Overview
overview
7Static
static
7Solara/Mic...re.dll
windows10-1703-x64
1Solara/Mic...ms.dll
windows10-1703-x64
1Solara/Mic...pf.dll
windows10-1703-x64
1Solara/Mon...d.html
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...ten.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...ead.js
windows10-1703-x64
3Solara/Mon...son.js
windows10-1703-x64
3Solara/Mon...raw.js
windows10-1703-x64
3Solara/Mon...ext.js
windows10-1703-x64
3Solara/Mon...ded.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...ams.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dec.js
windows10-1703-x64
3Solara/Mon...ata.js
windows10-1703-x64
3Solara/Mon...nal.js
windows10-1703-x64
3Solara/Mon...ted.js
windows10-1703-x64
3Solara/Mon...f16.js
windows10-1703-x64
3Solara/Mon...ing.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...its.js
windows10-1703-x64
3Solara/Mon...ddr.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...dex.js
windows10-1703-x64
3Solara/Mon...ime.js
windows10-1703-x64
3Analysis
-
max time kernel
1199s -
max time network
1086s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
07/09/2024, 10:49
Behavioral task
behavioral1
Sample
Solara/Microsoft.Web.WebView2.Core.dll
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Solara/Microsoft.Web.WebView2.WinForms.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
Solara/Microsoft.Web.WebView2.Wpf.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
Solara/Monaco/combined.html
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
Solara/Monaco/fileaccess/index.js
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
Solara/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
Solara/Monaco/fileaccess/node_modules/array-flatten/array-flatten.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
Solara/Monaco/fileaccess/node_modules/body-parser/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
Solara/Monaco/fileaccess/node_modules/body-parser/lib/read.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/json.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/raw.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/text.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
Solara/Monaco/fileaccess/node_modules/body-parser/lib/types/urlencoded.js
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
Solara/Monaco/fileaccess/node_modules/has-symbols/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
Solara/Monaco/fileaccess/node_modules/has-symbols/shams.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
Solara/Monaco/fileaccess/node_modules/hasown/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
Solara/Monaco/fileaccess/node_modules/http-errors/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/dbcs-codec.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/dbcs-data.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/internal.js
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/sbcs-data-generated.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/encodings/utf16.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/lib/bom-handling.js
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral24
Sample
Solara/Monaco/fileaccess/node_modules/iconv-lite/lib/index.js
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral25
Sample
Solara/Monaco/fileaccess/node_modules/inherits/inherits.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral26
Sample
Solara/Monaco/fileaccess/node_modules/ipaddr.js/lib/ipaddr.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
Solara/Monaco/fileaccess/node_modules/media-typer/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral28
Sample
Solara/Monaco/fileaccess/node_modules/merge-descriptors/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral29
Sample
Solara/Monaco/fileaccess/node_modules/methods/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral30
Sample
Solara/Monaco/fileaccess/node_modules/mime-db/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral31
Sample
Solara/Monaco/fileaccess/node_modules/mime-types/index.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral32
Sample
Solara/Monaco/fileaccess/node_modules/mime/mime.js
Resource
win10-20240404-en
windows10-1703-x64
General
-
Target
Solara/Monaco/combined.html
-
Size
21KB
-
MD5
13627e7abbbd98cbc93cbb6e3773badb
-
SHA1
bae2a64695e4f5dcba3b0bb8f56b705e1b779333
-
SHA256
ab8b42d023144b0f4737522ad073c59d07f8a2db3cdb26b7927b9ac1216d74c6
-
SHA512
8e93c82c3b6cdb85bb41d509595fc9fd0b55019ec82efedcccef8e0543b2f700648386b06289a0ace338766a028bc0672b6bde6d2f0bf81965c655fc96cd8a51
-
SSDEEP
384:tETLSQmfElKNihTQRA5Lm0Otk4PVid4s1thbVBJj1BX+BILnoamLR7:yoihTmh8dLthbVBJ3OyboamLR7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701798114368726" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe 2276 chrome.exe 2276 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1128 wrote to memory of 4300 1128 chrome.exe 74 PID 1128 wrote to memory of 4300 1128 chrome.exe 74 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4560 1128 chrome.exe 76 PID 1128 wrote to memory of 4724 1128 chrome.exe 77 PID 1128 wrote to memory of 4724 1128 chrome.exe 77 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78 PID 1128 wrote to memory of 3876 1128 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Solara\Monaco\combined.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d7bc9758,0x7ff8d7bc9768,0x7ff8d7bc97782⤵PID:4300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:22⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:82⤵PID:4724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:82⤵PID:3876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:12⤵PID:164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:12⤵PID:4636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:82⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:82⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4500 --field-trial-handle=1744,i,8266143469669785535,671539007313270411,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57d7a66e2b70dd0a490a7009d994dce90
SHA16efda2d6d7e4beae814255e994fa4fbadeeceab6
SHA256c562d1a4927094d9a149fc85a65165188cb91b1606895838b551b807a871d1d9
SHA512d300b029127aaaa5ac239bf41c536ef1ed6fa374a28443232db64747573f7212d203bb0e07aa0ce9fc16e27f44c109e4f9e7ed703109f96b9aef4e05e39b8dec
-
Filesize
876B
MD523ff4906beb46ee50708f1a577f20330
SHA15219250a360f7dd32a0d96830f38938c44b28d2b
SHA256a7de27b4e4317554473be1144d2d7c669f4190d06d5eacaf52b2febdf6f31838
SHA512257bb3bb6f8865aec634920ac707e78bc3afba5bec5159668424d4a8319b5a3b3c384dd9dc5f87e0ebbe16ae07f48f42094195dcf3274ee9e80355bbcd6090be
-
Filesize
562B
MD52f251b7ce5bbb86bc5deb87023c5881c
SHA185e6b52372cbbd7e7c0d79bbb2daedb2d909e8b0
SHA256f6ec2dadd8814fdc3a978f810f966309d48d1a7a18f273e75f2e877058b5b336
SHA51291c014a98dda56db045314e2b78338d64c110c1a2fd4eed178586de2a414668cb47ca0182d6164dd69c896242d25a83f6a7a9601be67e6cb20ea12b15a0b04dd
-
Filesize
536B
MD5a855e8e2edb7872b0309f448bade0169
SHA14038aa7d9c540144e6f8f6816a2c319af8eb6c11
SHA2569350dccca2024779b1b07f7d4191269d29e887ad41fa7077b8dfb8ad705fd455
SHA5128aea795a9209ee252c6538ef14cc5bd83c0f836932eed3996edc949e682570890d631553acbeca616891393be9096317c7e70465675765f8738b67962a5b9edd
-
Filesize
5KB
MD52180d415b62e568135a4af79b706c995
SHA19c2f770064a5b0f52f2b37c08b7591bdd84f2850
SHA25610ea0edc9c630fe5ede569015c2f0225b484ca7229f93f93e5c9ecbc4ed59589
SHA512faba67865904ad5035c8c390dc381a68e202aeb4f652685f398596d1501f53d82925ff827291527749fcfe2379f8b1e71943f2f93ae42caf7d3db4918caf0000
-
Filesize
5KB
MD56c869acd2b59ea87fb17bc16c0902db5
SHA1150f6004a99419128b6e7de487416b2269a595f7
SHA2567205bc4d7d038a8f81558f60197fd588619fdc9bd4e43af386c3d7da114053eb
SHA5121dcc9c24903b2a8227a009dfc190698dee991b04cc68784ef0fe551fa7a0cab95b202188255aa6d8039811833172942ac9da9a467d08dcf899a33601b49c4c3e
-
Filesize
5KB
MD50f6860fb6383c5f783b31c5f347c0828
SHA1fecd63d64f9465b3e27d158f1ebfc2f47823363a
SHA256f320571be5f30691c48a464fbfb5a20ae639c8685120621af6628b7de0edecc1
SHA512cef480f7d9b035be7663ce6ba65d9002f151b3242e225fa4f6566db9819d1c7e38506841142ac2b68b1567efe3441c6d71a6a46e0426ea38d670454277d84868
-
Filesize
5KB
MD5db4a32a14459b988640c3a286ebd8f54
SHA137d1b999bc84e199df1ccbaee65920efe1123b17
SHA25665ddfd1f1e8f49a45dd765694f5884282c471e23832abf778c8d811e31089a18
SHA5127f348515ad515a22f02385a545ee4b9ce0208bff070b0f3c879275d0822d5b42d13e61e1862bc916ca892907bea038b59dcd9f77999371755ee23eb4683d7e88
-
Filesize
136KB
MD547cbd8f44deac5c0295b2b66e13af2ae
SHA1274284434ef37c19f777b314ce9f7fd4ff207c0d
SHA256439836a35f57d117f5aa5bcbf8df6d38801a4283be533d5de903bcbdbe9d300d
SHA512367b1c8664650123d658970b6eb4e639eb270ca8b1e8f92c07142ca723cabbfcfb6b425e1de2cf9def8855fc2b5bc5034b7ecbda19f7822c41312a7635fc3758
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd