Overview
overview
7Static
static
3SolaraBETA...6x.svg
windows10-2004-x64
1SolaraBETA...6x.svg
windows10-2004-x64
5SolaraBETA...in.css
windows10-2004-x64
7SolaraBETA...te.svg
windows10-2004-x64
5SolaraBETA/README.txt
windows10-2004-x64
1SolaraBETA...rprint
windows10-2004-x64
3SolaraBETA...t.json
windows10-2004-x64
3SolaraBETA...s.json
windows10-2004-x64
3SolaraBETA...re.pma
windows10-2004-x64
3SolaraBETA...rl-set
windows10-2004-x64
1SolaraBETA...rprint
windows10-2004-x64
3SolaraBETA...t.json
windows10-2004-x64
3SolaraBETA...gs.dat
windows10-2004-x64
3SolaraBETA...re.dat
windows10-2004-x64
3SolaraBETA...SQLite
windows10-2004-x64
1SolaraBETA...data_0
windows10-2004-x64
1SolaraBETA...data_1
windows10-2004-x64
1SolaraBETA...data_2
windows10-2004-x64
1SolaraBETA...data_3
windows10-2004-x64
1SolaraBETA.../index
windows10-2004-x64
1SolaraBETA.../index
windows10-2004-x64
1SolaraBETA...-index
windows10-2004-x64
1SolaraBETA.../index
windows10-2004-x64
1SolaraBETA...-index
windows10-2004-x64
1SolaraBETA...t/DIPS
windows10-2004-x64
1SolaraBETA...data_0
windows10-2004-x64
1SolaraBETA...data_1
windows10-2004-x64
1SolaraBETA...data_2
windows10-2004-x64
1SolaraBETA...data_3
windows10-2004-x64
1SolaraBETA.../index
windows10-2004-x64
1SolaraBETA...data_0
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 17:25
Static task
static1
Behavioral task
behavioral1
Sample
SolaraBETA/Monaco/vs/editor/contrib/suggest/media/string_16x.svg
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
SolaraBETA/Monaco/vs/editor/contrib/suggest/media/string_inverse_16x.svg
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
SolaraBETA/Monaco/vs/editor/editor.main.css
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
SolaraBETA/Monaco/vs/editor/standalone/browser/quickopen/symbol-sprite.svg
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
SolaraBETA/README.txt
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Crashpad/settings.dat
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Crashpad/throttle_store.dat
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/AssistanceHome/AssistanceHomeSQLite
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_0
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_1
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_2
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_3
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Cache/Cache_Data/index
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Code Cache/js/index
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Code Cache/js/index-dir/the-real-index
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Code Cache/wasm/index
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/Code Cache/wasm/index-dir/the-real-index
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DIPS
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DawnGraphiteCache/data_0
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DawnGraphiteCache/data_1
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DawnGraphiteCache/data_2
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DawnGraphiteCache/data_3
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DawnGraphiteCache/index
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
SolaraBETA/Solara.exe.WebView2/EBWebView/Default/DawnWebGPUCache/data_0
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
SolaraBETA/Monaco/vs/editor/standalone/browser/quickopen/symbol-sprite.svg
-
Size
20KB
-
MD5
649fb0a55b0e0fc9d79e6b7872a14c10
-
SHA1
b33619c9dfd65d3f2e5a5fcb767a752123d51607
-
SHA256
fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
-
SHA512
3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
-
SSDEEP
384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589715695066972" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3124 chrome.exe 3124 chrome.exe 3488 chrome.exe 3488 chrome.exe 3488 chrome.exe 3488 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3124 chrome.exe 3124 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3124 wrote to memory of 1564 3124 chrome.exe 85 PID 3124 wrote to memory of 1564 3124 chrome.exe 85 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2376 3124 chrome.exe 86 PID 3124 wrote to memory of 2740 3124 chrome.exe 87 PID 3124 wrote to memory of 2740 3124 chrome.exe 87 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88 PID 3124 wrote to memory of 2828 3124 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\SolaraBETA\Monaco\vs\editor\standalone\browser\quickopen\symbol-sprite.svg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbdde1cc40,0x7ffbdde1cc4c,0x7ffbdde1cc582⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2436 /prefetch:32⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2428 /prefetch:82⤵PID:2828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:2392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4376,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:82⤵PID:1636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,4693036831871547764,16604037635039706824,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1044 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3488
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2972
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5feedca29bb4e8daac9a344fcefa502ef
SHA167b04b1ae0949cd06402de89d9cb0d8f6e8036d5
SHA256c860bbf188156b39e4f349ea577b21ea0a8f2100775e3b08d60b618e4cd40d16
SHA512da645a117b95067dafffba46c4d0632bdacfe964d9d6f002efabe7c303a438fd4fcddd9c12495d5d77568f79bae38195cd5af5002af4b40dad7ece410269a1bb
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD56c117442f168d7b22948939c5763ba7b
SHA1d6dba61c0f605abd0ca181ab2174c0aed3d87e5a
SHA25638d88bc4a6b73dd3a13b3b9892a0cafd8fce527b8af89d536723922edc5ff571
SHA512070bbd467d7eee319280f3cc13c2f400f6f6193dbbbd35288140a54774a5d6fe7676a3593cd105be2f90ddf72d869dc88b1732525a36601c9413d8aa942c221a
-
Filesize
8KB
MD5a48e14681b21edde9937b0b1492e5f59
SHA1da3c0b0bca0dda6efd5c13242ae2d81d6904bb96
SHA256e1ed0b257265ae5c0bab03a37eefbcc68d9c615382522054c5dad677242e6564
SHA5129fd130bc3fa90b4ad8113657001160ad7f878c21ce4ef4b7780c3c0d1373cac4931223a66afc0d0db9b116a737f3f66f77cf4c78303cd2463d3c2f37877b84a3
-
Filesize
9KB
MD5a7884c0b3dd24939b38270efe6264f64
SHA1673c26697a99ebcd23049fbbd90390a9c6b63f62
SHA2565a424db0c277c9b3f2f2e9a873620e78332c274498d6c9aaedf96c1fa0c81719
SHA512724d5180cba79c30a60e25dbaa432d4bb20f2cc416acadaa39c699802d8f1d42892eefdfa289e7f21b95997134dff1360e1bb06109b07b5b161fe8175af1e8ef
-
Filesize
9KB
MD58e248b53892793a33e0156f3ff0db8df
SHA136ad108b76853155c7d9d1c4a71a406578edc934
SHA25619da4cfdbb7a94e1b78d1dcce18867f46fe462c95ca9d1bffc4bc00c43ca4f68
SHA5123cd19581b322441aad8797a5422a8c89eb40b80a48481f28862ab44293dce3f1a0287979d0f442eb14d3d0aae4cd3208175018e16ecffcbb3391981348eb5db7
-
Filesize
9KB
MD515b6efa2d4dd6d99ed6904fee9a7843a
SHA130acf6b20d35adc4541e8d46419461793e0b220e
SHA256ce24bfef269bd2c7c5168fff9d14db064619194478be10234b5da29fbf5568cc
SHA512322bde65325ea4e77f975133c5caa6fbce1c8952e57746f0c0bb17befb1b2b8a6839c02fb2a05998202cf358db4a91cb08c24ba177e560aa0a1036df8731db41
-
Filesize
9KB
MD581c4ffd349b8b3c427764ece391d588f
SHA1d5ea3fb27da1cab4e45466cc9e51a4a1b5bd9a33
SHA256f1d104120b8f1a70e6d21528a3c797c558ba9ea4e0a0cab62abe25881829e13d
SHA51289925cac8bf3a54fb83f40633f3c82feaa6a361430199fba1b42053ca414c91e8111f531a4eee8c1be7c2a772e156a15ff149cafa17420307e7739614a1540ab
-
Filesize
8KB
MD59e6238e106541cbc3cbecb018b4266d9
SHA17cf0248cfe38bbab63361dbaa7e7a365cc5b9aa2
SHA256f2136e8b5b2c9c1f9a40a825f21dd68f9d1586083852b3aceb5917eda7d48284
SHA512d3f8064c44ba8015c77a4835f77b1ed2efca46f0a5945fdf130025cd6d2edb8174c1f3c0829729163416fcef8397fb9f5ef4b5df5bd8ea6f0e4e6759c2f290f3
-
Filesize
77KB
MD542b50bc3cf5cc6975d884002dcb30181
SHA1b04d288c96f06b577f869f758f56f60da535ecf1
SHA25644576a672bf08d802dbf539faf51346bf83b59ca95a42578ac59d02c27c73dc5
SHA5127983ce2e58a1b16e28d34ab6cf72b22d33062b8ebee35efa66239ec3887bc618fa24257ba509bea19e2fffe1a1cdcaac79c2eb58d2c15c5e7aa5ec0563490a8e
-
Filesize
77KB
MD5c53c928e530858c44bec4f85c7d75794
SHA13aab56e47bc7309fde7173f9b95de8605994b60e
SHA25652624706c02776268a998d5a2ea1262fe77c96128d3f7d11cc4df1c93b57eb23
SHA512e79327739bfb028c0ea2dfe807b538f0db02dc4259b5c5cab270c6e45cec9ef93395fd7d12a21e39e04da73838923dad268113c704a0cb6951ea7402b2599526