hxxps://cgisoluciones[.]cl/mopemrndep/Q7/zZV5rdXfqtyLwQZhHJ61Z/dml2ZWsucHJhc2FkQHJpbC5jb20=

Analysis

max time kernel
57s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cgisoluciones.cl/mopemrndep/Q7/zZV5rdXfqtyLwQZhHJ61Z/dml2ZWsucHJhc2FkQHJpbC5jb20=

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133887809073548834"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 4448	1956	chrome.exe	86
PID 1956 wrote to memory of 4448	1956	chrome.exe	86
PID 1956 wrote to memory of 4900	1956	chrome.exe	87
PID 1956 wrote to memory of 4900	1956	chrome.exe	87
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 4680	1956	chrome.exe	88
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89
PID 1956 wrote to memory of 1952	1956	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cgisoluciones.cl/mopemrndep/Q7/zZV5rdXfqtyLwQZhHJ61Z/dml2ZWsucHJhc2FkQHJpbC5jb20=
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff793ddcf8,0x7fff793ddd04,0x7fff793ddd10
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2124,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4416 /prefetch:2
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3168,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3856,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3044,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5476,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3372,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4808,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4384,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5624,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5880,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4824,i,6698191463201983078,639088284793771185,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2000

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
33115a5da6e24efc41552388e7bd6d42

SHA1
da6039c7307181d6710430b40892a3ff383d8373

SHA256
34f92a53165fa5a91374943cdd8164ac46d4c43f894dfc871792f9ab5f008aa6

SHA512
c88bae42cb0b2e3f808de6ff57fc28cd0d369d2f9b6dc4fe25c0743a657b7efacfd0df2d13d8bebcf74fe2c5c83c1beac352c09366a2be1a332f048cdcadc4b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4a47b50511fc1ce8006f0b9eaa1bb4ba

SHA1
0a27089e37813eeae3a32d580e7a5e6facad44c5

SHA256
a157409d9ffc125d76141dd7982fc453830b0ee620782e51023a4ffedca49609

SHA512
d8d9335368027007cd457e22b04be1e685204ab85c2e9eaf0cbe1f43d8707fb97cd84f123edfa79aca1f207a262f25dcc5f7a5680b1b48c2dff19e22160ae11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25b011038938f4b725ab85fcd661f1b9

SHA1
6ec970a8a9575c4d58dc2d0304c015f44904b6c4

SHA256
21a772ebe4dcd731aa5760e6e081055a4a6595551630d1ff6537778ed4b1d700

SHA512
6431bd05c0067f2101ca889c7741c11cedba53c295bda86b756b5e914176ab41104f8d88ea0ffea92f5bc10d32efb7f884427dfbcc2f6aabb9fdbf158eaa8f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7d09834b36a53b00157633218f0602f3

SHA1
e25b82cf8883f2ecb5c77de8f95e4dd67e26b93a

SHA256
91637bb168cf7dc8d3ac63b7014219b4d18d250b83848ec9cbca52ed84135115

SHA512
4f93c0b4cb08e168b05b7a959ee9dd8e60af6f6ec2e5d1da0f3d84fce7136b6cd6e2f39c741bb5fffcf0f2959dd03ff6e35d04e13fcbcb6a636cea02446f3998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d1b1683b8ba4648dcd579e5b0e1cf5a7

SHA1
1646166535a66078ed5820018202bf739c468e1f

SHA256
220eb0c27c2101ac90252b9ec86b52fc41150039a23f69ba311bfdfd68bd76e1

SHA512
f4b519b1cc2f3f9093eee092ac31cdb95882dc04bb75c8241cf3e62d6a7ae5ec72c06c0fa8e3d0161e70a84b4f29a32713dafe583b0ac2079a6343cbdb29fbe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4bc6ee3a9a466a6fe98e0076143f3089

SHA1
1257697172b2568fd45e946495090d768bc80bac

SHA256
388708b3dfc36c41cb12620a9fb42d6fb7a29fd618d61ba225960cbcb7c931da

SHA512
b8e1803ab3eefc5c581ac582d8813fea9626da0c71aa0021e1f117e4aa5e95a4ab624926d9463958f0987f63405487dce86c0a0e5085d693b1a02c630f76ad71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c0f738fac7f7f4abd16f730c578332f5

SHA1
9246cfaea53d76cdec1ae191ebff9bef4c6d3812

SHA256
0eebff33d23429faeb502b782cee9443f9273e010ce2a2765bec12a057487337

SHA512
c3030c7c9ac047334ec379aacbe2fe70db0db625ef6b0026317ef819434c28005b5261c0f1e1a84d8e2754a69e84f052f8dd727a4c2d57b5fe3fabd18c63d913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5e35382d64bfb297e173ba097f83543b

SHA1
fc0952df70f3d86b7408fadb016f445a42b5c739

SHA256
6bddd360b71366c4795507e7a4a53f51d962b68acd25b584c37951abbff5012f

SHA512
637fa4b173d09ccfa2f2a346ef0a653fd3f2923f10cc6ce19a61a7b6a17109ebe98628459070b8403f35eb34fa931e127ed9d19bd9d87320784206ec6a79257a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a345.TMP

Filesize
48B

MD5
8e9c811f8f9750eda514ceec68862685

SHA1
278b1edd546a2d463024aa1f39805db70f44dad0

SHA256
a5a30c08ea3b63734512ca756f5e16cdaa95c4ff255dbf7aa4830f1ff04a8d9d

SHA512
ae5dbc7d14dc6039db6c73bb4a9de1c3a960f080f8e9512b375db588224efffe0e62f85e4491ee9f2d9db8e0325cbc2fbbbf05c7d74da1faba80cb1120ca0d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4921924fc4da4cdc12823068199af1c9

SHA1
de8d878ed25f4cffb3c1f4fbbdff7427e683d479

SHA256
8588dc505ddd06d6911cad9717563620d5feefa4d31c713994fd219eb4b9bac7

SHA512
eef33cc06c88c79df8a377d2087d68a52b9a58a53fcaf45303548a769ed0b8ab41595fa151c5e5fcb9e4dd6202539c63d9da8e43b1e8f46270f3a1abafd622c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
ab037f59915be15b388169e1b7d77fe3

SHA1
59c00d03f92e33088650624eaf1cee2cde84b6f4

SHA256
29939e03b850852cf60249065aef15afb9bb9058e9ae60d33da4d47c248ea24c

SHA512
15b02f0b982195d4442ae9c09664d69c6ebd774f9cf36959672ae0d4ed99fded657b46289ee256891eb7a73a04631cf5b9574458b00dde3697ab8db74a90815e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
71bdfa7c2b751726dfdb2bc63d9aaea5

SHA1
8c22243157a7bd77eee32616aee5f1cf1f7511f5

SHA256
13850e6d9b198107c79cf1ca8129e841cd9e7aad773675426f0651a9a1a1d928

SHA512
d8f106822068ed223566d52ec40dde32b09ddedf232e7a554e9571fb81dbc53416a57c44c27c827579e6d7da06fdae7fe2c38997a2fc648348dc25dd28d30b9c

Download Submit