02-27-2024 03:34 PM
Hello Community
Through Query Center, strange traffic behavior towards different IPs will be detected (Through a third-party firewall, computers trying to reach those IP addresses are quarantined)
Generating a query to find out which computers are trying to reach those IPs, the following remote connection is detected in the actor_process_command_line:
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en --service-sandbox-type=none - -mojo-platform-channel-handle=2720 --field-trial-handle=2528,i,7347107580992436587,426009518194727917,131072 /prefetch:8
It is suspected that this connection may be a threat,
There is the possibility of validating if the command line was executed by an extension or DLL through a Query search?
Thank you for your support.
03-14-2024 02:17 AM
Hello @GiovanniO ,
Thanks for reaching out on LiveCommunity!
Did you get the chance the check the same in Causality View.
If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
%205.32.25%E2%80%AFp.m..png){kind=link}