Analysis Overview
Threat Level: Likely malicious
The file http://bonzi.link was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies file permissions
Drops file in System32 directory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-23 14:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 14:28
Reported
2024-06-23 14:31
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636265239045630" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bonzi.link
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe86fbab58,0x7ffe86fbab68,0x7ffe86fbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3340 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4976 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1588 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5072 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5056 --field-trial-handle=1944,i,630169520512227674,8843250496020749333,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 836ca4d3af1045553573c9d1684ce7e9 |
| SHA1 | 645f0910bf2e0c0330d61a744e6e32a87436430d |
| SHA256 | b92f86bc38dfdba4b9607996441e0d0419c3539d15384a926f87da0d97bd3695 |
| SHA512 | cf707b924d0ae9e27a1cdb0de979a11a64e084f6947aaa9e9f266126efbc24f14d5dfdeaf75739ef800bb28bed85e4aab62fcca8852f84f893cfa7fb426887b0 |
\??\pipe\crashpad_2064_MGVPZRWDWGBVZHNB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3d09389f3d84f6f10a4bf55ce3cdf687 |
| SHA1 | b5115b77734527c7360dc9d4ad1680207550fc41 |
| SHA256 | 92f57273fff7f280ec82a48c5cd9a1ddf64b32098af9282f27338633ce3c43be |
| SHA512 | 3bf0a963cc97017160462ef8919eb5cce782db250f023b7884ca501af9b03a0d36263a52f88a4aa79e0af3b80a2755da1743dbedb169b9bb20949981caf83954 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab5ca68a4e42156540d852612b21bc38 |
| SHA1 | 84cd77e86ca5a74de7490f36a408ce104fe3da6d |
| SHA256 | f333a59b2420f8f47fcd303f40595fbabf26c2d4264fb7b0d0d68dadb09166e7 |
| SHA512 | ad92624aaf4f81ec9a4ac254926e675467cd8f1a1b80825e6c51a654233815719f0fc5c6d1bf9693e5125ba777837e2d125e6907b5e1e357ceb3be0397ef8da4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0074f41c0c8b8ce18793d82b96e877b8 |
| SHA1 | a3bea53f2b308d2fc7641f6086e340817901d176 |
| SHA256 | c3a250c5d698e66c36557832fe5e893cefb8e6127d7f6abc21ea32e5d27b9181 |
| SHA512 | d1f1a01297071aca7f8780fa852a10faadf8a3ecbdc4c4390bbede3c0a943478bc1b89d028dd2ed30702b03464794f181e4ef8d191191cf5f8f8590e336b808a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 782dbb81d062910311bee2a8c75042cc |
| SHA1 | c6a33a6e1896a13fa2644f80c2cb870cf85d2385 |
| SHA256 | e3aa1a87862505de5fd93895133d32221f78e762c63fb12e0ebc8649adb19dee |
| SHA512 | b1a3702b1fbbc89901b0b50bc4834df83dc767e06359d33e9ddb8607b07295d1fbd980eaeb9d042383242eec4b417c79e6d55a6d89ccf8aa6ad7356bd75b63a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57de1b.TMP
| MD5 | 9d9cf8c7ba5a0b894c59b8e9da75ba20 |
| SHA1 | db008ece051678ee09b4ee1196c2493a101c3fd7 |
| SHA256 | 012ba7d96f921d6fd99692a64bc9e7809060883630b2b22153c9691714ed7bd4 |
| SHA512 | 3a318ba52ab79e5c0e40c548e45a1dd055b6deca7602716c91261fd3a5dc6be145db5116aa84dea9946b3769c0b4f6e761f45893321618e8caf01c3f539ff854 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 14:28
Reported
2024-06-23 14:35
Platform
win11-20240508-en
Max time kernel
383s
Max time network
376s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\coreglobconfig.dll | C:\Windows\system32\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636265237967336" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bonzi.link
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdaa08ab58,0x7ffdaa08ab68,0x7ffdaa08ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5052 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4344 --field-trial-handle=1768,i,11845023916693669097,15735082995933443700,131072 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\icacls.exe
icacls C:WindowsSystem32
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\*
C:\Windows\system32\takeown.exe
takeown C:\Windows\System32
C:\Windows\system32\takeown.exe
takeown /?
C:\Windows\system32\takeown.exe
takeown C:\Windows\System32\*
C:\Windows\system32\takeown.exe
takeown /f takeown C:\Windows\System32
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\
C:\Windows\system32\icacls.exe
icacls /f C:\Windows\System32\
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| GB | 184.25.204.17:443 | tcp | |
| GB | 184.25.204.17:443 | tcp | |
| GB | 184.25.204.17:443 | tcp | |
| GB | 184.25.204.17:443 | tcp | |
| GB | 184.25.204.51:443 | tcp | |
| GB | 184.25.204.51:443 | tcp | |
| GB | 184.25.204.51:443 | tcp | |
| GB | 184.25.204.51:443 | tcp | |
| GB | 184.25.204.51:443 | tcp | |
| GB | 184.25.204.8:443 | tcp | |
| GB | 184.25.204.8:443 | tcp | |
| GB | 184.25.204.8:443 | tcp | |
| GB | 184.25.204.8:443 | tcp | |
| GB | 184.25.204.8:443 | tcp | |
| GB | 184.25.204.8:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| GB | 184.25.204.50:443 | tcp | |
| GB | 184.25.204.50:443 | tcp | |
| GB | 184.25.204.50:443 | tcp | |
| GB | 184.25.204.50:443 | tcp | |
| GB | 184.25.204.50:443 | tcp | |
| GB | 184.25.204.50:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
Files
\??\pipe\crashpad_2148_VYBCAOINLLBOJYED
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7c2632b47ce04e9c245487e35d4b75d3 |
| SHA1 | 6f8630ee5878145cf793e7d23dace19a421026ad |
| SHA256 | 4fec6504531c4b0e0033ee0ff3507becaadefef4fa69f3ab42fa7e1a417290eb |
| SHA512 | 06e2f7f031a39b980ee3afefa9e7a9f5939486676a29ba420eaf8154b192c4ea05cefe325c54eeb0bb944043b7bc01cb94c70865d264fd5377e44221e3e49978 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d83ff6204066dedcc975acd6b7ab5d02 |
| SHA1 | b7d5f08487b1cea8e4353d58045da5bd97030ab0 |
| SHA256 | 96b81c66689a7a6b669f13d443ea482633772fcaec77adb0de84e7d96c424de7 |
| SHA512 | b19707c5b0fc4b5a1791930f5e5d1711760f1d9f19c8a5f2330b2422edd3e023580c9ffad290807973ee620b0734f4643010f65d58400f648ec6774d927beb95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5f419a1cd06164140de11ffb89800602 |
| SHA1 | 3348df9bfa698da9f5f1d60ee959b59815db1f90 |
| SHA256 | cfa60fda8d236227f848ba15a0dc978dc96595dafa51690a387d7d0062862db4 |
| SHA512 | c9f59834984655924c62417cfeef38cd77599e599dd420f3d76997e28d9b33e39b59e518d1269e07ac92bc03968d38bd7607bf0b873553a877c8197a9b8c6b88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e1b5c26348ff4f7eb359f7d9c0f9134 |
| SHA1 | 4909c6c07a0f4ba3222e1bb2b94436140bd00e48 |
| SHA256 | 2c82f7e51fced4fa327ae9de227b4421df45023e3e2caf6546d14134fc286cac |
| SHA512 | 0aa122ae5620ab2cc664c0ec0f931ba3b21f5427eca7807fbe87bcb237ce23894046fd585bcc177408bc21906e34a5b006da3dadbe0dc0f2c37a660c0ccabfb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4c6a15aea8a8b3dcf4c25e16a8c9df88 |
| SHA1 | 4ecf483bbeafd90574423ba2a5f9a2b963c3e8bf |
| SHA256 | 4b366963fb342b27bc98b16018e5fe0851f10056d74a11869377926d159e0d0b |
| SHA512 | 93eb571cfc653fe978879885e032724638410e4a7624af770ef6c057ef108926d6014ccf4de360b41c76c03581516dadc48cffd468e2712da2f1196fa8e6d573 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 18b342b20984ae19400a6bade8a8c10c |
| SHA1 | a4541abfdb9d7f3565fea4f29c6cc966ef058d13 |
| SHA256 | 99d889ec0b131c23a14f352f92690cd6b7fd64940981159ff0babc40483a5012 |
| SHA512 | 3947a0d7a037fe64648b3fe2b4a8bead55333283507d826edf278354339f43d8298850de9aaed20d576f9a8c9afcbf635f280edcb56647bb0af9ce749bccec4e |
memory/4492-124-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-126-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-125-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-130-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-136-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-135-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-134-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-133-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-132-0x0000027602710000-0x0000027602711000-memory.dmp
memory/4492-131-0x0000027602710000-0x0000027602711000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | a71ab244d565671f741686cb2c5ed11b |
| SHA1 | b6e766a85f1f878d512f752df2dd4873971755e2 |
| SHA256 | 06a5716962f3b50a8aa3acd30e33d6c75664465c3d795196ad6dce5e33a80faa |
| SHA512 | 0826c8e52b0f5dbcbda745f06390fd59ce9eee8e0e845cdb007f4a97b19065f2544ca63226b34d361adf9e1cf26644672abfe5dcfd75651cd2aeb1ae27f16f84 |