hxxps://stump-sidewalk-faa[.]notion[.]site/FREIGHT-WINGS-TRAVELS-PVT-LTD-1d1e10babfa580e1b219fb6fab89f5d9?pvs=4

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stump-sidewalk-faa.notion.site/FREIGHT-WINGS-TRAVELS-PVT-LTD-1d1e10babfa580e1b219fb6fab89f5d9?pvs=4

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
94	6024	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133888719542022821"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 5248	3848	chrome.exe	87
PID 3848 wrote to memory of 5248	3848	chrome.exe	87
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 2948	3848	chrome.exe	88
PID 3848 wrote to memory of 6024	3848	chrome.exe	89
PID 3848 wrote to memory of 6024	3848	chrome.exe	89
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90
PID 3848 wrote to memory of 4884	3848	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://stump-sidewalk-faa.notion.site/FREIGHT-WINGS-TRAVELS-PVT-LTD-1d1e10babfa580e1b219fb6fab89f5d9?pvs=4
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffb31b9dcf8,0x7ffb31b9dd04,0x7ffb31b9dd10
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2224,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3876 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5612,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5704,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5860,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=6128,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5756,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6268,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5576,i,16579358144060785145,13577347583437474482,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
18886812a4c0d2ee0d4d4245bc1d86e3

SHA1
e52e3657c1160c35e30045d42570752908221d83

SHA256
51f72fc82a8eefb04caa9f8cfeee9e76080004d85cc6114c234143ff1f280094

SHA512
449ac04f4023e1d51665278ff24bf81fbaf085486740c0171f0f0d5e89c65cd49a3d08632fb4a7e357da0836759806c1c8877d728b8c7ba5bb94ac82adea319c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ce73061a012ceb5e32a85ab78ca9577

SHA1
701adcb9328739bd3bf56d0364da82891f7a9e27

SHA256
585ff358f1f2f4ee69b2c8c33dc06f273e2f906abee5e62b4d1a3ff9bf779a02

SHA512
336093d3860c2146e46300a46ad5d04ab52388b956709710ec42e5c59e1a63236fe8a1aad7438e1f3c54ada51763dea7ccf8d81730d07d0f82c48b62414a2125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_stump-sidewalk-faa.notion.site_0.indexeddb.leveldb\000003.log

Filesize
4KB

MD5
2383190bada0ced35a22bcb562097e99

SHA1
5248ed67cc7ffb2f50e0c277b62feec9322105b6

SHA256
037bc5d25edb8773e7ba59d6f733c42f2dc4ab053ebd5e9e1f94bd7df7b4f623

SHA512
41fc456ec9c9de26593b5a207c7c50d047e0dfe5b46c323c845f31e6fd2de4d817522235beabb4bc0df184e1ee460a26531bcf604c6e1ab3f7038b4f21fabe5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_stump-sidewalk-faa.notion.site_0.indexeddb.leveldb\LOG

Filesize
542B

MD5
bdfd17acdef434a51b2ce642a4f30181

SHA1
d8ecd2cab059baa31ebea1be40cb2e075a9475d4

SHA256
4124742384631acb0659683cf55add1bee38856a5febed0ef85484b254fae6af

SHA512
3779a61508a04898577211b8a7611db7ab6e930eeeec05a884454185344ddcb9e3d7c31b7df457cd895bf5819dbb47abd91d25d31f75f4f695a970b580adbea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_stump-sidewalk-faa.notion.site_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3868faaac6b0a83d0c7885e5ec1b3097

SHA1
ac2c1a822a5fb1b3233bda79b29c02cf5c6e68a9

SHA256
4a6afaffe19fac45021be28f754b621226b4aa6fb6d424c8d478b67432a56891

SHA512
47692da6521b89a68a8d68e6e9960a078108a5981207c0071f5fd2e3289151f7c23c72433b5605bc9517a5327fc5fe6a48f675f56e29a9a7badcb64c67dfe59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
77d18b45d5c47016563487c7b9d0ec4b

SHA1
66ed791080c016d1c5ed2d5b3015c4c7d0545fba

SHA256
486224bcdbe0a9996aa051d1ddb33578a4afc1638b62d01e71cbe70d33c496f1

SHA512
8c772927fc582600c0b432d7973e26cc72751ab1cf8178af374d1d531e585dd314402a06ac74125de19c3135f345b299a200f564b8f91b8bd1fdaa57b0d5f905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43903888f5571be6777edceb6413bc86

SHA1
65bbebd8d6fcce3ecd11d29fde3479ed6198fe58

SHA256
f2880684b5f36a251bc842297504e5bfda077bee570eac0dd9b51b200bfabcd4

SHA512
1509317ff45a452303c35c78c0c1ce03aa4dac51283cef7110a1c4b52647300d077e908a8609a154b7204c9522922afdc4ac919e6ebaf3a62728cf09a5ad683c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
041e0fc010f35f7975a4bb82c1ec344e

SHA1
5f322646d3f022f10573d6b0483ebc320685b12d

SHA256
bd5924a9eb2e11504bfac1e5a3dd72dd4e0631b670c6533331c98d059e7b518d

SHA512
541f35ce8cda653a31a4fd3073e0d901effe7b6aaf0a79126d714b1d722532c249863c63c1179fa5a6626931856ff63adac4740cb44836049a5b6d82a086fde4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
328c996b51b6cd31ae0b3302686b612d

SHA1
2830f5d4e26278403aaf6b36de2c4273100265ac

SHA256
d036f2520fe83f5001b255f7008ebb03622edf5d1c4c9a89a786e31a1d321030

SHA512
abae3ccc6a0ff87b5ba8c8b5ab90f8af02ad9419a2d1f4a7259003d76fad600a81b8e953ac08ce93e00d85324041fb3a446fbe97b3b02c0a3863f2e645c31070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f3deb894d8a21531ca4b84ae3d253913

SHA1
ae5de5401aaeaa5b27c1248c7a142f6234ab2f00

SHA256
434abbf2f33075ca80ec913624c28eb95fa2776b3c88baa338cffb6baa1868ed

SHA512
3059010f6884011fff785afe58e1a6a0ae68cac61afc2865ec4853b753b814eaaee60d4efc04c8f3b91d895d99e19969cf3309da0c6b28be9803806418136d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57adf3.TMP

Filesize
48B

MD5
d7c610661f3b9dc27fe521a8d7380b4c

SHA1
3c52236e8dd4bfa226f3ce279c3eba5cb1f09f70

SHA256
f9f780eae2a20650cbd7731eb44fe689adcc5f9c7fc0bbeb36472f840ee7a541

SHA512
909707f053b1261ca90507b056478c2805d398d20959291ff73b46d25c55f3ef9e0cd3f6f57c0f2a61e0bf273def892839156818042d7233c666ce32197aa4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
3KB

MD5
13450fd169400403bb3ebf127b519b9a

SHA1
329905b3b638825116c57f7901d8758db6fdbfec

SHA256
ad53f1136ce65ce1ef89e2f44fcb0438ef30b2cad5c350473214845225f42040

SHA512
20e62f692ad81ae0bf1511be74902f07a7d285df1d222851ad3d36c7edaec13c06fd0a9af5b6c1918c3904dced47015d38e34f96f6caa8b0cacd804bfdbeeb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e62389bd-c54d-4b21-aae0-b3904f4d24be.tmp

Filesize
11KB

MD5
ed51a4b552dabd5a21a95a0f449d3339

SHA1
42bef3fadd9720f3322fc25701d8c192b656f478

SHA256
901a1e3bbfa8c53882e801681843463b10181f6f803b306763033660e1a5d24d

SHA512
038c457c8ea0165a65080a9479f182f82f0d5a2b866069f2b9c7584668c0f00b632767814fa8402da6177807f2c981baf1db4475150d735eacaf1f133222ff0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
13620503c9122b4f2b9db9a094608ed5

SHA1
26967458066dcd5137ad74bae36943ba32c21656

SHA256
a868d92b3103d9ee64a7e8f07a7fff7acc117a8dafdd32429ab5143e4a71cae6

SHA512
0c6416bfceaead8ca78471d96e7acbac6a29f04585ac23bc44a1f0993e4ebb9211ff1d242f1eedb382e0536372b2905e2e93c49560c7d86e6c433cda6374988c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
786054773888ad05c4f5bb1b59f6728f

SHA1
84602d7d560da416fa322b2d13c62eb30457444b

SHA256
1345fc1f43dd42fa033fa698d787abeed29d63f8961189bf7192feb75affef78

SHA512
97d855254b05958290a80e8fdfb90b464cb622cba0945a203d76dd1baf6d2569dddf29fae284958ddd664d9685e46f1874a34556465c1591f017410998bc9f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
a5dea6a0571ad8d7f188d23aa87d1ef4

SHA1
f35a28579ad805b1fde70bad6b10d23742ced7ab

SHA256
fe76345957271f5c6d2ee34b951ce14f10da7ddac1b76894d72e29570c324c9c

SHA512
13074b1faed47086ade170c6a6e676a84520c62b7793cc1212eff6bc6fca77fd78e7f533cb197f942d5a3220d90ae6cbd00688b5256c1330bb25889009c768f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b6e12893-1cd1-4b57-94a0-e3fa7d9424ff.tmp

Filesize
81KB

MD5
4d8e7c584d59ff963c6bbeb830f42c32

SHA1
faf5231f03e117483c7ad00156213930815111d2

SHA256
7a423cc196d6372eb982f95dfd658a8f1c6bf751ead3938d056feed88738760c

SHA512
515cc20190ff6b092970ed8772e5e2b1b1dd953303fc72f0d2915eb874fb6c64e104282f356d317603d2ffc562fc736757e6dc69c8898a739274ce5c16e41a32

Download Submit