hxxps://github[.]com/pankoza2-pl/trichloromethane[.]exe-Malware

Analysis

max time kernel
149s
max time network
463s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/trichloromethane.exe-Malware

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3008	trichloromethane.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
75	raw.githubusercontent.com
76	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	trichloromethane.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559432520081598"	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5380	reg.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
2592	msedge.exe
2592	msedge.exe
1792	msedge.exe
1792	msedge.exe
5604	chrome.exe
5604	chrome.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3008	trichloromethane.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 228	3716	chrome.exe	86
PID 3716 wrote to memory of 228	3716	chrome.exe	86
PID 1792 wrote to memory of 4776	1792	msedge.exe	90
PID 1792 wrote to memory of 4776	1792	msedge.exe	90
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1636	3716	chrome.exe	91
PID 3716 wrote to memory of 1944	3716	chrome.exe	92
PID 3716 wrote to memory of 1944	3716	chrome.exe	92
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93
PID 3716 wrote to memory of 1940	3716	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/trichloromethane.exe-Malware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850f59758,0x7ff850f59768,0x7ff850f59778
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:2
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5376 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4568 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5632 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1880,i,3017537948715537462,15586615344449902554,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Users\Admin\Downloads\trichloromethane.exe
  "C:\Users\Admin\Downloads\trichloromethane.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:3008
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    PID:884
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
      4⤵
      Modifies registry key
      PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850e146f8,0x7ff850e14708,0x7ff850e14718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,14024620876480792065,6399137254672127948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:5700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x518
1⤵
PID:5140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
09dbf8b88c1bc1ecc076a8e61dfad3e4

SHA1
cd24c38abff44305de67740ddbf44030b7849f25

SHA256
169cd9408af80b96407ad7d5492c2b2501ce985d02e8416d274a632742eba64e

SHA512
099142d17bc2c061ea6e076403d7e02c83b3d61e52681105a9eba5fe7195d09d5a8b5f3c52085db18d5d2ba17b3803723b61d6bf4c6f843fa331f823b291a81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\77429170-d002-4cf3-9bd3-a3d93f842099.tmp

Filesize
1KB

MD5
58f2ab6b88e74b41766560c3b49500df

SHA1
ecc8b4427b5735c64100e9abd769e733a0dffb0d

SHA256
227a765c70fd00c8c7ac6f9bbea281bbdc745f8cd2b18a7425425e2f93fef3e1

SHA512
944422efecf510b0e1db07a53a31cfd86e97aad699b20b0f061a3a9fd50823c97fc3245df227f35cf19561ad56c5c31f7a7ad150143c09618d681b1b330747cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
11cbacac2891af770f691053760ca204

SHA1
7c7da1236795023809e26986a8f33c499e180e49

SHA256
a44a432755e5603e2405205f8e2e1138bb710a1db8db465bc5e8e5d73a0b81fe

SHA512
bdcaa39788d2161ef30c60b72419aac81ea9b2e049e13b5da2ae4441cdf5b733e7b33267dba74190f81e73712c66e51b73ceaff20c429e7313e49fff3673fca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94dbe52d4e456f1f07fa838c01bfdc29

SHA1
4f7bc710f5c566b88a5efff94008c0c282e391aa

SHA256
953b5ec026d1caab3706f20702d11c5b4b2e30a9af24c0201ce4cd5b341eac07

SHA512
2524f0d1537f5545b24e350a8d00093a62b59be87329835c48ecf0ca3c4316711b124fe5af439cca377cf3dc645f017473a76499f4ec09f42cd66bcf2840e86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52976574b808ee3f132b84347f4fdb0f

SHA1
2de99073b5146a3cca8b1033864c4991d1f13f68

SHA256
057187bc9010856966b8ca2cff359416e14cfe94fd69457ed09ca9683961c39a

SHA512
39ae402292a0d47e28396c570c4592844c8aa1503ce6b2eb353d5cb89566dd82b5a49d4da147354bd75276d39c0aeb0af26898fc47ef2ee5bdc85d54fca108eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9bff8bc7e118dd84e8b62defb6a6bb58

SHA1
44c7ef8562ad5891573e1bb60ddc2f6e71868d20

SHA256
ff55e29fcaa319e9db3545fab4aa8b6c7d9be939893d00defa1bf8ff42ffb6be

SHA512
90b384b5a87b7a840b41db78389edd9c590c395430bb19d5d38b3d3c725e2d9cb08e487154d037e0721e08dfb87d3f4510338353878cab57229e2a021ccb0260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43a9059dff5b4aaf604c55ebaa243e08

SHA1
ef0362bf92ca0b1ef97e754ef8585b6432b1befd

SHA256
ed9f29c6c937a889e7a0f88b8fcfb5e3c4e6be7273e7e399d1ed7af9c48379c7

SHA512
fb1c48d3d820c0a4169087306dd44c1ff09db6874b8655e12cf9153acb5d60fc3f5461b69be1eb1e036763ccbafceede2ed5b863774d3fa82dd2f48a3e22d106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eabac7646eafecae3abf82b9751f94b5

SHA1
a7da5137f92ee87f0004f1cbfb414d0bc173de99

SHA256
8f813062b70027730cdcafd95a57f5cbd5c93ed820c4d136eefa435b38196024

SHA512
cdf5fd24737abf9c5b3ac536420f0fc7293aae43903ced1fb4572f57c2c631b2d98532671c8a83219df6492adb81115152def0cdec007a927e6f6e1a79d86f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf03f395dd1c869d260c4a6da4e679f0

SHA1
3c2ef57bbf077dc64087b63e704d7dfa2d7808ca

SHA256
c6201906722b2c5084e09cf8b4fffd9d7b8848d720a7099c9b84ab7236d321db

SHA512
86893a08d9ad3893de08593a4054e05609facbb867158f107ac155afcfd918d114e59760baeb910df21f17dd4aa3a6e5dc82486072da2414b8ae13da29383aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3dcdb61236714db40aa5dda24146fd6a

SHA1
2e37df89aa8faf4d6eb6a97f4cee182d0e5695d0

SHA256
220ebb064c005eb1b109dcb4502baf5002ccbe776f7a9bb0cf710de345c1d1ac

SHA512
0851e9b51b7102dcc67e78b7a1fd49eb7c8410df53e0b9ad8a935cfcc4a3e449e691ddbae845ecc51d8243b109d48fb3c696aa06234a6bf7241b0da387ed7220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f71e1823e0e8dc5f51496e58b88cd14f

SHA1
744791d837a48690e5ee35b5dea75453da87f54e

SHA256
f16bb1e3a10b64447e0f57bd9280bd77f23cd72db9a420ed4e1663b2f3911218

SHA512
23d73fe0f029682e14bfe7ed41694945cccbd2dd5a2534ebfd21b0ab7aa9db7ea73b692da5433f9fe9e2c3fb262820c9d8e8334e1e0a50d1fdf66def044a11e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6623e328debda8667e874c993fa91cd1

SHA1
7ef5c6be7246f2737ccf3d02db0936c456d145d1

SHA256
40771502ccaaa2e467ecf3cbf8c865de0f25101e2e9cac478a8b31e953f261a4

SHA512
2356c821faa258935548aaa281807b062a6df677999bdaa9b08a1cc7eb01b7eaf21e9825e4021b171b9b16a6f0c825ea66e82be34c096cb368d721463701e8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
176a001a079b89b8f8b1c09fa69f4f08

SHA1
dba5ae3e686f7ce00427cbf8b01ad6f3a5af25ee

SHA256
d872dd0575da4c04c29a2d5adb35e7d7e1ddf0f2ef8b148a68f99f1595a85df7

SHA512
9e7d43764041e2f0c42741e7e4df4900ea9c85feb3ca6031e63216ed8a5a32e70dd04183a1098af863f1371ae2d2c3bf105f2ba3fd23a142b7302d4326408509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ca0d5ad2619b894ce687e3f53ec1ed43

SHA1
7e8ef6e2084e948995fd51574667e48ca440dd0c

SHA256
d7f4e5adb618bbd195ca97dd619591484175e71256a9d6ce45764a765ee3f57e

SHA512
f6c2705add2163b8126725b7e7a042bddf0d2a4b6e4f67f9e0b977d710a9128c7ff103a3fecc6787d7f34eacad0879c7bf6c71cd1d08986d6b6e888dd4635a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfe78b0876e80bfbb90985432bfb7cef

SHA1
2f767d2d601ddce25df457cdc14759446aab118b

SHA256
83bc909be1a764ac802ca60c2e670acf9ae2665326a6f4546e3eca310b0e90a3

SHA512
cbb799181df58dd05072dc9ac1d1924f4370d44990461009b691efbd5b7b36f6a35b0be45675893096d8b8f9c95c2e668e4b58ac6570fca1f1726ced2bf8252e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6ed046a78a7dfe251a0e9683a83c782

SHA1
76fb1a23afc94a69bc88f3d8137079cfcbccb05d

SHA256
a532754fd943f330b1ec3dd2c5f41b453b6e293d628474679ccc1fc984cee701

SHA512
124fba7d874822c1258d316834db476fb0f9873538e4238f2fd58770c4dce4a110e761cbecd98591a8bc38718b34adc9836704b145cf5921fcb8ce8925296ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f281643eeef539b4acca2d12d8c447fd

SHA1
f74aa66dccc49756c01108e7bcf30f2c1e5bff47

SHA256
68ba220764aaa48313465a485cb6c22e89037bca1ed9647ad056e87aec604ba3

SHA512
e22cf17b2abdbed0b22b3427518912635e4c675c6b12be2e764f106cb1eacdfd8498e0d4d48dbd4f234d7ac9a68c40ad77613c72339cc8d8fae5e10075ebd75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
626cc336a8aa077f36aaa8d4c9d913f6

SHA1
8f4d2a1b19bd069aeffce12449aa01140f781f0b

SHA256
9d2157fc69ed94a6ef8ebaadef48ba397c4320423e134859948f06ee265af946

SHA512
62b315026953b5caf588aa58cad1c59790f105933bc981aea90095a3ab76623e7829d2d4f0a05eb51f3c3871e1d98faa5f1850dcda5d4ae30cc6b391a1855fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7cac12f4b6f2b6deedd60732feb8fbb0

SHA1
fe61412bd80de638fd821a8cddf05c2cb5cac447

SHA256
3ccd5ccfc0f7de219b5e5eabd42eadde6548e8bf17f1f2d8f59a96b2c290b273

SHA512
9f8f05475632045679e12d22bc333d2a00d3cee3720f07dd083a2afab6b54cbd5015722ecf6f44388e59f2902fd6929cb60130e1bd4f2cbd0da8d2721228abd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2fd31364368e4089d588be21e9925be8

SHA1
e28918f6c9be3c28bc83beb2ad6b9ed6d8b95a6a

SHA256
e754af322ea86a64a2182a665c1cbc9056176e40274437fe9a836f1b4abd6b0f

SHA512
b495c416962b39d3c475a546dae1fb5785e76f4f88045cb396c8e614fc5f12e4e5984f8e53438b3d402f02e4130b95c47f62a65d07b2519c37aaeee2e08c9a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a24df436d8aeac05b08aff54491bf5c3

SHA1
ad1438cbd87f372f9b15de87e118e65e92b0d115

SHA256
5264752aadd755b8ca40975feba049b797772084000e24593b178eb113380c68

SHA512
a6881c9ff5213028a6fb59899f3778d626c5456b942a8f4df8b759a86ff742b47265d89ad1c5dc77fff2b3dea0c8e51c52782ff24f498a88d985215e3fc36768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ee4fa2214ab75e9e90876aaaa5785e0

SHA1
3daf740e56dacc630bafdf3019d60270279bd605

SHA256
95064f164722ae162f830a9a4eada03183611c789909f08028e5205f82c94336

SHA512
27ca9239217b20e7b6f9c8df5160644259290ceedb686f00ecdc403c56ed77d3d6578d5e4b18a9b8f2c955a6b4dec0127a9b0ce0cd63c28bdad16d378aa4be5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2ddc48be5e421bd5be30530f873076a4

SHA1
461cbc69c73e6cc8e779c2a04c63136f5558dda5

SHA256
bd80d7db2b1b9a23d6e96eb1c738472ae7d6276e8de0c90341982766f2530fa4

SHA512
b2c8e17383bf11cdbe280e37f2d8fc9a087329eec5f78be948cff5ee81b6dbd0e1727406d9084b6cc0e8610f7deccd60445a07ac5de1ff85dfa2063084bd4b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
afdbe34095fab2a033ac287956e4c1ce

SHA1
afe902cfbd8cb66f88cbd06bdc028608a9f0b03a

SHA256
24a8277dfaff2b7b46d050f8a14f6122448ee97db5350c5bc3e0e193cbd6478e

SHA512
e27103dbd1c34cc6240e615bd7f389b0ff32048c6f46fda9a5211cbcf2597a0391aa610fe0b4ee9abe1318e8e44f5dfe2d9c814690a6f7a5086af9c56bd90832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8004e602e5b46b37fcde5043b220b07

SHA1
4b507d257860c0dd4987f580c617462cdb2d0672

SHA256
a74e4866de67e08b725a7072530bf458dde894b1df95d51609cb04c75bb395a0

SHA512
0fd9637d1766ecac53358d034f24e5f2cbf15b5c4e0d9ed261605cc9f97526c6a5569f7a690a7192e1343bc68dbb86e2ca6929981428e3e815bf0a6851fbf638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e4e1b6171d3f84163db95a92c1449e0

SHA1
325e7736938ebc9803378389a15068e355145e0b

SHA256
c360dcb47422206482f5e149746d49ca8d9ada09e74414431615b40905ab5ab3

SHA512
78811753703af661049b790d551f962506decf807689ac7a5738fb9e1a9a564ed5dc1f2dde54897034b736e671e9805ce1ed64670e9eabc14fe80f1a13a34ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eaaa6c21fa12dc8b8d84fd5f83d71352

SHA1
78c102668eb47be61104c701af54d587b868793e

SHA256
17f8319e6ba7675a8a27576cc48e97ed50c40ceb282af2154f437f87597318aa

SHA512
690fc42cad682f5ca97e71c7ab0e21f287cffbf7f87cb45fa281ff23ed4c663a1cce92e216dc3399f216f8cbb8876117e7e19af6ec1bf1e232a5da5bbba64b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d440a0922d8f1c29f8458de57dffa91

SHA1
52fdead6b2309d493e8c2f13df7eef316f972dd9

SHA256
020d5392a168f4ff20f52d8f1b1bfedbcb2cce881a2b9f6a8e786f24fb3b0174

SHA512
d5808f3fd55d9190d535778b06dcdb4f8d691ebc17b42cbc8a54e9bb5578a9ca76f35b2217f905ab632a4f6bcf324d42483b62895225d0573b810607145d8821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acdad6934601be1365e8f6911e609955

SHA1
4f7e73a7695b681da6113866bab88e9e00c4a640

SHA256
02dda1a07547e8f58fa8bf2e43c8e0968790bddf96ff0455001c360fcf78ab1a

SHA512
5f182d1b7988a304bc8996b2a4c661342a332df0ea66312c45b23d761267632057f9c236551e4a8eb8dd13bba9e3457642401f4bcc5243b1147687f49225d335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
cb9a4002521114128573535f971bb792

SHA1
43adf212ccbdadb4aadcbcc9690fab39fd883c3e

SHA256
f0939e88216567f1b90b838f5a32e2d56bdfc27a738db1ef0aed5857d6d2b3e6

SHA512
4ffd27a1fb82ff59f3bd736a8d81b73e370534f2fb75d6e1a14cbb92610ad0dc6bfe3a7509e2e029e6b97967a4c06bfd9fe51898b026ddd75f2e7bf41cc557a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
a006e4ad5dc06672ec6e7c8fd2caf41d

SHA1
0bf17cdff6125df58eee8514231bc629b3867e3d

SHA256
f22ebb037ae11b8a44f09f1f93f2b6a031b11cee06703d0f4d391e08f3c78968

SHA512
c2f234a4d4f6de617aacd26049c654b664a5956f76c57536bfd3f1bf2f901fd8961217c5fa6a5e75b0995088f8fa38ef4cd10d16bd8a739d6c5f2f427a612b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
4f586d6616dac947de126fb13807f937

SHA1
8d491eba1987a817af0b25419af5a18d28e3f7cc

SHA256
cd9edac73f64920eb43502d87648ba60c350d9cf43cb616ca0d1e4c72993f45d

SHA512
c0bf6f014c2e85b671adb394dbb04488432cbe0c8319d97b0d789463d8e8465694c038fd5005bb9422fa97ac10c9dbbb282d1621d857fc904b1354883ed0a9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
c308a9ad2aa0a9093b504a1c651c148b

SHA1
ea4e4ce507fc03607debd46809d9380a84694860

SHA256
031485eb2012f1d9c7d58313582a886ba3a841a0c896b1bb1e7bce0a5f034b01

SHA512
2fa13168cbae9fed429975aae5cf1ba22bbc990e0acf0bda3cbb22572c8bba53080eae916489c1dc746d652ba406beb33511a09afaaa82c44d54e97598a54890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6fc466a92a94a61114045d9c95965cc

SHA1
0df96cd5130d519d92825b5bed2c0f7c2095ee71

SHA256
942e39718cf578ba9583125c86ae51116d2272c62dff7aa1abed966eaf3ec350

SHA512
dce751a1ede1903dbae5b9b388b2d96b7c08abd2aeb9abef07e08adf82dc1841dcee4c5b561985a829110a4a661f72181cea2bae085314d752d0c93fd5877d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b417561e8182c3c2cdf1f9cc79f40d39

SHA1
c4f9a72fe26adbe44cb889c6a2cdcf8a648d11cd

SHA256
e8d69060c6650f10a418d3be1d2319dda0787d651e4c9cd7d411f5b068153d1b

SHA512
0fedacd5ee54eff420ab8f783023f2c1800732eb44eb5c433d2c4d6aef643e57fb5a6f15bf51d592a31000cfdf07ddc6c136a8799c33b151f834b3b262c52041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6050bd0a50fda903cff0818cb76aa92

SHA1
6d5494ed68591e13ed5a39bdd1aec0acc0d9830b

SHA256
24312a3cc115afe90912014c62c42a71b8b5f5b4383dd32c0fe8d845fa343b39

SHA512
d98d49d844bd59da9b7edb1364ade2d86bb2bc27d7c7e11863ddf9bf47c5d41b9acdce8bded2c74cf7192bb9fafe9d17458509810feb051a33f8a825d06e46b2

Download Submit
C:\Users\Admin\Downloads\fallout-ce.ico

Filesize
118KB

MD5
fdae8a0fc0024083b4290f85dad94383

SHA1
1500b85fc8b7e4e40e683fcf6524562a503d55f6

SHA256
cca8a173ca633d5b2f75e0a301ba33c47b0c3924c8fb37c1108205e892f4d9ca

SHA512
e13c7c958bae2e7d80487319a14db9385f5e588f22226e78be1629426d733884784aa5dd64eb31b9bda3f7d51b0a06ee6d8ef74c3fa3d36a865ccd6fa4392b88

Download Submit
C:\Users\Admin\Downloads\trichloromethane.exe

Filesize
120KB

MD5
5e8ce90547acca8bd050fccb885558a2

SHA1
a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

SHA256
2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

SHA512
ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

Download Submit