hxxps://2n8w[.]app[.]link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay[.]google[.]com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom[.]thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes[.]apple[.]com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=link[.]mail[.]beehiiv[.]com/ls/click?upn=DHNnCVt-2BYXCJEGCbBN6Kf3YKQEmI8Qt8rR1gTjJHASpATLyeIlvIT91BNjWRfeyOX2uQ0iCsAz-2FxlJiaBO8-2BdzlVkbHc0NpA-2FGrYIcZYYMyu0KterLtG-2Fo3Mia-2BYozbbnjCXF8wDc59iwLtEqMxm-2BPPWzjtDj7TBGHTZrTdeEJKDN6DC2T8QfxIR92LESbDMpt3Y_DC4y3DdDCeEScwRgaDHqvUt0mFohRF-2FgrOC-2Bd8-2FV4uQNXXRFmy8FSGQ1cwU8EVWCgPx1MrVNEd6v96-2FSxEpRZZRR3YsYQioBD-2B7ssn9hh31oEtD-2BueMNPMLeU29OgQqviY9ZvXS-2FnCTVKfCOkm7LLH-2FByJziTQtb8wFFDcfdhro5AqibYkjMmgYPXLSTgv3fogRJG-2BKk-2FWtHsHnNKnqKfU48kEfbg6Lxco2MgE-2FVGZy8jahxp0kJz3w2R4OiSU6W63BRaSj-2B7ZGJ5IcpM-2BrLPCJP4E-2BbYVY5YH9CZZoQlVlQQSf977Jr3IXn7fwNB5-2B69K-2FYbFddD-2BxD7-2BfjI4FMMRltbfSyaVT6qxWoE6WUzT4f0JaTpsNz41h1Iai-2B2SZqIpTjmNxrC1ZBDPGiEwFUob3yTdII7KCOhR20wrtpEaGzeFcB02CR0xDtOZAudRHITP733gRO6GcpRFDBDMSAcw-3D-3D

Analysis

max time kernel
299s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
29/01/2024, 15:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=link.mail.beehiiv.com/ls/click?upn=DHNnCVt-2BYXCJEGCbBN6Kf3YKQEmI8Qt8rR1gTjJHASpATLyeIlvIT91BNjWRfeyOX2uQ0iCsAz-2FxlJiaBO8-2BdzlVkbHc0NpA-2FGrYIcZYYMyu0KterLtG-2Fo3Mia-2BYozbbnjCXF8wDc59iwLtEqMxm-2BPPWzjtDj7TBGHTZrTdeEJKDN6DC2T8QfxIR92LESbDMpt3Y_DC4y3DdDCeEScwRgaDHqvUt0mFohRF-2FgrOC-2Bd8-2FV4uQNXXRFmy8FSGQ1cwU8EVWCgPx1MrVNEd6v96-2FSxEpRZZRR3YsYQioBD-2B7ssn9hh31oEtD-2BueMNPMLeU29OgQqviY9ZvXS-2FnCTVKfCOkm7LLH-2FByJziTQtb8wFFDcfdhro5AqibYkjMmgYPXLSTgv3fogRJG-2BKk-2FWtHsHnNKnqKfU48kEfbg6Lxco2MgE-2FVGZy8jahxp0kJz3w2R4OiSU6W63BRaSj-2B7ZGJ5IcpM-2BrLPCJP4E-2BbYVY5YH9CZZoQlVlQQSf977Jr3IXn7fwNB5-2B69K-2FYbFddD-2BxD7-2BfjI4FMMRltbfSyaVT6qxWoE6WUzT4f0JaTpsNz41h1Iai-2B2SZqIpTjmNxrC1ZBDPGiEwFUob3yTdII7KCOhR20wrtpEaGzeFcB02CR0xDtOZAudRHITP733gRO6GcpRFDBDMSAcw-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133510151750989318"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2528	1664	chrome.exe	28
PID 1664 wrote to memory of 2528	1664	chrome.exe	28
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 3484	1664	chrome.exe	86
PID 1664 wrote to memory of 4552	1664	chrome.exe	88
PID 1664 wrote to memory of 4552	1664	chrome.exe	88
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87
PID 1664 wrote to memory of 4380	1664	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=link.mail.beehiiv.com/ls/click?upn=DHNnCVt-2BYXCJEGCbBN6Kf3YKQEmI8Qt8rR1gTjJHASpATLyeIlvIT91BNjWRfeyOX2uQ0iCsAz-2FxlJiaBO8-2BdzlVkbHc0NpA-2FGrYIcZYYMyu0KterLtG-2Fo3Mia-2BYozbbnjCXF8wDc59iwLtEqMxm-2BPPWzjtDj7TBGHTZrTdeEJKDN6DC2T8QfxIR92LESbDMpt3Y_DC4y3DdDCeEScwRgaDHqvUt0mFohRF-2FgrOC-2Bd8-2FV4uQNXXRFmy8FSGQ1cwU8EVWCgPx1MrVNEd6v96-2FSxEpRZZRR3YsYQioBD-2B7ssn9hh31oEtD-2BueMNPMLeU29OgQqviY9ZvXS-2FnCTVKfCOkm7LLH-2FByJziTQtb8wFFDcfdhro5AqibYkjMmgYPXLSTgv3fogRJG-2BKk-2FWtHsHnNKnqKfU48kEfbg6Lxco2MgE-2FVGZy8jahxp0kJz3w2R4OiSU6W63BRaSj-2B7ZGJ5IcpM-2BrLPCJP4E-2BbYVY5YH9CZZoQlVlQQSf977Jr3IXn7fwNB5-2B69K-2FYbFddD-2BxD7-2BfjI4FMMRltbfSyaVT6qxWoE6WUzT4f0JaTpsNz41h1Iai-2B2SZqIpTjmNxrC1ZBDPGiEwFUob3yTdII7KCOhR20wrtpEaGzeFcB02CR0xDtOZAudRHITP733gRO6GcpRFDBDMSAcw-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaa4d9758,0x7ffeaa4d9768,0x7ffeaa4d9778
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 --field-trial-handle=1868,i,13322049957648589542,3879736401189861665,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d05fc5e6dee7e44422f28da19bca8a75

SHA1
5f839e874c896db541f16990a7d45e935aa80056

SHA256
c0a5da716010b9eb047752538847990df67a7be07e4821c503bf225c39a76b16

SHA512
9933803dbb4831160decb8c0e9840e247962b977c3bc636ed25968f157256b20013895c74cf0c4560fffce6ae3eb9aef1d18106f92fc23ccfd0d6a1b2682c3f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
864277037f42babe729c3d0c5c0103b4

SHA1
ce0c161a22e029055951d98a0a9e818ce7248c3a

SHA256
00242356ff82ef1b54419eb2284a42505733a776a67cddd162c99544f0d2534d

SHA512
25a37d3c23e6cff440f74251d9d7af96c2fe41e5dbbb5079f36d904f1d39e327774543ad6651c2fa05711a0bdc1702c2b4d8c815cf51c2f91ea51ab2663c80b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9cb7baf69e908c4ecdb27a93a393be89

SHA1
5b187cd10464ed8872a3ae72d5b2a38a6938dffb

SHA256
75165bdbb863f11eb4d482e6c3bd4e7fc3bd67cef6f77322b796061261c0a5ed

SHA512
06a6f955021ac2a642b1eaa9012d7daeeb7d0ddf493a56cf4928dbe07d67c3b86bf9da404748900c70450066622737086e672a7a23b7c7f0e6dbefaf1bd55e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
e3983b17aac306865a6ea5cba6aabbfb

SHA1
762226270320e42243092322c32b6d307c4f4721

SHA256
3e51b87f3debc6a9034351a1da88c90b1c0964d68ce3084def2930ea357d267c

SHA512
06f9901b9d62447fddb19f26db6af4c54721210ed4550e2a23ad35e8c5615ff974f75f38a01eac628a20f6921d749f88ad826f11716afd7bc9106c260b43f304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93fe0947c07b9f1df6e5fd90959672e1

SHA1
695f31c7ed0ea27d6cee5b4c9b58260156c28a64

SHA256
b39660e0f671358437abb40f365a47d73ca41cd7caf212cc825985d7e29d7f13

SHA512
98df260f1268f85e83fb7db4a0a8c29b3705258af16b4bb9f18be110ba1724643bdf7ffe84711e41035b4a32215904ff7d67dd82ff0401ac89b29fc12c1403e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
de309a56853092c00f166cbb87cc360b

SHA1
9c13940b88e7f58143fc9d66fe06bc8f16a9e670

SHA256
95814fc93f6bc4d7d34b4e222cac8da14b82d5f6904f7f03e4f1089f19700987

SHA512
73d8120b038163050d6738091a4e791f5b811c499195423b1415c81663f7a47e408a53298a4de940ce90a0c5831314513c65ab3ee6c5e6a0bbd4dad263cd3f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cb381cfd-fd83-4c2f-a89e-5ab0ea9f33e6.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit