ea45663eb7a87ae2f908c9760c1ac6b91e702b3f19072e94ea532da7b10cc76a

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 01:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetup-BRV010.exe
Size

1.2MB
MD5

f53f9124eb5efa98fbc32cb489f5459b
SHA1

8a6095a94b9b80abecaad7fdd7c461bd6edd837d
SHA256

ea45663eb7a87ae2f908c9760c1ac6b91e702b3f19072e94ea532da7b10cc76a
SHA512

1113ae528de0c033b977780f09d940aac9f25d07144f07d13e8a3d6927af2c3d3f11ca3d8075de5e49dd0a3eefe7fe8edaaf0f4be1f125f8c0f0f9987019c1bd
SSDEEP

24576:v/dr/0my7XpuYa9IvVD3YJsCmPj4RlTlPGTaFSFk1pjRjO+:9r/yxaSZ50Rlh+TaJpjxz

Score

6^/10

persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-TW.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdate.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_da.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sk.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sl.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_tr.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ro.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_te.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\psmachine_64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_cs.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_id.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdate.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_el.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_lt.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_cs.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_da.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_hu.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ca.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_it.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-PT.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\psuser.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sr.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ta.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fr.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ja.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_uk.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdateCore.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_bn.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sw.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_zh-TW.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_es.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ml.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_pt-BR.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ro.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_th.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en-GB.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser_64.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUT1096.tmp	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdateComRegisterShell64.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_es-419.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ja.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_vi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\psuser_arm64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ar.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_et.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_et.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_pl.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateBroker.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_iw.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ms.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sr.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_bg.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_en.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ru.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser_arm64.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ca.dll	BraveBrowserSetup-BRV010.exe

Executes dropped EXE 15 IoCs

pid	Process
2376	BraveUpdate.exe
1688	BraveUpdate.exe
2960	BraveUpdate.exe
1500	BraveUpdateComRegisterShell64.exe
1588	BraveUpdateComRegisterShell64.exe
1880	BraveUpdateComRegisterShell64.exe
672	BraveUpdate.exe
2180	BraveUpdate.exe
1628	BraveUpdate.exe
1556	BraveUpdate.exe
2032	BraveUpdate.exe
2592	BraveUpdateComRegisterShell64.exe
2064	BraveUpdateComRegisterShell64.exe
2828	BraveUpdateComRegisterShell64.exe
2228	BraveUpdate.exe

Loads dropped DLL 47 IoCs

pid	Process
1636	BraveBrowserSetup-BRV010.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
1688	BraveUpdate.exe
1688	BraveUpdate.exe
1688	BraveUpdate.exe
2376	BraveUpdate.exe
2960	BraveUpdate.exe
2960	BraveUpdate.exe
1500	BraveUpdateComRegisterShell64.exe
2960	BraveUpdate.exe
1588	BraveUpdateComRegisterShell64.exe
2960	BraveUpdate.exe
1880	BraveUpdateComRegisterShell64.exe
2960	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
672	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2180	BraveUpdate.exe
2180	BraveUpdate.exe
2180	BraveUpdate.exe
1628	BraveUpdate.exe
1628	BraveUpdate.exe
1628	BraveUpdate.exe
1628	BraveUpdate.exe
2180	BraveUpdate.exe
1628	BraveUpdate.exe
1556	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2032	BraveUpdate.exe
2592	BraveUpdateComRegisterShell64.exe
2032	BraveUpdate.exe
2064	BraveUpdateComRegisterShell64.exe
2032	BraveUpdate.exe
2828	BraveUpdateComRegisterShell64.exe
2032	BraveUpdate.exe
2376	BraveUpdate.exe
2228	BraveUpdate.exe
2228	BraveUpdate.exe
2228	BraveUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync.1.0\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32\ = "{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods\ = "17"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32\ = "{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}"	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\Elevation\Enabled = "1"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\VersionIndependentProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachine"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\goopdate.dll,-3000"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\ProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassSvc.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\Elevation	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ = "IApp"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\ProgID\ = "BraveSoftwareUpdate.Update3WebMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\ProgID	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\Elevation	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\CLSID\ = "{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\goopdate.dll,-1004"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32\ = "{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine\CLSID	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync.1.0	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\LocalService = "bravem"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4576ED7B-F35C-415A-905F-AD43D0A7BC46}\InprocHandler32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BraveUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BraveUpdate.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
1556	BraveUpdate.exe
1556	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe
2376	BraveUpdate.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	1556	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe
Token: SeDebugPrivilege	2376	BraveUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 1636 wrote to memory of 2376	1636	BraveBrowserSetup-BRV010.exe	28
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 1688	2376	BraveUpdate.exe	29
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2376 wrote to memory of 2960	2376	BraveUpdate.exe	30
PID 2960 wrote to memory of 1500	2960	BraveUpdate.exe	31
PID 2960 wrote to memory of 1500	2960	BraveUpdate.exe	31
PID 2960 wrote to memory of 1500	2960	BraveUpdate.exe	31
PID 2960 wrote to memory of 1500	2960	BraveUpdate.exe	31
PID 2960 wrote to memory of 1588	2960	BraveUpdate.exe	32
PID 2960 wrote to memory of 1588	2960	BraveUpdate.exe	32
PID 2960 wrote to memory of 1588	2960	BraveUpdate.exe	32
PID 2960 wrote to memory of 1588	2960	BraveUpdate.exe	32
PID 2960 wrote to memory of 1880	2960	BraveUpdate.exe	33
PID 2960 wrote to memory of 1880	2960	BraveUpdate.exe	33
PID 2960 wrote to memory of 1880	2960	BraveUpdate.exe	33
PID 2960 wrote to memory of 1880	2960	BraveUpdate.exe	33
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 672	2376	BraveUpdate.exe	34
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 2376 wrote to memory of 2180	2376	BraveUpdate.exe	35
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 1628 wrote to memory of 1556	1628	BraveUpdate.exe	38
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2376 wrote to memory of 2032	2376	BraveUpdate.exe	39
PID 2032 wrote to memory of 2592	2032	BraveUpdate.exe	40
PID 2032 wrote to memory of 2592	2032	BraveUpdate.exe	40
PID 2032 wrote to memory of 2592	2032	BraveUpdate.exe	40

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:1688
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1500
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1588
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1880
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins0QUM2M0JBNy1CMTM5LTRDNDItOUVDMS03QTgxRjg5OTE0MEV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzM5ODkwRTktQUQ1QS00NTEwLUIwNTYtRjU1RDhENEI1QjlDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMDE0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:672
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{4AC63BA7-B139-4C42-9EC1-7A81F899140E}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2180
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /unregserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2592
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2064
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2828
- - C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdate.exe" /unregsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:2228

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins0QUM2M0JBNy1CMTM5LTRDNDItOUVDMS03QTgxRjg5OTE0MEV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NDczRkVGMUYtRkU4My00NzkxLUFDOEEtQzEwRTVDM0IzQzlEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0NyIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzY1MSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1556

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
b16dad6861b31fa26955e16d4c4f477c

SHA1
b558a4c1081fecda8901cbadfae9ba90353a6620

SHA256
684f582f5cdf698077df5f25837ec677d53e0d8e26d3e3c599d6b14c8b1a0164

SHA512
f8ae6474da8a452cd2ff319a9566423e9dbc86807bb1edc5a6d82f90f401c7f9cd60f4c34954d2cf5e9a33e3d9516abf4123ea198d6d71ebe6885876aea0fde5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
9d612e64936261785e40de177b4465ec

SHA1
05a597e23e42cb53d9d4e25df439a7e524046fa0

SHA256
18f069a4394d977d8f4ddb67158b29ef64d38abb17b9cfd095923fe775d6c30f

SHA512
b5d9caac93a656a79eff14ba82bdb8b2c54ba91fbabf48199dca5bf6bea294d51421031a28c1171db94d6d6248283369be0cb9be42ac59cfc8432c245415cc42

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
5f92d34dcff00a37e90b98e33ad8d1db

SHA1
87461de2700d271e1fd38dc2073f02dffe618b7d

SHA256
d9b0cda160918b3d3ddf6b3875621c8858c4665ac8b7d868e299eaca61af58b8

SHA512
aa05f236a2be208efd264ba1c5e6ea191894d062babe95e1041bc0dd24054d5c99b4f0384d6f9706336842a757b9404d37f79a1abd11511cd07819893ce3fee0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdateComRegisterShell64.exe

Filesize
158KB

MD5
a2cff9714964372a14e0edfc001f9b86

SHA1
151d7a08e0c47f6899042be3605bec1363c5ccc5

SHA256
1deacd81d09e9399c086c72f8a10238e27f0f83ec85e65dc68c36d74f028f6d5

SHA512
3eb3fa2079ca82794217a1efea956466cc20b3d039dbe6267ccec87a8970b3aa4d3c7e986bfc7d985a4d6acf1111620f8db1002ee64cd5033c37c13b1881b83e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
142KB

MD5
4461bb925946597ba396d195bcb8d8fc

SHA1
8ba4e2533ac62a8c236d4b097e4e0c0a8e6d1c3c

SHA256
df0064d52f9044cdb532be858d623e3b7c1289abc73b88a908beb981ba06320c

SHA512
facf3211f69adb8f913ef65c6e64703a61b3d87caadbacec91b18be559b0c50365fb9f4540526b14c6e4c52acc828266bacdb8b662da2ef35df1703929f4058c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdateCore.exe

Filesize
194KB

MD5
e218373b2a048e05e79d5fb79dece052

SHA1
20ba47e1db5a4fc93f8212ac1aa469c882d2732b

SHA256
97679db9b816e0f46398c7aeb83e1784f56920de77ecbe57706e1f5253c2ce8a

SHA512
0e68c6d4fc89916b66709e35b3abdbf0734f7ebf9623a905a6e0091373ca0309901bb7ffebdcab8f54dd6bc54571abb3fcfa9f1952bfec9074dfe587251f7e57

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdate.dll

Filesize
1.0MB

MD5
3dc1e42d04cec506aed38940eac8a57a

SHA1
fec05108d72f2268d21e6eef568740e2f13d3f8b

SHA256
000d1ec9d9e3450c2d8029a3d100735756a59b6cf2181892ca200263eeb4e039

SHA512
f49114b404cc740ab1a437c848807a8eae8b111a297200ce802710d06985688428fc163ee58667b980071e544f90b62b91d38ddba33fd830fe144a61ac446e95

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_am.dll

Filesize
42KB

MD5
6cf6316830afa38060a60a7d012136dc

SHA1
00412e5086b89fac39fa27dc62a78eb3ae31d7c0

SHA256
24bdbd05eb763f0262c49d8512f61dd7c44f11d4dde1f8101c8fa12ee8e8d1df

SHA512
3d0aac1f67ff17792b7de4ce88eaa917eae7b30242dfa0f843cb73a46564842915eea30d130ca7f7c6611b694f246754ab65b480a9afa95d423b4224d8a36dca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
d8731b39ed9a393e3e289c0911ab1eee

SHA1
a18ba2fd85a176aa2fb36864926375da343ccf4a

SHA256
3710fba08af216d8e963b636364d7d2d20811bfd636722746cb4d10de772a2cb

SHA512
d91608f1129805c9e9229e0cc0cb7c4352d41ef4bc1bbabb8d63e1272e31d2ee05e85391108052c0865d53a269d5d73410af67123315755fc30e2f6215ee05f3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
e2d787c5cf0303b451797210d31d916a

SHA1
5289357ce5dfc052f476ef78fa7fb214d57e992c

SHA256
a3fc2bebcb055ca96f548f8d0b109d8a3a1231cc8dd6bf82760286cb90187a87

SHA512
96e10593e5893e05c2cff3f08ce97da0e6758cac14a9ef5786d7f2538c301ef9b0766c173ab52e7c6b6e728af743ba906a22fa91543b7d3b5483e2d7573f390f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
1dc7a864e0dd031ad67cc64c227e069b

SHA1
46917a84bcd414e8f8ce0e327458a2b1fc2763c4

SHA256
dac4633e943e6bc66f927a1dd3122943b6467f5fafcec4e20015675a03740bd6

SHA512
1a7ad4c5e72636b31d0b4bc0f8fc7bf6ea5989344321cfa1c257458e79acf04dafc6e1251e1bfe1bc0d8db430ae675b0cd5a9f669daa81431c484fd05b417315

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
4b20334c56d43cbdc0b2a1e0d0673381

SHA1
36130db6aa55769e7943d08db798c673bd31cfb5

SHA256
54facde182197b136dd3e342b75a79ccac700442e55240bcc7c519b62393d7f3

SHA512
14647ff17916250b7049441ee58c93df4a6407325196382dd0ed458bbf9feba13a4cfaaca0cdd8b4479fdcbe2a0bb67e7c8ff21d854ca1ea38a708f16b3ae24b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
7efda27b50d9ccedee0167af8f5ceffe

SHA1
d92067d311a1a43a074fb9dc22cbaf64fe729ef0

SHA256
92d27bdc536f9a9ffb6c25269169d22fd601931970e9ee40666164329e6b6638

SHA512
4c96427dbcf65617cd659dbf1ecd57310643cfc59d59952baa6fa5ea985307e45776b44a7d7bdd3a96a2877bd8579962fa9800e593b18c4a57c87496c5722c8c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_da.dll

Filesize
43KB

MD5
4bf7aecc37ccda1ac33ad522efc499c5

SHA1
149dc692d8477ba49a1a21c11728c185db23270c

SHA256
ac94a3d631a41ac2ab3fb84174b7f5256ea7e701c77520e8c908f0faf2a2727e

SHA512
280c63ac845637da9cfaa404e03dafe0a0bb57be384507dd662405dcaee5207c684346b0318c43d82d0f977776443008e69371b76866f5c92e5bc36e54078322

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_de.dll

Filesize
45KB

MD5
14083ae2a8aab155509020ae66f28069

SHA1
3d9a92a66dab14c12c45c4df477df692de2eca63

SHA256
f3b801c07754e2035c669fec667e4a1562e4fe41cb1701beabe8253c6eab36b6

SHA512
4d86c7d8b53efd5d25797372eb4a150c1576bba3264e68a23a5a78990edcde26932204a520aa7245bf5728946b2b99486bb6f2064ea0047e8bd8dc3aa35cdbbe

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_el.dll

Filesize
44KB

MD5
fbe097375e6d2b8f0f6d24e0d2126081

SHA1
8401e3c8a1090fc5c12f2bcb1de6038b9737a131

SHA256
ce690190442de8df1c6e9fceeaa2188f0a87a1a229cd55dd46f6831977b1599e

SHA512
bb1357dbc31a47a73fbd44db2ded9824f1ffcb5c9f75a1fd0855ed415a17f65b7aa3fddf8f0d546d809e6d4230c42845bb87be8c7fc290e1cc890b0acda8782b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
a97e61ae7d4f3459268574a627ec1c56

SHA1
be494459f45ad2fd21fd0d74710c7693276b9910

SHA256
77b6a53cd2582ca4cf12369218b43c54c2f3b862308a3c70af51550a0ef77127

SHA512
8d4a6a9049a55a9d2631d6137f69d1aafca0efd0faf1e5cec4f3cf8b096b25f1f3eeca97f4fbaa00b29d9b7c2dde64d3336f2233099f469853ba3bf1cbf35a26

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_en.dll

Filesize
42KB

MD5
a42e392638e3bd562119f329f1f6ca7e

SHA1
4f94199719e63a4748bd72ad5e1302971dec273d

SHA256
12e9fa82d84acbd65b316505b730b4ae4b889d0017ba69e361a693567390be56

SHA512
98f137e1774c45af3843c67db818a53854aee2c41d4d6fc331962a6cd93a1d60a547e8d1d9d09e426b157783565a37e653616dc1c617f22b5a68d02cfab00325

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
81cea0cbddd6ee8415e96f82c0a41e27

SHA1
9869740d09a1358adaab96ddb114c54de117a913

SHA256
0c23e5ac606ae406f9ade1eb302b81d7d8de2aea6ae679eb80ef1e6d17f385eb

SHA512
63878f20d81a41838152273e9ef4d58e9e0a3196b506a4e2765f2d3686bdf780a3fa2d51df98e2a5b70ee78d23e3c5d30368a44d06a4f13907e411b35a044142

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_es.dll

Filesize
45KB

MD5
99faac678c3f67b0145fa57662f8c9a9

SHA1
99a1fe3a15c69cbdb50ae38dd1f853f0cc416135

SHA256
7b8ba0c0819903d0871fc9ae6dec383333059fd4e8ed74ff926a878408bc2923

SHA512
44259220242156399958715dcc7648264a5491eae983a2bcae643df5d013c61537eac6d591688ba64aa4742460c904b34b899e7d2bafd2fb7f50e6638faf5548

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_et.dll

Filesize
42KB

MD5
5adbba40236c012f4a892216a032d22a

SHA1
b231c049976d97b11e7d34bbb88befe22b530e8b

SHA256
66ac88680277361f4b41dee02ca04fc5a4cf9bdb1122393459893999b01a8568

SHA512
1c43102d26a07a988a90e353c5063b091405c2f1c53056c84f494b7556165ef9618b0f90d3d87bcc6663e788f6d15d21c9f9398172a8c4f2f5f6271abd73953a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
58937b906561307a6d063ba5abaab99a

SHA1
c0a411c2f512242a353d28182a9947d5a653d5eb

SHA256
27ff22126fa137c7bf41be7bb98d292da781ad48b49feb599f1b5503bddc8ce4

SHA512
e86c8626c0017dc41b048ddd362043a64354dfd4bb5e3b6773c3251e258d8b76e6a03f57b3978f01bffe757e021d4b66ea712bc5d84f1949795105e64f994186

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
527cb062727b6b5b760fbc197e69752c

SHA1
e82a0f2d2751874ef95f8204baf43651e0778a8a

SHA256
cda0512382541963fba80c7ee453d02c319b598643ccee94d4146c0d5dfab261

SHA512
6bb6bcfb84bc6e1957a97bfe3c7796311a0fe5580120a1f5657b4bd71b69627a7c753139a805d00bdaabb9308abd7da52bf6a0a03e5d85bfb4eb1cb99e5a92e2

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
cbbfc844cb65b8eafa56d02d6ccd3c3d

SHA1
7ea60ce77d1631a57e03313e6d78e5ca0387339b

SHA256
f47841baaaa869e5794faf056f9cdfd0bb56d53029e1205e3fd39843e0cace0d

SHA512
da2061b592d0de1a972a3aae12c4def2c6d37a8615bbfb282657138c058dc68cd46fb9fb07cfdc4da36e56023b405723e418e705782cab551a00ebdfd0286c22

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
03fa8eb5da6400ed631a663e605b73d7

SHA1
c8773e4422e84d01089a4a1870b22d64b97c7b6c

SHA256
b79d71a5a804d056b11871a563ce4ceb6e3efe42a2c1e70ee4137cd9af2b1ba8

SHA512
b7e14eb53181328e033834141ec880a5b74a1e3f22288a5b0dc356c23162eb76b2fa23601d56046dceeea5753e7525d462f566723f57917b6553aa317d1aa98b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
edab94d434e036d480463b61c396673a

SHA1
92706a0f0f0bdf4a3773f010c8b15404987bb004

SHA256
2a48c45d5ad84b3af2985a85dd7fa266f74d50ac40c9c8898b2fa2b124029cb3

SHA512
38157d5c1c613e9126e46507611c426ef6a8b8ba59cdc4291a2d477f3bad2ee187f1da9e906f0257d09252a4e11b82357a44c5639544df1828f7e094ffe7aa59

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
0a37787ef989cf8ebf64450cf88ec22b

SHA1
fd676848df0f3bb2c6ccbd0d99d8962144dca809

SHA256
e79e09480e4d8c3439305dbda3710bd43e4b006b76edb8c38542d3eb08d428c0

SHA512
65c5ba127627b190e5c83dda76ce2a0b182c419263816b7c2835c2080e86564bd40f16483cd22cb08a4df661549681efed50498f3b2740fe453bc15e29c8dc27

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
d4026d759ecffcafc31729daa96cf069

SHA1
8346f89f894bc800e13d87897437ccd8f05ad642

SHA256
9414670d9bc1e0a1de3592a1388f7770dd0728bcecfdea7d32e55049b2f4dfec

SHA512
bf20f1ceec54f365a1e1f24b37232b8a7664583bd89c5569452ddf7d7c09f5cd0278cd85680706bc42c2774eaf2a27f8f6ef3748f4b9a9890fd93e5e4490d371

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
a190c15d80737bd1fed697bf68ccd299

SHA1
82ddfced5f9437ab625ad49ddeaae2e189d92bd5

SHA256
f39d1f432f7d104df9d4cede43e9551f6bec8665f5f5d9d9a8c591ab82418b34

SHA512
17e093f74a1e06c58ec91a610465044651795ec7efd32a9815dbb577617ff74b7df0b77db19810b84892c40994ec18eac3b6c5bc70d645f6c383349e780aafb0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_id.dll

Filesize
42KB

MD5
49079359e755ff94169082368d2e28ff

SHA1
2469ae4a9c9650dfecc49037ff2a0a56750e8e83

SHA256
3ff8b8d40356c88b936af877dc67546481c44286f1aa4186603267e873abe248

SHA512
24ea4b0b90f39b6f812669f6086fdfe5deed68b4ff33414ae34a152b1404e5135159a3ecde6fc85df6e8c29deb49a0f2e8fcdc9e021c4acd46f2b6105507e428

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_is.dll

Filesize
42KB

MD5
f87b951fb68e2a324f74681aae1a8263

SHA1
50db0407ca7aa13835865fce2e735b6faca9c53a

SHA256
1cf654db0806ef1d1f0f918bf1057d8ddc02cc79538d989096863d337570d37c

SHA512
e62b2414d43cc480fdada5b4ac55c831cd277c64221f5b4ff1db27ad12951c9e49b11aece1a3a68bbc9ba6a992447ae17a9bf0c9322fd721742e88558fb2a778

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_it.dll

Filesize
44KB

MD5
6166dadb89c59de0acce402c23c4aa56

SHA1
2521d022dd4a3eaf10b387e8e27961fac4c3a0eb

SHA256
f4ee95166dc0270bee92396509bffbe3ebd559e4aa411bd5106411d6c25b4f58

SHA512
e234374018ac343ef42f084814accd74d528403f3aea7816f041ccb04fe0e788aa42cb55cf9e978d034db2e34bb4a3f3bbd94f388669fd1691920bd8222a61a9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
1600c0793c47ec5cb285521a92ba2965

SHA1
47ef873379c16f9cce207ed469d04a30865a1fd0

SHA256
4a148b5e5a7385b1ed68c2b4b679694c640cf927f63f68986aa7c32566d87686

SHA512
da5f06bc2b78da241a86d464664256e647eb73130951f343921143e05ce34d1a589bc5abcf3c8c85973bfd4bcb28370c088818d78da347bec4b75cb640021141

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
945be15f7937ef754dc9c067b4b34054

SHA1
fd3b818882ba258e0e04d05acd4083ea7ff13998

SHA256
770530b8e9386a93daebddc768ac489568457c98aac9ae2abca02da53a1abe23

SHA512
ed947b48f79fdee8af6f4971e25fb3ff7032e227599bf2db61da3ffec838d9af9e9aa75ff17668f7dacb66dafe557558cda305ec0d7f4d09a47c70c5b751360f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
ee041f92737dae7c8e96819b8d39e02a

SHA1
efa4c4e61a2b4382f66ee56b67276d9fe1e3f080

SHA256
2f2a778c457fc339f974d010319bf982db104e6325688fef53c730e7c92ed876

SHA512
67a7be9940515350b2af0a0ff197f930dacf8afeb7fd149cae2ce20c545669288fc1eb92a3aa1331b5ce95d1bf031ed1142edfb61febd5074d93fdc680e047ab

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
c7ae5ed1fcd403acd03ce6905c25bcc7

SHA1
d05d51cd54bf27b2469c120cc7b15659bc6eb06a

SHA256
e95f2d38685490c4ee765306ceb50fc142e7613c3a807cef25f932a96284309c

SHA512
927bb8f2d091a4f388925b40f098a475c0b7595107c45d5c863de7f503d1c94d18c7e7d36ccc0b50900630914e2dbd80a4bc464717414bd7cadd502d227a225d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
49c8df28d8395ad5fa456bd51a50dc78

SHA1
9f6b153bb16a5d06f5c1ed3ca2d1bb7cd68fcf64

SHA256
1c832fb45025cbd6ec42833c88b70e55a2995c5c9c11c27d54a8edacbc528e90

SHA512
d19f521f4b077e0bf47d6909b97682272c858d1e29fe5f03853160859f0d8d55d7251eaea45d821010f88fa2d9e98d79218f5d7b00d18bb0b0e6c69c81fbe539

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
394026e172be2f17ef9351ab01feeda7

SHA1
16ccb4e3218a8e65f57b99b3aae49bb977c74c59

SHA256
557005e47eb83784697da95b793e64e9bb13158873ccc1d71b2a1f4beddc13d0

SHA512
141357427fdec2af88db01627a62370fcc71a8d22bec59ab63faab022ea4322992e1c4bb7b29dad725e6886e010c492e7e8db6d8744d9c45484782ff79d82fdf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
6225f4d519bf8b72646c558853ca074a

SHA1
c47f6188774ba8366b19b2da04f6b4fdc6417053

SHA256
496bcb6dde8fff01ac4f56f1c8a85d04ef8c91b73a12b724864d03046d85fe90

SHA512
36fcfe0d4de695dcce97f5cd2795daa81cdc01fd078686d5ad6fcc6d9b98c049e1f81f66e186c3eb63c35dfb9e85e0d465022ab155d3460fc827aa24a69ee8f5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
36bfcdb12896977d206f8a36c16eec99

SHA1
b9b955153758791fae5d841ca5b0310e203aff25

SHA256
0e5dbe19444bc4d488764db0331b002e2f02dd30e12722789973f910fc84564b

SHA512
8c4a1cc079820b5ef0ca1196b128696d5a3175bc70cccb3fef8275bc90997f5057100315ff50007d088e85088dcbb26260e90b2f69ca7536345842c46fbb97c7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
c63058ca1d44a9b02405742da29acaff

SHA1
ccb8c9453f5dbd5c7cb59ea1e0f6768b1552bce9

SHA256
1df66784f4d7bad01951dd19553c1e231085531de63e5c341c8eac2b3daa7214

SHA512
926308cd7e3785044b835c6b56682d9951818946b102736481aa7ce3290114a87312e7929f5501aa261d22b94ac88986ad33e2fa5d09e001dcdb51bfa3f56f60

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
f5e81a1c0cd615d2d7de00e66184c158

SHA1
486eccb94882f911b817eeea1c946fadd9ceb207

SHA256
f00a4cc3da4f2a51bc3318ea412efa965ea9405d3ae4ef0e7dfa7a9b8d90680f

SHA512
2932505ffc66830cd320256ae2d5a97964c14ac6aac2952337a15ca65463a27b64693ac769f0d1f2f98e2a4a1deefd4a69f251afd38216b5194a83a24e137394

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_no.dll

Filesize
43KB

MD5
4eb899682f1e5fa369b596104f30b035

SHA1
d6260e3065b6316d0b03f565730d82d4feb327f3

SHA256
b9825a748d1ba4c1860124c1d13d4829a96cc51ca3cb427e42205328ba33736c

SHA512
9cd8cfedbb165ad31e65f42d849369a9ab9d30f18887fa6d69345c84e38063e60239e7acfb21592ca684cc6918ed5648faa9b1567a9cd8a202f648219a2ea522

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
bd96b7941d35b2b634f6af1f03f33c84

SHA1
3166ee5f1a3af1cba9e99a5c32b200c1ca75e7b9

SHA256
9de532e4d3efb6719ead9807c2b33af360b4db56aa60be5c711beb48dcbbf362

SHA512
3ebe3b6b7303a788112baff66a45c09f2750645a58d44c37adeff4e0f1937872d61d73c8e000124b3b0267d50a27f2385c3a18bffca7aa7c96d09f7005c18eca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
094b590bd6beaa9f188995ec3da15911

SHA1
0bfa98f886fb13a53fdbe242f8a57782edec9700

SHA256
abed731bf825dfa08e0317c7c91ddc52dde6132c85db5c425b259389d2d43b64

SHA512
7e886219241c1c9c55d9aaf097d65a1264d8aadee8339b79a8149ec6e704d9e80282317958e4bd976531d85a3bcd924780588b2374920c64a5f6b1a108ea9bca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_pt-PT.dll

Filesize
43KB

MD5
3bc40e1ac1cdbf38567a23c60442f7e9

SHA1
b112b27381c3393707a9a31033d45016ce38ac6d

SHA256
d65310f9e1f077df2e6737416dc5d9024373a65b7ae4b292dd59086e33a09902

SHA512
39526b56bd556bb5e0b46b025912952a0219e4db7dcde6968eeaf5537d18682cf67076bc9ae81bdae8eb995769c0153c44d82c2a9cfe33ea09c59b4499f0ba2d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ro.dll

Filesize
43KB

MD5
514f11a42ad9ce38b184a61f7607c684

SHA1
4f536355dc8fca948eef0debcf506464c4a85e7f

SHA256
e1ecf083e1ad9b11f0f2ddd72252b5a8ae0f02d09ff3d0a8f645f34354564709

SHA512
77d0be1a8e5373ce845b1d12cf9a46a9de8b156e866b809ecc2af3d2f65cdd78ea4d99ccf414b6f221bb6177caf0a623c3363930b7294bd9f7528cfb32a7e46a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ru.dll

Filesize
42KB

MD5
8f1a8a98e7faaf7a22f7398495d7be61

SHA1
e0251c102bb6aa4c9878ca44b2dbb49b7b0ac6fe

SHA256
1a61ca79637a88b95ee36a2579d1989a00afcadf3b0608ff431b6eb0af29a6fb

SHA512
c38be12456769862d9d7f30f0497ac9660c0275abbb646b7b6fb779d9c29f2ef8a32e2c698daaa8cae3e74f20b5073bdbe956cac50bc4302b5bed2436d509844

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
1a0b250b37e09b6373ee2f9b953265fb

SHA1
f4de5040d23054c5416786c59d61d1087195f52f

SHA256
5caac2573bb192f66446794daddba820b99110010e54bb9c24e141cb68c4d18c

SHA512
de47f0f898b17590a8bff1fd65758dd49813d269a04a3d5fd6e5cc09478f8a483e3a2378bdb174f0993a95e76f6d2bb9be9093f0b5490a8278f3fa4e4762ef91

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sl.dll

Filesize
43KB

MD5
8203b2c7d5aa8252ebd7b5b6efecc375

SHA1
6d34fe3a75f8d9556bc66ee0aae59f30ccd607b1

SHA256
4d8c40e684f4dc22ba2c331e3e72875114f99e16e5192a5d2ef66b7a373712ed

SHA512
ce6d8105ec8d88315e91de80ad998ea880b69b319afbc7b063cd86cdd9f16bcf2ee44f59acc9551e5051771e1eb4cc063e5d84551b98d593bd85af0f6a9b5d70

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
edc6d2f58c3905a3e4692550e7434f7c

SHA1
86ff77fb03861472a67e4aea9567cf13da0b0cad

SHA256
7f1f0be2a0bfef03e0179eda628b3647a64274b66c2a0e95d513dab851e371d6

SHA512
a308bbe722a2d6a9d65aee9412679f1efd04b3fdece430063a70aaafeedd83e219e1e7e94bdb597d15a22a9738bf411e76a55c5de16de8229149a1ca496b6b14

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
db2d06cbd1bd7d5519c1a22f8b1fdf00

SHA1
2f6a40bbfc9eff1a32279737b63d4285e41bf4a8

SHA256
284463d4663da132401f34efaf9a36a7012a6a6591aa3792c2ebf4528da008a3

SHA512
d1bca00f0729ceb77f37ccfd4ce0f2dc2fc9a49c03f3bead0145d222f82863fe73b071c68fd17fd71d02fbf6e57b0ed765baa628923303a3599540af9bf2f321

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_sw.dll

Filesize
44KB

MD5
35da47c38769b3e764da4c64bc76b5ca

SHA1
7a265e44f276f43dec9a25eb7f10453864d40237

SHA256
24171f509774c79bd817bbb4adebcf9d4c41b0db83ae7eccccb2a236b5e635d1

SHA512
65f22c815c8576683f5647ece8b2afbe827c6fc3b0bf4f2e71fecad06d831cb3bce18116268464d8453c3c63fbd6323155c1e01a6b5a3cc2d109eb32d72129e8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
10c9627844bd0bc989e48858cb7893d6

SHA1
616614c63950a9836d07a45364761f5e9b6760a2

SHA256
6d1842256db2095d05b5e87d121ca4f13960d8a9a2e05aebcaea2308e49503dd

SHA512
bd92c4c8dd5f365c3067883ba9b38fd2f19769295e1122adddf276801a19b69c782cde0c38311c5d10315e992e7f59651c652945c8ae04aef44b2b2eac229ac3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_te.dll

Filesize
44KB

MD5
3629b3615e6891034a30fa3c77d85e71

SHA1
f07ca586de9c0b9097ff545976e38882b2dcb579

SHA256
9a7dbcf6de86db06eb1133660781213fdd38cdfee15328d3154e8006aa22dd69

SHA512
f09881c662a7467bcdc8bcd7be425405a771013f96dc8bbcc62f943002c4b452f21ecc79dd8292fee820bb89d2ad2e5861f270c488c73ba69880ada39ac0fc15

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_th.dll

Filesize
42KB

MD5
ca64fff8264422e5b7ba8e5082fa87cd

SHA1
799a576232dcd7771118b08795f2fe60b28210a7

SHA256
0b6c5f05b07412021ec7e5dd4e98a4886b3fb6de194bb9762789eb98373a3323

SHA512
7dd87d73542739a1c81f6e948f37311cdf2e93e1ea94e3ca9a4f72ebeec3615c10dc7926916297dcdf29be03ba9bf0518e67afb8699f6e8333dca067677a0307

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
06b20d4b7f6fd5af5bcbbff27d677fef

SHA1
5ab773d71e5b98efcdd11df7603b5a6818ec2203

SHA256
c3e975f1434d956da615e9bbd3d69339450cd71839f5aa9d7515236e18e60146

SHA512
76a7a719666dc4bcbf91d2a697fd623b480a0f146eb6d3db48041a351ae8b556d79c978d6a948c538e2207e0ce1e4e1c916bd2d48d514df9b20236e84f7bcb1f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
6dc44e26f198067240bff2266dc16c8e

SHA1
6496879351f10831b449f99c1018018aa4da9d35

SHA256
7cf5ac2d246b55b0bd61a05503dbff9d5eaaa49d29857c91d51e7af66ec8ff50

SHA512
07a18fdcb589567bcec6a2272770af79a9efe2d0e92cef7d936e25607dc6bdfda6aa01f41bc9c98c45ce8b4582e3d7c882508739fec8af96c4215f0611d1d99c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2350.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\Temp\Cab2252.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
\Program Files (x86)\BraveSoftware\Temp\GUM1095.tmp\BraveUpdate.exe

Filesize
163KB

MD5
3ed7a1033b9b04c1cecf8c78f8cdea2f

SHA1
07c8820f17b0d7d434b8d30b93f93972c8e7be0e

SHA256
f86b9c463d5a2aec77ecfa7230e279953af280c6e12a1bce88d1bc2c1aabfbb6

SHA512
0eb19924fb9ee933ac26def7654944a18acc83d87cf9e7ab08f31ee5459be787b59b0771a53b6b478ef7184d8905ed48213632ee98f8ea63f63477b443b1dad9

Download Submit
memory/2376-84-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download