hxxps://github[.]com/pankoza2-pl/trichloromethane[.]exe-Malware

Analysis

max time kernel
641s
max time network
967s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 03:40

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T03:57:13Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_8-dirty.qcow2\"}"

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/trichloromethane.exe-Malware

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

36 discord.com
48 discord.com
49 discord.com
114 discord.com
147 discord.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

trichloromethane.exe

description ioc process

File opened for modification \??\PhysicalDrive0 trichloromethane.exe

flow	ioc
36	discord.com
48	discord.com
49	discord.com
114	discord.com
147	discord.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	trichloromethane.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584900740567079"	chrome.exe

Modifies registry class 3 IoCs

Processes:

MiniSearchHost.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{3A5400D4-9BA8-4C10-9FB5-91EEBBF517D4}	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2556 reg.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\trichloromethane.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4228 chrome.exe
4228 chrome.exe
4528 chrome.exe
4528 chrome.exe
Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

672
672
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4228 chrome.exe
4228 chrome.exe
4228 chrome.exe
4228 chrome.exe
4228 chrome.exe

pid	process
2556	reg.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\trichloromethane.zip:Zone.Identifier	chrome.exe

pid	process
672
672

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

MiniSearchHost.exetrichloromethane.exe

pid process

1500 MiniSearchHost.exe
5080 trichloromethane.exe

pid	process
1500	MiniSearchHost.exe
5080	trichloromethane.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4228 wrote to memory of 900	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 900	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1928	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1548	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 1548	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe
PID 4228 wrote to memory of 2436	4228	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/trichloromethane.exe-Malware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb0b9ab58,0x7ffeb0b9ab68,0x7ffeb0b9ab78
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:2
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:1
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:1
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:3576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2216 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:1
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4968 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4912 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:1
2⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4700 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:1
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,3021930335545409990,16510657590656306215,131072 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
PID:648

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:484

C:\Users\Admin\Downloads\trichloromethane\trichloromethane.exe
"C:\Users\Admin\Downloads\trichloromethane\trichloromethane.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5080

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
2⤵
PID:4872

C:\Windows\SysWOW64\reg.exe
REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
3⤵
- Modifies registry key
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\63006e09-dccb-4c96-a6d2-240a7edd0642.tmp

Filesize
93KB

MD5
0bbe597097b8e0d7650141ab5c1b4dca

SHA1
e6d6c08017e2a3702375a737ba882414083f23ec

SHA256
051c03f4213c95440f75dfff77e78ce26554e2e6c944f688e0955e9c7cdbdabf

SHA512
d311a916e930df0f37451b766a3009de918a2b5d7c752d4e3f89a52212fb1894dd677693fb8a19cbbe59b4c1845fd24583f9fbe5085f88e546dc6f63fae13e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
29KB

MD5
f94f670f4f78972969342f8a52fa0424

SHA1
f907b2dc132f8110e04130ba736272762ec39760

SHA256
eea7d75d9827b7d6f610143d3cbfc7e1c83da9324a82811692d9a7223771248f

SHA512
b038fe9cfe7a5bb571115065a280aa21d6ac16f424e692bcf93808db28a047e3d555ab30da4af4130658f8233b5576069a985669e05734ffda7f408f356d5b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
106KB

MD5
c32068cc5af65c3041ba5d1169c21877

SHA1
4916b1ecb06fc8dae881723edce23c15f992c425

SHA256
d2236b94ac1e28588be6609b6320fd429146a70e97f37e2a4d70410cb15990ff

SHA512
f6ee1f788ea0ab74538c9661df557b9f1f81465f098a9021d73703a7fb5fa81e849b89ce6a4af8377972b3a39179860483eed32cf7277c414aa96b48344ce3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
17KB

MD5
dd920c06a01e5bb8b09678581e29d56f

SHA1
aaa4a71151f55534d815bebc937ff64915ad9974

SHA256
31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b

SHA512
859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
1.1MB

MD5
13a6070c97fb5d89e985335be897d7f7

SHA1
f2491c79cf438f9d7b9c5e009f3f77ae5c5db535

SHA256
f092c109fadbd6fcffe08f0144650f26190f3d13a180de173e68ea334976eb7f

SHA512
4099db8431da2e1a4f2900c6a4dc65b35f37d26c80f64e639ddae4330437bc606099678e124e6f54bfdb6463fd95f99dcdb9e10b9196f9961a6375e61c2f1dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
53KB

MD5
40d402fb2756fcf851dfdfc5a592ab3e

SHA1
1d66ee116278f23f5f4fc1d51d2ec5ae645d44b7

SHA256
2cb4f74f2e7b2bc38b5cc2b7dbdeff7e9f3751459781c3b92a409fd2f906786a

SHA512
e091bca1030ee9397e42d52c9dd10c21b972b5c952a22c2ab3478673e8eee3fb765e3ae6ed780c1ce413e27a0a9149e36449c86281f20355dfdc2f41f627895f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
608KB

MD5
84b2279093e25add571d273fa4eaddae

SHA1
d88eaed186e26edd79f85e65cac1fc1a58b08e7e

SHA256
31fe6e737fc1773afa379d0933c4d7fd53bb0222c418c450c845fc8a272f2664

SHA512
8142bfd85d0971ba227bb757352ec0db952c9d53055f7acc35577d2f52bfcf6a93eaf971a84a258f82f11615cbaad9b9ebe1db9bb0c05425a4fe84d470873d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
46KB

MD5
5dd43c946894005258d85770f0d10cff

SHA1
21ec03ab6ac7e4a676c30df88d5b59589df84f2e

SHA256
d30746caf3e4675ae0d822d51461a9ad24832afa1e20179c3c2fc7b50b911a26

SHA512
f7cadef75bafb2358ab575d032f65e0534c284e5ad3b243ec03660d332b2149c6c6e4750d82afb81ab1b5529be23c3164df0621315431201f7f47474bf5fb8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
65KB

MD5
5827bbf9a67c61cbb0e02ffbf434b654

SHA1
c7074de3fe1acf17598f4facfeeac57b9d3fe5fe

SHA256
3b51208e7559fc5b16a297cd8d882648fa7534adf706dfbd529c39266d132213

SHA512
6a42b46da52b34a19ae32c6509ddd53deb6fbf7a101729a4eb5c7e328708e3514d3b2a9997e5a723642a88cd4c3f7c11e94c4be38d494c47b79d48e400fe5577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
2485720274ade65749dc0caf9f878c88

SHA1
4ea49088d18eeb7dafcd6f83d0686f34f54dd7a0

SHA256
fb00a42cec09e82882ba0ca4599e07df5eec65e106668ff0420b95c344ebfd3c

SHA512
c374536699a2c2f62a510a0581aebef0272b6dce1ba3e72eb417a97e763e1996bd7143d0c5453a30c2f4203303fa8a87023d339db0bd1b647b839e8b2e726178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
632fdc90d9c02ebde9220c93be3d6380

SHA1
caf95c1f5822f99011f34e7697fb26f570fa9bcb

SHA256
d1629ce2d3c3940508ee39af6a49f828d9ac7ff97490f8cd1428b0f805000c76

SHA512
c6284396f132fa7d5173cb61f4e0fd779ca915c00b509603b6f4bf7727c8200ee1b38ce5b4191a4669ac9336e70141cea368c313263666b161d189643538340c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2ccfd1b511fcec32f1e0b1b022c55e31

SHA1
147b8057e15bd90401f95b6c37e941030ce0c839

SHA256
e8c231707853b2e1e0bb192506e2b85edc09409eb42f18a0d571429cb4743c67

SHA512
9dc18e59ecb43c607b10a49ad75ca8ab873a5f44361dace74ccf971cce40971eb62d641a176e3ca824b49a431e609bcb4da21b877262d9e2525e10ffd603327e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4691ad86349a34c5cadab2e337ecd39c

SHA1
ec4d21b45bd7b5f86cfae48a7da09515d58af164

SHA256
1b6d89465b0a0e9872b71ae2c8259b5f4361dc04b4d1296fdb9cbe961b950759

SHA512
7b4d9c7ecf816c5195ef66c67c1fcad203adcc08a75dc7151a75e1edbebe0f7bd52c69708a80413ae8fe3841083cf242bc2e58bb770d1b263a4496c670f12301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
60b3e03c1369ed8711f1656b2740e368

SHA1
5379a49eaba0f4b3c6eba05c83eb7ef181e9b7df

SHA256
9c21d996bb2178483ab59037ff9787665a0e6e81a2d2670bbcd05407abf57f97

SHA512
7707ee188981a0ddaac1b8983d8df02b53ceb144f38da86ce04bcdaaea643932c542549f886ef630f84b832920367a70a25d81c8da5992c789ec38658902a4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6a7eac919e0fcea6cbf7d48de8e7cfd

SHA1
529caf94dee98371fe60b5dd64d6fe5ea71a9606

SHA256
31068b14e3300648b3c9a73b36784abaa9b29b96948fa88f3d021a029446edc7

SHA512
023344fd41ae9823cb49be1ab4496e23d9a449b18842f40a70e220526c8cdcfe06d58a114bfcddfb675185b6332afdc35bbd25ad57b6e7f69e23672151da2369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
412f657b9ebddf910db5b1e396c08dd8

SHA1
41efa74e4f2494a2d6ca9b3997eb4a4953991d5d

SHA256
9ffcfa6b2a4bc120bd00dfc174c7e4b7be07188d06a3bc4bee917310877a49f1

SHA512
f40737037d5f93051c891ba3aaef82d7d87801f5dbfc98e0009369d0d6b110864909419edb22540097c15d467bb6e479bf4edaffaf8dc08ab90f0964314a92da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6b1130afe2811ffe0954566b4f77b459

SHA1
e0f3e4c23d7a468375d3b4c71d9b95a1e2ddd7b8

SHA256
59ce48907815ab09441ac2999bbf796170973e7b227aad4bed515214415e73ff

SHA512
d13bbf3734b7640124469085983e953344ce692321c3e54d87217970c4e354bcf1156e678aea5646465d8a608662fe2a288840a76643224256bc98f1f6c552db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
101a951ddd799d20bf4fec5318de8db4

SHA1
a2c0080fc445fcda2a257c14c1a56afbbc01fde2

SHA256
45ac9b7352919960008a5d3551d3da9e6781a743edc758f41424e5fe1deec1fe

SHA512
3c0146fd01262270e97313ea45b7e04f25a33e872d83644c92a1353732756bbb5c5c0078f7531ea5aaa03d6a062f7350ae1ab6a11155b9d70c0543fad56467df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cdac7576e0790b699f95f9689dab40e4

SHA1
bac29eb07337416a46c299235daf32e542eb4079

SHA256
6f1c7d29a2d1863e7d33424a7e51e3a57186e8aa8c8649fbdae935c4f4e6951a

SHA512
15c6bb30a6841bd0469439bf95dd2374aabce611ad3bd14978678bca9846b753f2164b8e80a42251efce9807995702b2ce7b44f2ee111806fb30008594ab3ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
45e720472df3405ce871a4027793dafd

SHA1
1cc1de1d569cf4abc273f5f9e8f3569d1cbe1845

SHA256
3b8169410be3c5d1c860fc3018faff543f6e773137d006717cc0efc5d416e0f1

SHA512
9baf036e805ba551532088b8e0f8418876b7412ff7a50e7b8e8b5ce743cd85b2662662f8d23d7b53fc30528c8fc8b04fb57992eca2e56a54b45d1db7605d7d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
30cf89b57c39f8090aa7999325c445df

SHA1
8dd92a42603904806fd4c7fc4ee693077fde4a60

SHA256
6d1a65112cbb90ec886117076d29f83e466e4c0c7a3698f90801a3c8c388394b

SHA512
c0ebb79bbfb4f34db467560c5176c53117374be85576f2d84aa9e23769ff6d82d8ea6725f683587cc3dcde9ba4705679c0f8f01dd804e357ae25f8307aaaa9b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
aa714de265b845ea0fba12bda8d58f83

SHA1
b5b0ee1af1f5b1d39b2bc83e77b7a43e58b55920

SHA256
6c90d612d200a739d246ee9617d3e463513cbef74a4df6131e11138c976b02a4

SHA512
70fc63ec28c5c4745886557d448f41fd2b9f6ead3d9136c98e02f4b547adcc5ca6c7cc996844cb76f5a0759b5d82979c6127369c6cb727948368c1950767c606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
58a7aafd3d2ed9beac0c9fadd4fedfce

SHA1
9bb8559dcf1edbcf6c8b696d997c92b3447c5386

SHA256
bd340758140580fa499d611d6ac241197b4bb536dc5b819136c3d90d7de14fb1

SHA512
39cbbffaac0aef78378524f6cae383d4dbaf723da76bc0d8862fac9a646f6e97a2632b4688a4dc45f33ac6db32b31e5f5d7bb55438e43df4b032f530854ddd6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5358b66e12579bdfd36f92b5bcbfa677

SHA1
e1d9195fe046026cd664ad46e2e4dc752abcc4cf

SHA256
9b2c68b2c5441b60ff2fa393a82decdc97235c205f2c463f6f81849b4f9e29ca

SHA512
77efd2be57dcd490b051825f5c4dd196387eb6d41189a17b16d776544e6fcdaac935e6ecc4f63e0e48344f6699c4c260ee7b8f36a6a096442cae848c3df87647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e30b43f2777dc3103b2ffe5897235c37

SHA1
139d16019b8f268221bf757cbc76d7901c0790fb

SHA256
768c7ef1408561fb160a9cec7ce0725c53f4779be7af063a461218bbdbbf5800

SHA512
7a7a9f00c8b281a48ca6cbdb1a72a109d7d851def5ecf8e1c318ae234179072d5f4bfbe3d9253b6b92ad6dcff25ceec41ae12196261c56880f5cb499b7b57dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
11feb4c219d7471e3f2bb4bb705f4086

SHA1
81e6703a97e11ba4a77275b22362e67635ccfbda

SHA256
a483de498ce347e39510b0b8f665229744453909a959b5750cd8e02bbd09ab7c

SHA512
fd353dd7abbcffc3f67c188079f515cd76cb880782438a2bbe828eff6ec7ebeabb9a7014e14d0ba251b51f27b9799ace9d9d9af803fb9471565f73284b92efca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d79b4f45ad6aeffa7b011e5f15d3518e

SHA1
557544d24e9136f49faa8dc04d36922ee49c909d

SHA256
9b3c859dc6daca95cbc673fb4f7c8218e7c14474dd199e27a9b5e409cdca5f29

SHA512
644f71caac3fe07b0680ec1bb5bafa8f17fd9c19c99c0dbaad6feef3579c94f049ecbb055fcd89648f721aa68df276816c567f2cfc33da0b5a525d04e682bd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
78e9a510e0ada218a9521dba3e98b301

SHA1
f1d79c335fbfe51849b5276ea9972abdf8e9e520

SHA256
f174de04eeedc5dea1146c976c7556022472a8572c9fd4ddf712f20f8e95443d

SHA512
a721d5e63a271bb6dc621e281ab797f7c3d18da65ff24ca827d7e5a162f51b234c5517407fe29f8733715d69f4227d727da6a09fd092b52b49e0c78de873bcbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55e849a834d4669806b792c57d247280

SHA1
2e7a1e7919cf8c3e8f91ba38ea68a3af1e1cf0ef

SHA256
59ce8153cf79fe702de56cd1cd0ef2d7c0c9f87e108ee1444be56d48a7f83432

SHA512
da71c09d09380cae67b1c49b4b620103ea886ed3f1cd3b0e7cda967592d65e4e055e7aacbd7bcbb6f5490ab101db0d5cfe729da16298ef7645a80dd5ddaee893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7e37ae2a32fbc351c9cf21efced6a81f

SHA1
da986affe0e5940b0613c1544ef62a91a37bf1c3

SHA256
787632f1c26aeb3c8d62d41d08490afe8e0de1cf2b47d06e84cd9f475a381f75

SHA512
1068cdef91471cab6249f8013c61ffa509cf35ebc0ab6d727881072e52c3dc306bb3d7be2d8d8bf70c56d73daeacee4be1b2355e91f82da9b7cefe11184641af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
877267ae18d97c396073a2b08dd6eae2

SHA1
f9a3ca65ed4d3660b01ae8d23a7bc27fee76c9db

SHA256
9c1864f6f9f238b62b12454eec7f51488786508084482dfc7b835aebbe3bed16

SHA512
3ce37d311cf5bb3741cd1daca93c9e194d678dcd15de9d5c82bc68753c3a9e2cd64654c35c34f4e3451b8d19ba0e593d8c838c1b177272366c4be5fd8fbbf99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
63110e73d0e85ce5a722aaa34cf2866a

SHA1
5bddda0fae6a0d83f57e2cdad490e7b17ab9f75d

SHA256
9c466a820c6cdf5e66578a7ae0971d6b25e18746d4cf5b5f2f88768ce5db4a2e

SHA512
a186469156f97d4e5f1b6820152827edf5490ca7fe494c7686665ea3a0ddb00128453f9f956bb04d2008d2e00b114f3d85afb6eef6fd67c93fbe8ca075e7e98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a25dcba8594ed919e5222448be37ea3b

SHA1
578b03be975386b49ea99eba7a370c74b0570b48

SHA256
044af61526ed9acaafdf4b8cae56fb72426c229fa5b4a71574f9c9677d20ecc4

SHA512
97e03493f9a32c6e3ad6354f0bd9886e9a43aac7e7b9419dddc9622d8e8951e1957539e670f3d27515ba412a8472b84013aad836ede1e2f759f73c71dc813efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7fba2e1a34b82986d17cb7a7ff6d4b06

SHA1
f50584ef9885b6410626438a70bf97188886cdec

SHA256
721280be4be1ede3ea46fd9e09940b8c064e0f49546896e26036cb16301f92f4

SHA512
8e9a8309a913051861b6eb758de412c69126fa6907f77affd524aaba48ed8b42f59453d0ee77320f689324c6450e6d97d0933cd945bab61ba7237b699c0825e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ae5e42a47610d56d192e9e9434f53f14

SHA1
dff32288646c341624e08a17fdebfdc7fd2deeb9

SHA256
b2b9e3f40baba8c71b42ab4c916805f1491d67e567ea005b74ec0d9468a4f735

SHA512
9ea4a1513ee2c119d4ffbd7dadc8f0b29b6f845bafdb04f06a74287b3e23f682faf60f00ba69d6a4d14ca4e28f0f27c80a857f5676f7efcb11830840506a519d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f86f3559e5e3078b80e20392cf953d57

SHA1
0dbe1d0e80c65512525815f666c57dce8f1f8b15

SHA256
2691aae4916c41fc38c5a5619c9d6e5bceffc9579ddf21a90679776c477003e2

SHA512
6217271a00c2dbd551f55f402e96249987b1b1770cce23cc52b6adeca72d458cadbe4e4c88d65ff47a5418041d0833ba470075cad2a5f9f86fa115f9c8bbf173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4410197bb89ae534074bcfeec5625ab9

SHA1
2b805150c98cf537b2edd32d4d8423d6eb5bb2a1

SHA256
dd30f06c4cc13d8c470b851fe099e1c3620d50eab24492203cce5fa4b9bf26db

SHA512
25e812059c50a684123f522f10d819d77a14342978a882c2525585fbf749085a3beb70d768beee56adb2457b6cd7af356e652677355a1eef5a1d87598306a105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9f3103b2658447f071ae7e7e6c405f5

SHA1
61b506a4d4c486e5fbe4bba39a4c2cc91479beb9

SHA256
3412aa4bd0c5839a3bf3f3dbd6a713d885ae0b17e4e60a1b368ea7a156648182

SHA512
8146949640225ed2d5e28c0074d81b2f8267ee2b168657aef99b5a66678ad508be557dd7c22e34a42f65a09112e663d34b9386ca7ab60683c1ffb8a7f7e36adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
86c1b3367a8c387771bb723ae8ec141a

SHA1
7c56c55877d503ce8a33f677b52f5e3159f00a0b

SHA256
711302dfa9b71658f8c32672a297dc566fae3ec58b73c60e17a37e37eed91b17

SHA512
f7651d0f04c6a7c53b30fbb3f4e904b933839e86a9290c2ea37a7c62b52ae75ae756873b9111dd8476c2d3ef4ba0bff9cc2d32a9cb563a4672f0fe2b4e14c4f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
41109ae7c00c4146323584c416a27327

SHA1
fcddd54804510951a91c9664749d92330e1afca0

SHA256
e69e6701d8891606161badd883fe5fab2fc341c6ca10af9ac2e61cd9ed7b0f3b

SHA512
9aed7071bebc88f8bdec712ccd249efd9be91fe0728da3b240c89479162aa4fc772d215ef40522d594b0e76a252d45b42c0290abd4f8a00d7336ff3826a644f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
805775db69d7324250893afe3f5fdac5

SHA1
71cdcc62ccdd0c5394efd3ce423ca27a1b106ee6

SHA256
3b0878a75951bf515eada1243b5531ac1e7bca693c653bbb868a45c944a88fda

SHA512
6ee2633ad674b01cbbf2802ff1e28b3ae8c666180b15c1d8886451381b7dcde8b128419d8120eae7d8ce04f7d44cc666dcdba27b379ca8d09baa0361d1f02807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d59b4d53c88817a767ff609267b88a3f

SHA1
b649d3f7afa013e111e6278cc19cdbd529f98b06

SHA256
c7ec0ddee298873533b760d3de9d3a54742834bb040c738108bfd9b1ebc53d97

SHA512
533e6c562e749bac3ade3281f30c9e5c4cfa96d749d511eeae7d380af3a27235d53bee7495ff5d7cca200197abb98ff1104fe2cf27ab1098e196001bb286ab53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b26264bb25154e6a1c03a586cb8cad9d

SHA1
a115ec9b91f6ca6a2e9a3748e2a03408bfc82490

SHA256
a201bf5860a67093741b79a7025b00b08d033fd7996a5e1f680e695a3145f709

SHA512
92fa569c603ff09221899cdfb297011b748a9c274718dcdd18419f0a1fa04220dd3755470380b81c35194102d2ad3bf98c50c57201dc23204e26bd1f6c5d5238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ec168b2befaef18519fe2454a94e2f6f

SHA1
e579b70ab6394b975d04cad2eca326439e7daafd

SHA256
11d634ccad5b1a690f79a02ce3ed7c3defec64e379484dc65c4607916e4beb6f

SHA512
de40acd03d36589ebdbaa584c11e33ad5e959534fa48ae58ac301cc746539010c22ed0c5aa99055e24122cebec187192cf4a84c6acbdf9f892189ae7b98a975d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fb871219d580bb7a3ed5cf431a6388f9

SHA1
d1fffea62bc4c4e4ef95450d26050d3b5140fd3b

SHA256
b20d070de0d414c818345d91d17f6bc66ddf6ad313dfaf175c5b4a45669cedcf

SHA512
d53c9b76dbb77a9becac00ec897c667c38451b50a4d4164ba55cc47f4528ba8aa75a41f409ce7d3936045bdee47f9377a1bf0d72328db2fdf28fe633589e1d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
de3c3b78ebd43479e22b9e746dca0b89

SHA1
ab2c434e8c094a4fa54b2ad4542c3b27a8c68197

SHA256
ac9485b2e102547c05b86a33ee97ef20384ef909caf5bc4063ad5bde897b2313

SHA512
36b4f6edbe603f37fc685e83ccaf79ffc70d391af7456197e467848d2d08c2d2030585c6df8d16c487af7b6ce6dc1269e4afd20e71364505bd07679bec5c72a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
88d54719e93352e21a7854d40582c045

SHA1
2ab15116f96c8a248e4993f0fa06a23b75b8ede7

SHA256
c4cf567e4d8ce85abeca2b1b0db55b14170e56d26015e61790e7fbdb2a8fa41f

SHA512
dd1af9b46e90b7d532acde9886c41a151d1388c6db50931d419255321fe7c7c8071aa4da920608df10ce3e8f4edcb63fc9db3ab7176c7c132979f6e6acdba71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c1cf6ae9e2cf85a169c2a00dbe118084

SHA1
022ee0bc3c2c1c8d056a19dc4888d4505a77d6a6

SHA256
88b247ee2914600aa25b41dfd503c9294ecfd00ae7d18b8e157870b1bcc9ade3

SHA512
13ebb60c53f5d4a9448ae26a735deca41db35fce0bbf5f5fd2911185ec594da6cb49dd83be7946f0787614aaa00dcd275097acf7a15181d60f2a645ef50e900e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1583a29489e04cbc77dafd76aa79ae5d

SHA1
c4d2754a1dd38593ccaa31b3212357f49f853ac5

SHA256
b5f7c81c098e8599724829e9ecd80966a43fe9352cd8c54bff8a079d4a774bcd

SHA512
4ab26a452f4cf9d47fb2e4a9e9c68597d5b619e6c2a1078b4b980a4fdf2004649330d817da2ea09fc1ba38a291cdfadcc93d7d823037ceca4633dfdbed7a68bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8838550223f6efc32b5c44f442ae9a9f

SHA1
0f7b2e12919b91add5207f8909fefab1dc12eb0a

SHA256
dfbe2e36feff314e4b2ec5a32035889b4f0c60cedac982dd8f20db198bbb8f4f

SHA512
34a8e4fb878494c3d040b010eadb2c6184daf5c4bc398708b5495baaf22a9867d42dcdaf86ec94bafe3acaf7311277477059005561a24df31f171bc7e7319827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
13667e90f5ec3711f9e04afd4f325d68

SHA1
c5e6dd7ad2b6825db4a87d3c6917324bed6c2640

SHA256
8d6bacde430b9d53880c6cc2346b7314458efbb1f6108762d80b9a77bc251cc3

SHA512
facb215fdc512c0f72a7d4adda4d46d4156de271fb2324a825d8142d2830a7d3d65423e16231f0004014b836e971f31ec5f540f6ffb998465e5f62b5700ef047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
48dda7751b66bf05c8c4d0a26d792458

SHA1
3c27577e5c420983554b419bdd6d37373bb84087

SHA256
cc99b84abe1aeb46b0ff47a38c907943188dd43ae7a6797404215913b54e4efd

SHA512
5b32cf45537257c07189e810c5937cf27a1f40b3a1b6831e4bfecb3c25710e59405f5c9a795b4b13723aad3c99ffa82673a1818c693a9a3f8eef3fec0ba6cba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3ba97d00da4b542ba96e4e7e0b1471ba

SHA1
3a313605b6032e5e6ab1252bb68ad88cb72a376b

SHA256
18319e7fc7ea03a5c648c6dbb9116794808d2e440e0059579b55d98ad9a7b904

SHA512
f36fe739bbe35e1263bd66f2bbd1f91feacb37ffe89a6fd57fcb502298f37aec21a9020b06cba351e4e348948ad24b0205449fe4cf6d88a0fd734ac50f9d0562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2f8c71ec6e63c995b029fc5275d3f58a

SHA1
07c8540517a77b43ee740adf715d514761e529b4

SHA256
5ceb9873d9bfb677455a3ab639adc424b9dcaf08dfbdf96943109e2c26504b21

SHA512
31fbb5e65ffb4784824cba82d9854e3534e8921518015ff166564933a7f21dd6d7e01d83b6830820fa6b3f7ef4d006c5ff9a0dbb26fe8580312bd4030f0bb869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
be7caae76a94bac57f94cddf06b902b2

SHA1
c8abdb9f077ce8f6fe203f2f18f2a3862b8dcc4a

SHA256
0cc319e7669f17beebd6c24ad5a4b8d868bbbd82e699d2004d7b073876d4f257

SHA512
45fad5c39ed0d2e1a7bdbd06be0a95a22388361893bbd72ccd7059b63824024dea9bd16b96f8ed80cd0af89a152219788264adc5de2ab969143de1ead39add09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
a41488058dc30f36037c394ec465bb00

SHA1
eb62a32192962ecca9e1a66bdf35fc27b1020c68

SHA256
1b1ee02a9870bbd06295a89536a97116f013f5dc26066e793be7dce30573c4ce

SHA512
dae0a07caa7156395e75dc0435f3ca3e20824717a51e78dcc42532737028f968676bbdf7bc8c45fb9186b86b16a2717bbeea26d9b2a3f9252a9b927968799650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
becbff273cdafd390bb6a11723f662b4

SHA1
9fca6382a2b058f1026686547abd62793fc6729f

SHA256
4c7f32f2539b6263b99c2b3d4084a7635d12a9987b10750f3c29a70980fbe791

SHA512
3368ebbd19ed5382a13f62bae030ef1eea7d27ffd4f666959ca17af8cabb99b6d7e5fd1edcff5338720a6dba362f6730f89d87877cc4a733fc18daa4b45bfddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
eee07927ba5055a8e7a35f9d17f120bf

SHA1
a04aafbe15e9c40607ce06aa86e0951866d090df

SHA256
05a86f6eba5aefc1503f11a36817935854d7ed3924709db591a799d716e9a113

SHA512
3e6bba02d8e85a70749b757135a15cb0cf2db469eeeee759db4803596480fb1a86ea18a9268c14c6f995435e10d3917cc389a3ffa1791a11451a94c3ff98c8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
0f1bcb7d2d90b60829e231098719a9c5

SHA1
752064e022909798be7a7711d8f4cdeafb1498cf

SHA256
815c68e069d00b7165e9bcbeaa60fd74a97a5ba5c19d9e5e4b8acfc7477484fd

SHA512
1b0bb463ced82cf6faedfbe6a832be18d32a3c94346cd73134da17f12c3d71c3df844ca448239f1d94b48e4fd224523a3996f074878b555065e7d458de47a71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f7be.TMP

Filesize
83KB

MD5
a8cb4c0e7e7c0ff5c23a9a937ae774df

SHA1
e77aa25a1fdb942edd002088e16d9fba7894704c

SHA256
5a0dd987e1ae5b7ff6f638540fabeafbe36551f6e252ab6f03f3bb12dc87645a

SHA512
42cde92834aadef6b7ef313ada4ff755aa0534d3ede0aec575a5105860981f701fef18f3c72b5bf96e43a92be9f52f8336a2bf3255813ee6ddc8e584480568dd

Download Submit
C:\Users\Admin\Downloads\trichloromethane.zip

Filesize
104KB

MD5
2edc3e912f5586761f10022adb9e11e1

SHA1
d112c7c9eea191a74171857506a851d6f12cb7f5

SHA256
d163f4cf4abd7933bc09af260e30890c36267048fcf9faa848203304f5d90fbc

SHA512
0607c7144cad30f104a6f25845f32cb61e3bf529048fca03339149b9610cc011e2a384d57dd9927b8d048e563ec6fac5773347e33612c5bef505205222e2dec0

Download Submit
C:\Users\Admin\Downloads\trichloromethane.zip:Zone.Identifier

Filesize
679B

MD5
0c2214c0d56e3d4bcf0ae61aa869f6d6

SHA1
43b3cbbc81ae5cee31d76f65787c2ee7e47ca344

SHA256
e8e8a9a0892ae04edbcb3167d5f4d5083c92b9d1e88c8006df18e91161172129

SHA512
afa3e1deef55a77f740b233efca02f8b1e76e171744b939fd2c5c9a5537d2bbc244274cce41cb2760a7bbd1c4ac23ca85818af4762cd21bdf232f381fa6d4014

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads