c7e62
SHA1 bf77a7461de9d41d12aa88fba056ba758793d9ce
SHA256 c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572
SHA512 2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73