hxxps://hianimez[.]to/

Analysis

max time kernel
30s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hianimez.to/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133890984313127249"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5572	chrome.exe
5572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: 33	5776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5776	AUDIODG.EXE
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe
Token: SeShutdownPrivilege	5572	chrome.exe
Token: SeCreatePagefilePrivilege	5572	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe
5572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5572 wrote to memory of 3344	5572	chrome.exe	87
PID 5572 wrote to memory of 3344	5572	chrome.exe	87
PID 5572 wrote to memory of 208	5572	chrome.exe	88
PID 5572 wrote to memory of 208	5572	chrome.exe	88
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 232	5572	chrome.exe	89
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90
PID 5572 wrote to memory of 2604	5572	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hianimez.to/
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff96672dcf8,0x7ff96672dd04,0x7ff96672dd10
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1528,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2136,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4280 /prefetch:2
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5436,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5592,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5488,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5484,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5748,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5888,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3424,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3452,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6464,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6440,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6368,i,12942682965120207151,8475162378413478173,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:6060

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5776

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
14338e47e3dc7fb65aae536108c112df

SHA1
cdd608f7e0a1f705b5ca9df61e0b73330be23788

SHA256
70f6457d6298680c0017b0860b95548f43afcc3cbfcef6365cf67cc9c1218f0c

SHA512
a5db8def86db3119ae42a0c88fadab1ef237c74b164e6e35877ad93ccc216ebc8ddbe77df7b23f03ca5b5763b270620b478f5dbbcacc9c212cb384495d71e436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
27KB

MD5
a23d959420a7c744fbe933206a430c21

SHA1
d6889af9be8dffd896d5c511b3835ac3f64c8fba

SHA256
22e7ed7cf0d5f7ff5a21d6595baf1a4a80674ea584d059f84d32b5d1470fddeb

SHA512
dbb997135d3ed42c7d50c9f0553373e9d5e22defdcb5f9ff5bb9c91b0bbe6b6405c140724dceeac0e5f39945fa9c141b90233e04ec3322ba43c566442676cb07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5fc40e7d335e7c6639fab4171cc65b51

SHA1
20ecb5647c9fa2945a55d05588b8794eac637dc4

SHA256
cd2f6af2a040743f94b0c5a047235c93f1ac95413b08ec4f917851b2e50f0a9d

SHA512
12832ffd5546a433b881d96c6e585fdba537186c2e5b065b011f845f2485117276108f162c650610b6b5f37bad366dbcec2f7886e2709d282a3dab3580930405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79afd331350d7b15d82d4600c6f4ce69

SHA1
2689cc1eb954608fd9be73a8b9a6b49c3324b4c9

SHA256
0a1455216cffb4b4230022c44163cb6a12d6a1ad41475d9ee977e9f6e65de469

SHA512
510f858d4073f1a511c4abb27c5d39237ce4690286b1d2fdb7f6f0fe62f542c027514a559e699d4943ddfc4cc1ced01ff53f9aa17d1e0f21259008ef2f0f7729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
328c996b51b6cd31ae0b3302686b612d

SHA1
2830f5d4e26278403aaf6b36de2c4273100265ac

SHA256
d036f2520fe83f5001b255f7008ebb03622edf5d1c4c9a89a786e31a1d321030

SHA512
abae3ccc6a0ff87b5ba8c8b5ab90f8af02ad9419a2d1f4a7259003d76fad600a81b8e953ac08ce93e00d85324041fb3a446fbe97b3b02c0a3863f2e645c31070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e7cf135ea431b958d4ad15fcf24cab94309c01c8\index.txt

Filesize
102B

MD5
9819a1288bf7a9bcbc2c7265631e7e13

SHA1
04cf9d4272233aaa0ef50cfe3869093057d54b9c

SHA256
3eb65878b3de976745a2de3c9cf862ac28ae57ecfdf9a64c19af256c9ceb655f

SHA512
6ffd18a819e6c58c744c21780894194877816faacb8ab82fae59ba80cd9cb180ad3d7353d741a966882f60a81c4bb2c7609c7eb5890c29623f55ed0b27a9966d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e7cf135ea431b958d4ad15fcf24cab94309c01c8\index.txt~RFe57b621.TMP

Filesize
109B

MD5
da5f622cb27b04a16fed143a1f11e9a0

SHA1
997cecad2d81a78b0e490ea13e88d468658aead9

SHA256
ff36ddb8b9eaf3a30f40c5e3a3bee4a0c3c8b3d8a3fd03b405285dac13974697

SHA512
850692654be22c04befc2e257c060f39bf4448b3dadc1ab7cdf90cb9ab1353dc9b9916b00defc633e876616dd6a0b390d9c467692372c9ac8e586b67e759cefc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7bb9d9b3514d16c39aec54ef4b45fedd

SHA1
8899f031f692adbc269be52ae9639b9c606f3166

SHA256
a0984f47b11c0336d3f4f699cf3d8086f2957728584e817693376a59e3243362

SHA512
c8559ccaa9339ed35c82c3714d4256fb73914586aed8af8325e55a9c4b499b3103af80fdd64cb9aca719276db99b00d7c3657b93c59afd5e13e9f1a60125f448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b66f.TMP

Filesize
48B

MD5
48d60a1edcb097ca527f6475cc6db4fd

SHA1
4d24807bf3f82f8389c195a148dfbd8f0d5fa586

SHA256
adc945428f043208f0d957b33be80c406b901563b237502f7bb00434eabf71f2

SHA512
91e84b5e837c73a11891435524bfa5351ab196944b4f36d678598f023edd92972c402bd44ad6444df657bb90cedbba244a76fd50150ebdea8d129a3d7d3db159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
3ed4fd074feac3666a6c9683ff216bec

SHA1
508c7dd4b273ad88704661473c75f677c59877ae

SHA256
8230648a50d1ef2b6453b4a873e75cd7f2043f1f52a14e0ed0dc9dbb5ab1b3d7

SHA512
9ce977044588f01f9070accd03c4ee92d9921dc66b8d7541782fe03edd8488fe557549f4fce4f6d1819ddcf9cb3f7838c74db8e093a3f30d5ccf404b2ebfb6ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
b9cb336842737150153d24f8788673ed

SHA1
4d7f7dd612d66a97b82f30077708e72e3c63e0bc

SHA256
efdda31d4292b4cabd5b1973e6474c24b8d81c50fc7d1c18ec63e7c5f3effeca

SHA512
6ef3d12d4ffc3335bcc9fd35dee7d7e25faa7239cbc8636c2a1b8862433a3f5b342a424141cb8121d10873ff50ea0e8bc452bd3d8275681fc4eaf6f90c1dca80

Download Submit