hxxps://newsheater[.]com

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://newsheater.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445635990694563"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
5428	chrome.exe
5428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2800	1112	chrome.exe	20
PID 1112 wrote to memory of 2800	1112	chrome.exe	20
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 656	1112	chrome.exe	88
PID 1112 wrote to memory of 4456	1112	chrome.exe	90
PID 1112 wrote to memory of 4456	1112	chrome.exe	90
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89
PID 1112 wrote to memory of 3388	1112	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://newsheater.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e43c9758,0x7ff9e43c9768,0x7ff9e43c9778
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:2
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5004 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5540 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5764 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2604 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4644 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=7160 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6704 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5956 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4628 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5756 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6012 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3960 --field-trial-handle=1856,i,15103644569636085348,14804477720600565433,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
96KB

MD5
3ebbbf3102b93b7a6eed971ff0c667ec

SHA1
e14207c89ab7c20b0c3ada481198d3d14c3584a2

SHA256
12e109fe7a7df2e7a7ed4f6dcf9e11901bbbef58add2b8f8e2a5e0210ab97417

SHA512
8c207d315d05832ee68f2b106329acf0fe08dd91daacd0c6d2d5861b310f5560183c6fad056e6011d8d8ee6447b6e61a0312b17bbfff10c54ee9dd87fe8c7574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
16096bd608b795c83e68b218000a22f8

SHA1
46ebd8282bbb771218e218e694c950e36905bfe0

SHA256
b3ed76123403768632534a2c8d930336fa8092e90d10befaae67ed969fe294a6

SHA512
c52601829dc4969a367297f3e0bcdae2b770f2a44fb40a33f1a577d4f6165a2e21c43451c2e80834149a670eec91c06f8e599bf11690a52523174f7325b90406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0a5e5a641f251e08ea17e625b9637451

SHA1
b1fb975a1db52ffcbf0141fd7fb4e82c4bf1b949

SHA256
4a7834676c974b73cd595933afe6e26129e8446b9498c00fa89e47535a1f4763

SHA512
75898500cbdb52fe926b8d8f43b23daf5b2a015b24ed418d0bfe0910d459a38755dddb364616c861f85485e87c023dc89e68fa7afa1e2ba3fd522c5c4028ea40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a569d79d44835e2f790b18d5acb83dc4

SHA1
c84e7bc473ef09caa58804789d1b6a3f28304c45

SHA256
ba7ba9e87f9fa7798ab62c59a499f9e16a5297ed8b13bb9ea5fff46930a692a6

SHA512
a2663b923ff7992876d097498ba0a3f03c49935dc7ca9d661a024186af2eaa7f1de8f276dba8a3cd33b88bc5da8c042e0ab958cfec344b195e3c405f77450fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
505486d4c730b91de8a7f7b7456e12fd

SHA1
520bec6c71de8c9ac8b94c498fba59aedbf7648f

SHA256
f735d85e93b2ca5d714fd035edf0dc8cf341f63d3614473741a96babf01b9012

SHA512
02674bfe6d2a483c4289bf517e306c9c32c94e49555e665b32d7627c89f8dba4a73101b42e4d4a226a55f52399dc8f6dce7691621efa1258426452496ce62d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
dc48000346844ac3d0b1c9b754d75bf6

SHA1
7a2026b53150d775ece61301e4a503bd1e8fd3e5

SHA256
66645489335a131138a0639e4c18a24666e47ef50f0f72587d70ceb4837d5f87

SHA512
1a9ea783c4bdedb6f2a80a56f8f2eb4cc8a6ef6c74db5f7e69b726d9a59b34569faaac06ae6ecf0f25c16f447ff0670da6548e030ac3878b53cd6fc5c484e4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab0b64649489990e4a7a6d125b06f206

SHA1
e119a739bd30646df7ae0130d9947f38bdaab006

SHA256
2bca843d519acfd0ec46f46aab56e143804011d834e554d99104167c19c93fed

SHA512
22af5dc727fa87e13c92df523de5b6b20214f02ae56ebf4b88aa2640191533fff7d88fb38a338276f27132564f8f4dc7074050ff6130f175ac023d46b68a8c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c6f79412de9d56024399a719194c97bf

SHA1
9105edc3baee1bec84468f28acf22b7cd5fad860

SHA256
8413bb760c197eaf800ed7e5e6b26b5bb2368eea6ce566284518bb5ca38ae295

SHA512
b493c64a5f19fccf2ff5266fa062910dbe2e57ebf61b1224bd827778d0daf58c20053591fd776965bd98a37d1e9d21c26d7b8090170dbe26ed9bd36c51cadfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c65324a06e9bdb9756c3345d8d361725

SHA1
92f3da9b648cedbdc70153cdeb8de43db4325c47

SHA256
9bcecebe3626250f8384cbf86870b44ff2017cfeb9d2dba273ee765ac370d7c2

SHA512
c48a3ec351f5530ce8a35059cb340acee3b7231c1319b38542066719c48ff01ca3cda1a73d4ba3eda3c1b7b82f59d5172a690d180ff11471e5009a62c2730b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4d13e97ac5b7b3adf7800edcad0aa062

SHA1
b5e16022cba0a8edf7439a148316a3780e134406

SHA256
47c90cda4b15833cffabe07fb452e0496a2d57a8fcaf6c3310340fa0939897f9

SHA512
6d4d7378deb1a254535d90030d01c420ea057f632bac8b34b4c284146c1669e37c594bf8cf64e4fe230c72fb1bed9309a1585786c23bc80d2745cfa44f8f45f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9583ddf5a605420696910073a790284c

SHA1
cc09f5eff299cd956d99e98b01c60fd209da6b3a

SHA256
c4e6ae727f312a09c54f096c072395d663b17d01cc631034e30aeb25d43054ca

SHA512
b861480f466ff40395640ba93a7c01f0c6a4e13b1984ce6144e3e896d00d33902e8d0c538ce0f292af79f7197accf82493378d80c810cb0f633b0ea233fac6ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ca7983ae67b1b2ba0df77c2ef3cbdcd

SHA1
25b76166003238737dbc3dee9a919e6fc16f05af

SHA256
2ec5000ac6f9dfa7fa396e91ab17c099b8c670c2a2b49d94079f232e4e804c13

SHA512
fcff72cb60d7b881505e4badc71a5ab12acec0ed42e68948010de17e585de153730a53f3f0023f96922e7933b47b0498da9e983530a68ed0fc8f5ad1052adc8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
87e2ff600d01cda4cd405f0aab7d081c

SHA1
235c1e0ab3a925b43140ba12299ef97110f8cc4e

SHA256
11fa2c7b4fa727e48657e2a94dc6d48610f95a8d63a8a5f2ace35ae7fab8870d

SHA512
f54dfa9c22c429d7e9580963fd7644a8f67d01b2ebd4fbf51e081d62b26080613956d67390bfbd05177883f2fc2afe19b2175e9e21cb10547fcae54bcecd21c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f98991c6ebca40d2052efc606e2673ca

SHA1
13e4aa46340c980276d6d95d778039764bb7302c

SHA256
08b0f0e92c997339366a0c557ab192125a9041b84c9c285f621dafe14b49ca10

SHA512
157e6c1d465d785284a1c387bc1ed93ff1f3872df6438264d14e1df84283cb04cc2ded90a1c4aebe24578f33a6ca9fc715831595c3f330e89ebad8d870cd1a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit