hxxps://github[.]com/pankoza2-pl/malwaredatabase-old

Analysis

max time kernel
604s
max time network
606s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24/08/2024, 11:57

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old

Score

8^/10

bootkit defense_evasion discovery persistence upx

Malware Config

Signatures

Downloads MZ/PE file

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x001600000002a88e-541.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
19	raw.githubusercontent.com
34	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Bromine.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PankozaDestructive 2.0.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bromine.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bromine.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 973073.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\PankozaDestructive 2.0.exe:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
788	ONENOTE.EXE
788	ONENOTE.EXE

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4116	msedge.exe
4116	msedge.exe
5028	msedge.exe
5028	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
4784	msedge.exe
4784	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
5084	chrome.exe
5084	chrome.exe
3380	msedge.exe
3380	msedge.exe
788	ONENOTE.EXE
788	ONENOTE.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: 33	4712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4712	AUDIODG.EXE
Token: SeShutdownPrivilege	4584	Bromine.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE
788	ONENOTE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 5016	4116	msedge.exe	81
PID 4116 wrote to memory of 5016	4116	msedge.exe	81
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4136	4116	msedge.exe	82
PID 4116 wrote to memory of 4044	4116	msedge.exe	83
PID 4116 wrote to memory of 4044	4116	msedge.exe	83
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84
PID 4116 wrote to memory of 3440	4116	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fa23cb8,0x7ffe1fa23cc8,0x7ffe1fa23cd8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6801901826242654638,10527304695116290746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffe0bcbcc40,0x7ffe0bcbcc4c,0x7ffe0bcbcc58
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4440 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4580,i,12048760327354836465,1534938247281511618,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:1868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3624

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4940

C:\Users\Admin\Desktop\Bromine.exe
"C:\Users\Admin\Desktop\Bromine.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000490 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4712

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0c5ebb5d-e068-4512-9b2d-986c2f9e53b6.tmp

Filesize
13KB

MD5
364bb2642d5408ec7213f4822049a557

SHA1
e750abda87e23534d42699eada2c55bef3daf2d8

SHA256
69a56c7dd41088169de6052b956eb82db3c1f14f5d600a11cdc4a3a0964cc7ef

SHA512
078c44208e2499b2c49875890e2d83995eefd7a1b6b849b54a115e25e8fa47a280f8ba3beba2819d570972df2df05c77f7e63e20d4095fad0ae67302e5a56ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1d9f571436e8c8c830910ac176579a50

SHA1
cc12a18b0bdd248cc431a3fe092cb10d803e87e2

SHA256
a725c5516eeaaca96504f9355fd25661b3c8fd55a7e6863eb8b8433748dd79b3

SHA512
b5e2a8070e690d8827220abfa5b313f2d91031565759fa217d66f390e9c16b839441bfa5a22a6a80275cd6b2f207da89aa01a4e1dd6c572a5f30f3f9a0ece006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
6fcd0edd91d86ae00c42bb456a64994b

SHA1
b56b4d52fa6452273b756998cf59bcb1c93659b7

SHA256
599a15005193058a3df0e8043564e2f5a22911954750cf3f35c920111496bfd2

SHA512
0a0c272b7452469635e0e702db829771295a4e757969eef7c3d9d70df9330cb921448140233f6e30c19d1c8e3223c4110ca661e8cd09b9da5b51bc1667eb33b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a117216c-d06b-4dc2-bd42-1b447f7ddc6a.tmp

Filesize
8KB

MD5
79996c4895fb148a004cbb0b19e78735

SHA1
23c72fcf9fa0306f6773c7018f87c8673b424838

SHA256
d4b5e8074c2d7a04a9746876069f9669d559c350f3ee0709fc194ba6feaf65ac

SHA512
21033ab84f1f5c478435c1c2ff1aa5a42f55d776e08197c4e9311b35c359c9c6588eb87dc782e9cd1649d72187c18032c89ae33f46d810fa7d371d561d64c9b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
08508e17a5c9e283a6ddad593fdf0b3d

SHA1
0f365332c99d2280fc010696fc5c3b6634685f96

SHA256
ca195ad19429a77a9d45a4919024400ea7e929d8495e7beb25e56bfcb6e7fb19

SHA512
a71d0cb1f40296550b8a20f30904dc7dca533797fdb94b672ecc46e8872c856508adb2eddd718c813f06aa12e72d45a7e6b113cc9ed7fceb7e9f5934d4f898ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
735df27b23abc429d53e44714251339d

SHA1
11d6658500991c3f8819a90f786260324d2f8be1

SHA256
294b048b024a94a33523bf584b53196550e479a268a4565b18e99b28f3ac8006

SHA512
3bf19cf1437d0c52fe7ae478f8aeab856371e9969f2bf227e44bac984f811c8360a2f95aa3f5a2f2cb68e5499586ec6b76656e45488720f33f2b067250ffe584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c6fda0c12ad422f8f09abf1784ac33a4

SHA1
2cf2b29e8cf28b7efdab3b8572fa8e76ff87b262

SHA256
dbc03d143e1d9cd388ee6aec2c5494ff97608d7bd2ce27e5d63f97d66253f663

SHA512
128b8aa8be854c22e4ba6276c26a60d14052981d960b0eb9d6184f744dbec9cbb6d779d0c16e1eb2f261023ca52f3e14f00ab99dbaa944d18d624483f5c89793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16652537ef5ece5fab1c22732a21d75e

SHA1
2a390254733f9599ccb98033b433cd40104f9483

SHA256
056eda4bcbc50cab70a9b76d18bdebf438c476277313157a13dd10080513420d

SHA512
0a90da2ec94bf0eab0d2ba53f0a71a8fd140bb81765d90eaddaa984b40bef7d85cad304515731f7606a14e43d31a4ff446abb253965eca8162cb08960d99951e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
c4897aa78d9edac4710b6abd9081210d

SHA1
82fff6d6a6c64af2e1e64a0a56c46cfc2a3470bf

SHA256
1c2dbad9b7fe623f7907fe8875ae1df241de6ea09e8dbb063b885983420fc005

SHA512
207439940f16c3a029f465c4f4b6d290f15deea00c5d46365d2bbe5a27c48371315a7a5e39366638a4d256c843470b6e9acd6fc7c0b85aac10dde6176aba026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21c268c8ecbbcbcd50e5948242b0dd5b

SHA1
993c99230f030ae5e05f106a6ab8f0de0fc5cc89

SHA256
f0c14169da1f1318d8e6c04beed9cac060b7348749a21075343514062d9c3bad

SHA512
c4df2774b34b96c49549b94f5a68869225f58651b9f3f4741cb15cfa3e1feaf58b84782b0d489eac5d343a0c1d307fe92a8ba0c240bf5faca97470c163a95060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d50d519ddef66ff8a0a9b51ae091372

SHA1
b5c82371aaca324242fd3bb6deab77670c9931d3

SHA256
9ec883b9005d7aa5e215783b9c15f2c3850a003c0bde89bf3ad4026ec2a9fd80

SHA512
a4cea19e8cef72eeadbae8265329538d260ded6420df3c38634c1bcc23bee9d9c939ee69a4156aef65b93845a74085f1e1ab235db9eb2db3cd9c78d87b81c8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d970fd56b4e40b36ee049e35c52e947

SHA1
ddce50527bb6575010a9fcd035100821e740977c

SHA256
d969c6f159c8edea02bae445616bd726329a78aa26bf231f2d29f4d60b9d8348

SHA512
f453fffc0b22989cb18fe0c782d7437dbfb7becf5aeae69559c12b013e04efa193dc1090a7d0cef73bad0a5938df099fdf874c53f48689f7c63bc80b8008b278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7cca2f6bcdf6078a7e3b7d9d82d2d76

SHA1
4bc7cb36ca2947e33ed487ff0f4a7e800367d583

SHA256
48c38e566cdf763baa3101b970ca806aedd5a6641ac29fbaa4cd30a1f4dc5131

SHA512
140ab4365606c26b6b3de140a34d11d5d4235f3ef01fcb76dd605f288b8f1879aa5d6032e78440c53103b987fbddee5a7250d394636d8fae9d5e417163499b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e16c0674ddc9a5d5ce7da9abd73df1c

SHA1
4fea299b9828ad753824aaf3c2d6c9b7dd5635fa

SHA256
3c090770b864b1a1116372eac0234f009d3b949ffe54df4c7271b1dae9ab44c1

SHA512
2bb3b61890f0b8bef9a87465cc7389b599ccb9c7e9bb133b7db375cb9f122b4bf83e2503b18a1bf608f78eb5d79d779cf80d5ba056bff229a20fb28c833cf40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7e63da334ac3ecc996005413a83bce0

SHA1
e0afed1048d69840406639ac494abef693b1caff

SHA256
22cee4a66f2b91211527eb14fedb305dca32e7044d53c2a88b0cf0b213024dca

SHA512
927d87182eaf216078b092d8798b2b580682457abfc4838557e15855ffca607af3c1d925a68b4a407c6a2ec054c63ecee6a005c110185c6fb761f19e8b8da014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c67262780aa223c9fdf087dba8778d0

SHA1
8eafa27010e10304c3c321007d2ed2feb8603581

SHA256
ffea81e6a58cbfb6df3cd9eb46aa612f3be83cac4932c35508c44b781b5a3ae9

SHA512
537a4e08207dbc519e27d775c05879190d576b863cf3c2c1e3c28d088f9d8615a5af18df81737103f7af22153d687e8422eee52ca5bdf3c7cc9c5a23583f0492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596bef.TMP

Filesize
874B

MD5
1b405d47f8eff82b939949a04b4394e8

SHA1
2014c2a475045f782aef61cbf169fd7fe0c668c9

SHA256
2a1895148e0afa716493ea2592ff1bec497e4286f0efc81f7c0bef2375847143

SHA512
51dfa0550975716a44c834755d20b80708cbc6e689b4e37f398d7f9465d5477c6299b85ff420c2a55a520bd4d747475895dc5127a96e2aa22f503e63846c4705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0fbfcd464f4c918d25f90b8886150a6

SHA1
52367d18da4d70e27c15a71041c86534de5c181e

SHA256
9e815c9b8476d429566319bd424c5b8d90300565a079892f8643d88f688f9af7

SHA512
9f5671ae2785cfb9990985eaac819fcdda52de462ae8af716fad5e96773df02d0e4c21dff10dc70d3a2d96ba3c0b69e87d435e712e8e4188da65451676c5dc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61d4e5848d79eca1046ad7c85dba3f40

SHA1
bb1621b2c8124bc361153125674bf0a647e85bc5

SHA256
9ef08570701e6911c91f944205840c56065e4eaaa10b9ab6a57ce35bc832fe78

SHA512
54de1c7e7dd2c329a565dead88814169a36613ccf87ad17d376eaf1c437522d49fa3c4c407f9ae6e4474e86345a8ba3668ea93ccea5c342fd569e11e419f488d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
813cf9d7e4f3f92bb26c5f47664c0aba

SHA1
72bf115e3d7083c9bcff8c54a23315b61b9b47eb

SHA256
2e8e88c46b2356fba5868e59c7e6eed1101c12d223b6463a117a96144a5ae5d3

SHA512
b1b426a824136364e854bafb431ba99da5b385b5e6217ec15f008b6614f6ee7b45957e58b4bc82bf5dd35e2cb5cd6cd0a550aae60be84de7fbdbe58c12ab0dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6cbbc4ce957c51294d8d67d2bbaa2d39

SHA1
449017075c810c27054c5f016a82c80672f52c7c

SHA256
ec92c6729536ac0592357ff52f833220740cb4e331ed2a7ea1d234a1581e2eb2

SHA512
fe5c35534a30c1e21f2b39d66dbb6a7402302b3b728c8a02c84b83a0c7b8abaaff096fc081a9dbc553046e015e2ecc3d218c3403db4e032ed05d7aa278277e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b20edb7a36a5a21353ca3de5b6a2157a

SHA1
b0aaa2129293713d4b3c27983219e4e2b7a922ab

SHA256
cba92abf01db913365955c91f0f3581660da731cd476e285652336efab353166

SHA512
86aef369e3474d3b7c53babce7359b325b3fe172a98c38cd0d4e7d5effc868860d830e1801574b7ed9074a5f11f416b6fba3b7df3abf15a61b01ccc974aae077

Download Submit
C:\Users\Admin\Downloads\Bromine.zip

Filesize
1.1MB

MD5
9eb092da74453fb30dd4baf25d038fc0

SHA1
c2eaab9115929f841f1c60a641a1987d04ada92e

SHA256
471ffe0849ddef6a32aa39d2f3045da9d4a28e27bedf5d0793008d633ee97983

SHA512
e3aba3d9aac0f872efb721adad85f8376e3b5039de4620e886e01a50d6f248d5fdb7b5b186eaa9142157b6da482779c983690a3467ecdee98fbf76ff809afd44

Download Submit
C:\Users\Admin\Downloads\Bromine.zip:Zone.Identifier

Filesize
204B

MD5
3f869685dcfaffb35b48d49e06f73351

SHA1
2e7a9404cb3a7627f6fe74f7dac00c17d3d99c66

SHA256
33d034e9232f766c779b9cd8eee7e12e9f16dcd53fa923094aee7a47ef377613

SHA512
8d9b11429e614de278f574f93df1600330bd295ef4f2f8db77a877d539b7ba4dd93d5ec2d34cfd2d3a269770547c13066b6316fae7d02e0f5e9667777f3d16db

Download Submit
C:\Users\Admin\Downloads\PankozaDestructive 2.0.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 973073.crdownload

Filesize
734KB

MD5
b172b2bcebd8e4797ceaf0503c5840ae

SHA1
ecaec7910a01b4a142741a0ff0d49c0a47acdfd1

SHA256
86b279800d7aa3025b59391f4f8bab2039c41258d0daf3d85365b0c3ddf05065

SHA512
f1e2a996be71155e1a101ad5e28c826ef61baaa4d5bb5a003b7038531e647d02438a4b82f67ab26d96c0b6af412b7e0b45b2568a8325beb1b90b81fb4266947a

Download Submit
memory/788-636-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-637-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-635-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-638-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-639-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-640-0x00007FFDEBCF0000-0x00007FFDEBD00000-memory.dmp

Filesize
64KB

Download
memory/788-641-0x00007FFDEBCF0000-0x00007FFDEBD00000-memory.dmp

Filesize
64KB

Download
memory/788-660-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-663-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-662-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/788-661-0x00007FFDEE890000-0x00007FFDEE8A0000-memory.dmp

Filesize
64KB

Download
memory/4584-631-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads