Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Nurik/Crac...er.exe
windows10-2004-x64
5Nurik/clie...36.ps1
windows10-2004-x64
1Nurik/clie...4e.ps1
windows10-2004-x64
1Nurik/clie...28.jar
windows10-2004-x64
7Nurik/clie...17.jar
windows10-2004-x64
7Nurik/clie....0.jar
windows10-2004-x64
7Nurik/clie...10.jar
windows10-2004-x64
7Nurik/clie....1.jar
windows10-2004-x64
7Nurik/clie....5.jar
windows10-2004-x64
7Nurik/clie....5.jar
windows10-2004-x64
7Nurik/clie....3.jar
windows10-2004-x64
7Nurik/clie...26.jar
windows10-2004-x64
7Nurik/clie...pc.jar
windows10-2004-x64
7Nurik/clie....9.jar
windows10-2004-x64
7Nurik/clie....1.jar
windows10-2004-x64
7Nurik/clie....0.jar
windows10-2004-x64
7Nurik/clie....0.jar
windows10-2004-x64
7Nurik/clie....3.jar
windows10-2004-x64
7Nurik/clie....2.jar
windows10-2004-x64
7Nurik/clie....1.jar
windows10-2004-x64
7Nurik/clie...22.jar
windows10-2004-x64
7Nurik/jdk/...vm.dll
windows10-2004-x64
1Nurik/jdk/...en.dll
windows10-2004-x64
1Nurik/jdk/...ge.dll
windows10-2004-x64
1Nurik/jdk/...pi.dll
windows10-2004-x64
1Nurik/jdk/...se.dll
windows10-2004-x64
1Nurik/jdk/...40.dll
windows10-2004-x64
1Nurik/jdk/..._1.dll
windows10-2004-x64
1Nurik/jdk/...fy.dll
windows10-2004-x64
1Nurik/jdk/...th.dll
windows10-2004-x64
1Nurik/jdk/...64.dll
windows10-2004-x64
1Nurik/jdk/bin/zip.dll
windows10-2004-x64
1Analysis
-
max time kernel
600s -
max time network
619s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 15:08
Static task
static1
Behavioral task
behavioral1
Sample
Nurik/CrackLauncher.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
Nurik/client_1_16_5/assets/objects/90/90046a9705756370acd9a00502aab5785a2c2136.ps1
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Nurik/client_1_16_5/assets/objects/c3/c3cd0db760c980287b26ef9c0894f66c4250724e.ps1
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
Nurik/client_1_16_5/libraries/authlib-2.1.28.jar
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Nurik/client_1_16_5/libraries/brigadier-1.0.17.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
Nurik/client_1_16_5/libraries/ca-fixer-1.0.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Nurik/client_1_16_5/libraries/commons-codec-1.10.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
Nurik/client_1_16_5/libraries/commons-compress-1.8.1.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Nurik/client_1_16_5/libraries/commons-io-2.5.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
Nurik/client_1_16_5/libraries/commons-lang3-3.5.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Nurik/client_1_16_5/libraries/commons-logging-1.1.3.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Nurik/client_1_16_5/libraries/datafixerupper-4.0.26.jar
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Nurik/client_1_16_5/libraries/discord-rpc.jar
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Nurik/client_1_16_5/libraries/fastutil-8.5.9.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Nurik/client_1_16_5/libraries/gson-2.10.1.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Nurik/client_1_16_5/libraries/gson-2.8.0.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Nurik/client_1_16_5/libraries/guava-21.0.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Nurik/client_1_16_5/libraries/httpclient-4.3.3.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Nurik/client_1_16_5/libraries/httpcore-4.3.2.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Nurik/client_1_16_5/libraries/icu4j-66.1.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Nurik/client_1_16_5/libraries/javabridge-1.0.22.jar
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Nurik/jdk/bin/server/jvm.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Nurik/jdk/bin/splashscreen.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Nurik/jdk/bin/sspi_bridge.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Nurik/jdk/bin/sunmscapi.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Nurik/jdk/bin/ucrtbase.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Nurik/jdk/bin/vcruntime140.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
Nurik/jdk/bin/vcruntime140_1.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Nurik/jdk/bin/verify.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
Nurik/jdk/bin/w2k_lsa_auth.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Nurik/jdk/bin/windowsaccessbridge-64.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
Nurik/jdk/bin/zip.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
Nurik/client_1_16_5/libraries/commons-lang3-3.5.jar
-
Size
468KB
-
MD5
780b5a8b72eebe6d0dbff1c11b5658fa
-
SHA1
6c6c702c89bfff3cd9e80b04d668c5e190d588c6
-
SHA256
8ac96fc686512d777fca85e144f196cd7cfe0c0aec23127229497d1a38ff651c
-
SHA512
9e6ff20e891b6835d5926c90f237d55931e75723c8b88d6417926393e077e71013dab006372d34a6b5801e6ca3ce080a00f202cba700cab5aabfc17bbbdcab36
-
SSDEEP
12288:RXWoN+vjrk1GDSZSYPv46XEfJtBaR7QDbC2:RXj0vk1qASSzs22
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 5072 icacls.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578413431123359" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1136 wrote to memory of 5072 1136 java.exe 88 PID 1136 wrote to memory of 5072 1136 java.exe 88 PID 2520 wrote to memory of 3000 2520 chrome.exe 98 PID 2520 wrote to memory of 3000 2520 chrome.exe 98 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 376 2520 chrome.exe 99 PID 2520 wrote to memory of 632 2520 chrome.exe 100 PID 2520 wrote to memory of 632 2520 chrome.exe 100 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101 PID 2520 wrote to memory of 224 2520 chrome.exe 101
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Nurik\client_1_16_5\libraries\commons-lang3-3.5.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb4b62ab58,0x7ffb4b62ab68,0x7ffb4b62ab782⤵PID:3000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:22⤵PID:376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:12⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:12⤵PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:12⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4108 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:4044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:1736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1912,i,11859353254999073254,8922229971364239490,131072 /prefetch:82⤵PID:1420
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4448
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5610a7315e81856da164342815a77b1cb
SHA134e507cba17182918b9aee19e6330a812dab9cd3
SHA256a0f084ad4d3b19c972dc62f9b99b0f3dd666bcd41fe81f1ec62c0c528719aa7f
SHA512dc5174c952705420aa764295ebbae426463783ebc412d8a68cbc1f03eb2b7caa0a1be726dd68cd678bdcd477eb004f9acaabad966eb23971f008f501981624cc
-
Filesize
1KB
MD5cdedc3fe7dbd1c4c41d62813dcb0ac79
SHA146010b77c2a4952180823b9a1671bd5f43a24d80
SHA2562b687adb611427a2e4c513517d3ee742d7ab3fc8e53f42d9336183a312529de2
SHA5128cde88bd7ee8438a31b336e781418903565592055dc70eedddca1f5aef45b2235fc49c39f4ebd2d6e638d42c07431b12740a007f5ef25930b9e05eaf280aa071
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD56e7cd0ce547814c6519333e431276c9e
SHA150762c01c2e81cbb9f398cab61d33e835be3fc9d
SHA2566a8b8854a1c011c43d3efbd219116a61bd8d4384a5e1437910876839ced984d0
SHA5129d3cacc2939fd59df3b22cb399df40c792d29e069c62f9001e7071c96be60e716e0c086ab036559e919149d90aae9b36b4abc5eddb5d947b0ba0942de4f6981d
-
Filesize
6KB
MD52dd19f5ff971256bae4c67791424d96a
SHA199f46db68a155ee79b9b1ed6fef7c735646b82bd
SHA2569df522c3cf0e0c30b88b85ab50ffd69e118bfd9af5591245a074295839dd111b
SHA5120b80197329574525a05443fbcd3309de2ace2315d1b1d31eae42bb5f665a35bade835f5ba4455da8d6678fd4bbb3e3013080b4fe49f528e8fd9fe3fbfc7f53ba
-
Filesize
16KB
MD50371894abe25ef3f244426dec61c26ca
SHA1e8d06ab40ca3f779f16d9e049768c9890e7934a4
SHA25674ad4dc3daed3cb45148bdf47a98ac62d5fd0d592d17f5e000955220bf6c316d
SHA512143270f74ad0ecfdb59a1ae6306dc9bd0030fc0c0c295c76037f299119bb1ff6da1769b11cab662dd19391fa44ad35d8baf7fc62036260b8de1b58f6efa37549
-
Filesize
251KB
MD5deddc70433706f9b5b6a590a5b67a2d1
SHA1adfb85435fd9a287db988a22244c04e3e806d809
SHA25697f2ea3defde48ac4ae2178cf1eaf4a5d185d6526074f993c731a3360316b70d
SHA512795a246ca6e48f84918eab276ff47176a80d359d0bbc5bad8682559b5ad10c37f94a50bc578708e31694cc9b5e0e557ecbfa5579595ba5126799ce9ed7206c75