hxxp://bonzi | Triage

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bonzi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133395541387792286"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
1588	chrome.exe
1588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 4468	4668	chrome.exe	44
PID 4668 wrote to memory of 4468	4668	chrome.exe	44
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4236	4668	chrome.exe	88
PID 4668 wrote to memory of 4112	4668	chrome.exe	89
PID 4668 wrote to memory of 4112	4668	chrome.exe	89
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90
PID 4668 wrote to memory of 4412	4668	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bonzi
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa40ed9758,0x7ffa40ed9768,0x7ffa40ed9778
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2960 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5124 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3984 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5312 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5480 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4500 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5200 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5228 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4828 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3892 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6404 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6180 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6580 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4708 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5128 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6772 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2360 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4840 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 --field-trial-handle=1816,i,5090506685021862138,4727881673099569776,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
41a915c27a22f92827f872e9312cd874

SHA1
dc2e521a768db53183ab96a97292fcdc4ddab6b9

SHA256
434f3bd9e5f470825769ba11dfc345e5275bb7635074b158b828cd3d674111bf

SHA512
527a551472831bad4093a84dd372c06bf72f36c7f25b48831082eb0e035e70d949ce54eb431c2f40d761353bee2bb60623530cbff99d02d78b8704f3dad71ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
03066e524c590153d2c937082c9c8665

SHA1
8f25cf4fd026b1c23dcb8089fdf52aa1fc0b77d7

SHA256
21b2dd7337f74ffc88f43b5d78153061a07ec50416b8c216e77bd757b2cfbd8c

SHA512
2f00e65883920c37d0c4156a9c0196e85574e4a2bf95995d7d50a2ac321e4faca9b2bb69fad9d4db56d7a2f3b6e0b211f0f424497a54f128b6c77a2b88d180b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
675c0c3b00d3cad19b00e980183da5d4

SHA1
9509908d80814472605eb9bbde73dc3f0eb285b1

SHA256
31a2c92d80e858fac8c0fa8e63db5610f804117e2fe2dc03114315379862caf0

SHA512
9e3d7a767f1695f72d3884157eeffa56db14a5387f54b1f65cf61351d5b7742641e86f8927281ac15dae54422c1944bb80cef67191d10a3a26c98055c1fc0707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
164f46d5cdc11cd316cb72ec05b8a85d

SHA1
d723b2675c25bd33d8acc28cb59df6a31200eccf

SHA256
e8c91d594510dcba7e4f89abcee9c1a1f53cf509b15ea053a78de1a6576b7a31

SHA512
845859d7b491b74246082518f4b49f1553a864e61083e02552a7a2b127907f8ef90204f5838ea0299bf3f29779914fddf2bd59ce5c0977b55cc1174a4edbc52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
ca8c589b0ed20a82f56837fe0d4f313d

SHA1
6c821716494115a163b052f56ae19e2861a6d29e

SHA256
5be1e0951ac21dc510a2a9e4ff67209741728cdf867cd66ce1eaec7f0a6a9038

SHA512
adb0fd295c0dc1aa086c0b41e78aed358b9778e865cbd733bc27b70841b0088e9796a92e2610d4633e9c350f8b8104aeff81222ef98623c01ee3ababfdf17e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e567710376b7d38702b52457a2f3236

SHA1
351a5c115aa47049b295de50764c6ca16ccdaa4f

SHA256
f4591572ddb9e31385b893b0506e5f6f316941f4ab5e73833dc760b1f7a99ad8

SHA512
d6492ed9862a317620c68542599309791fed209f5f31ace3614c6c4ec3d48b171755815faa2093a5bd0cf5d562ad3e2ba775d579f0632e820854836a9b265bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ed7d55369cdb3724cbb9a50a626faf4

SHA1
578704c39d1707972c643bca264ebdb272d9a220

SHA256
e227245ca47681479a3f45491e7f9efd90e1eaf27544fa443924135941895f7d

SHA512
61504351b9991cff235adc307b5ed3cac1b474626be52a936fbe837c24bde27fb4c2898a0c44732b3de26b8b8edfe7edca37f4b20409f31d9979f42b70b66974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
05606fa88deaf8df93a9ca2a93f7c863

SHA1
428b28d3b397da1230c0039b49d62fc02041170d

SHA256
d987c9cd6756064abaceacd810ad1c1f2addc63402f1127b31462725387ad897

SHA512
94fa85c9de3c58b67e54769e89b4ce43dcf8b032f55b9f863ccc8ee02c98c1ad174a47a0ebb7e69b99dcf68afb9b752d448737c70432ef700a9c4034d0bf9bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
370aaec98b166802d1d4bd7198057809

SHA1
e24a64ce66fafa11c352197adfa796e6eddb3525

SHA256
714da8de3af668943c6eba3c5c908c57015d11d2efaf578b9c6a55a97a82d9e2

SHA512
662e73bd32b2c3b387217a6f29ec6269c03e7b50bd8473446d1acceec4fbc223c6a42bc7eac67ff74375ce5bce73c24b0b65646446f4239bfba7b7a59fa239f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579904.TMP

Filesize
120B

MD5
e07a1ed067604c3ed6e9ce5fe90252e5

SHA1
4eb608f280779f37a332fce440d9e6bf45e59648

SHA256
878bb126821a87831363e643668ae6f4928a3a711acf7dbf94d4e4467fcf4575

SHA512
003c8f247cce2b626c3ff44f5d60e0aac5362fc765ff3a3391117ac62cfb57645a6f498b78ead1d4bf1e651b1b8d84e0eb90444d64a5abe80344e5f34aa3d3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
6e43416112c4c13e6e8e5d6f0635a39e

SHA1
4e0ce3e81f71f6ad44de9ad6665789fa3beb3dec

SHA256
b4d012dd552120ff0431b9e9fbac2ddc947cb870a43b89400f87aa2e2f191769

SHA512
65afa2901170d8c4f97602a1f18ae0ecb96e2e56b098671244ec15910f2b21b4288209b8909e069375f7df757c60d367f9607dbf29f496af6baab141466f461d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
0af2c2b18de7162522b628d4b129307b

SHA1
6e26361044162be06f5e82ff62ddb0f29e882691

SHA256
8c4e9003bbce2fb4e13aa995b178c50999af349175fe4c3071ae4680a603c6e0

SHA512
8cf9fe6fac4d6e67117bca9d741d3db2d223d810a86cf476f5739ef29c9a4d93d7b4b116be76a0850fa8f7cd6cb5b564b00a41c0983344d3a26bda54b734a7d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
f90736b416a77fbfed7cf80c71e518ea

SHA1
01d7e67ad3515124f6071f47a84025ffae4111fb

SHA256
0bf5a8e7647f1e60954f1a49bf42ec49d42c731a55467656cf1767be290477c5

SHA512
72bf13d2d9fa894870c60cbe3b6b3bfb2cbe1ca684edfc4fb2d00fdaad4a1162b094eac924ea73a7be3d9df63db92d5b6a92a2a375946abaaa07f2df622f8e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e58d.TMP

Filesize
97KB

MD5
8901201d98a2c5c643be306286f17fab

SHA1
96203b4534607bc9a6e7d01f6c60d8deb33dd0d5

SHA256
a7b64356622ed320ee9e8d91e963e4b48a205769925833bdc9dec04cfb136eda

SHA512
15db6e1e30f1f5207ffcdb76ea5a7f8cf4f8e43d15d58dca3474b1fd78e8943daa9fb221cccfa6ae38ccb1f68e5ce6ce54424bd5bf0aac89cddfdb174c0728b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit