Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7SolaraBETA...DME.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...DME.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...dme.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...DME.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...DME.js
windows11-21h2-x64
3SolaraBETA...onf.js
windows11-21h2-x64
3SolaraBETA...ode.js
windows11-21h2-x64
3SolaraBETA...ser.js
windows11-21h2-x64
3SolaraBETA...bug.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...log.js
windows11-21h2-x64
3SolaraBETA...ode.js
windows11-21h2-x64
3SolaraBETA...DME.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...val.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...nge.js
windows11-21h2-x64
3SolaraBETA...tax.js
windows11-21h2-x64
3SolaraBETA...ype.js
windows11-21h2-x64
3SolaraBETA...uri.js
windows11-21h2-x64
3SolaraBETA...dme.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...DME.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...dex.js
windows11-21h2-x64
3SolaraBETA...ion.js
windows11-21h2-x64
3SolaraBETA...ess.js
windows11-21h2-x64
3Analysis
-
max time kernel
299s -
max time network
282s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/05/2024, 10:13
Behavioral task
behavioral1
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/content-disposition/README.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/content-disposition/index.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/content-type/README.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/content-type/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/cookie-signature/Readme.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/cookie-signature/index.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/cookie/README.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/cookie/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/README.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/karma.conf.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/node.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/src/browser.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/src/debug.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/src/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/src/inspector-log.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/debug/src/node.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/define-data-property/README.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-define-property/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-define-property/test/index.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-errors/eval.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-errors/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-errors/range.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-errors/syntax.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-errors/type.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/es-errors/uri.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/escape-html/Readme.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/escape-html/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/etag/README.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/etag/index.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/express/index.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/express/lib/application.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
SolaraBETA3/Monaco/fileaccess/node_modules/express/lib/express.js
Resource
win11-20240426-en
windows11-21h2-x64
General
-
Target
SolaraBETA3/Monaco/fileaccess/node_modules/content-disposition/index.js
-
Size
10KB
-
MD5
43a307ff7de26dbec523ec966c434f94
-
SHA1
ed7f187b72a7b1f81d113bad5aa9347c242120d5
-
SHA256
e86a88a5d1a9dd74faa753ca4e47a78e38ae930f3206e5e887cf6cb0ad70cbf8
-
SHA512
79c073d3f0dea6c1606029b9a476cdce30ebbfb7b6ca95935a2e3f2cc97e70f3f00dbe8b7067beea78dae120f4941e60a7aa26592cff18e5cdf56f335127092d
-
SSDEEP
192:NnPSCe5ZBHNVzX1t6/khk3bnEm+4qcVupDAGJvyAJK:NnPSD5ZBttXbMqenircgDAwrK
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599824759920770" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 3580 chrome.exe 3580 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe Token: SeShutdownPrivilege 4836 chrome.exe Token: SeCreatePagefilePrivilege 4836 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4836 wrote to memory of 2384 4836 chrome.exe 85 PID 4836 wrote to memory of 2384 4836 chrome.exe 85 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 3208 4836 chrome.exe 86 PID 4836 wrote to memory of 4792 4836 chrome.exe 87 PID 4836 wrote to memory of 4792 4836 chrome.exe 87 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88 PID 4836 wrote to memory of 2576 4836 chrome.exe 88
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\SolaraBETA3\Monaco\fileaccess\node_modules\content-disposition\index.js1⤵PID:3876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96215ab58,0x7ff96215ab68,0x7ff96215ab782⤵PID:2384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:22⤵PID:3208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:4792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:12⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:12⤵PID:768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3828 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:12⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:5104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:1912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:82⤵PID:2060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4536 --field-trial-handle=1860,i,2961799602976791787,5362058908987887838,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3580
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4200
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD574bf29dac7ef76549168ff700d19c39c
SHA1da45e8c3b62abb83f1a0ed8206e264c98f28c187
SHA256bbbe1930ab194b0e817ec2a42626cf6950d53e6349af5b6bbc6957757a01dbd8
SHA512149a6d4aad0c7ba5988f1db30d29bb57068820853072ac646ad143eb95e5c674f290259951bcaab04053649aff9ad47e86fad0d6f747efe319504ad675e41d22
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5f97bf0cd2a5c40619aede37dcf3ac04c
SHA1e0cdbb515dfd2f122db7e3a91babbdcb99be9999
SHA25620bf7dc5434108be39d9fcc8f0222a882d4a395ecfa6e9ec414be3f104339ca6
SHA512ef63c1f5dbfb27eacd477a6ffd7593ce70d5703ade7ad9209bc5d635d6f66f49c2745969257782bb572ce0ca13e713f85f4616d087a8f7da0cc9dff912dd5ff8
-
Filesize
6KB
MD56bed4d0d82fdcc09292850c3af1dbc3d
SHA16b52d6b2efd5d2bd9b1662a0139d7f728757ef53
SHA25663d4d340094f3de4ec62f37f7dd50d0e6bc2be90f00b0d4adfca892419e8e629
SHA512e5ba86ba577f1db92e21eca413cfc8dbe158a545948c5c6fb4491cc277ebb3ee7bd75ff4bd7e2395b0f22c8cf8449cd8fa7eb9b6c83596b21139063109b64281
-
Filesize
16KB
MD5d3ab598419ac37ab461736af1396cad2
SHA168d61f9fa3fac52fc2cb4c3dfb1d7e1b269cf30e
SHA2563961518a34b695f2a9a05c7417c7e91e575953c857ce8c52290bf8750e99234b
SHA512388ada0759cd8bacb78f18bb3f3c99bcfc8b46700b886f96a455053a904d8fb28df712c43140d5b56cfb133f481836f50f1c700068198981fcce748bcc83d711
-
Filesize
256KB
MD51dd5d4311ea0a22e6d5ff09ebee02c14
SHA1edba481b3fbd092c9b487ab77706a6348f83e010
SHA2565e35b531bb9a6bd89190bf3383769d0fefcfd7f59510e1dc54a215f1d1036dd6
SHA512a7517390d9fb40c1dfaf7523f8e892b60be93cd9d8dc976f669fc563578bfa5a687d0232ae00e2fc86240d4d868fd1afb400c03fed33a1f4ceb1a79945dab2f9