Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19/07/2024, 14:59
General
-
Target
https://sakpot.com/roblox-nezur-external-executor-v3-updated-version/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
-
Suspicious use of FindShellTrayWindow 44 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sakpot.com/roblox-nezur-external-executor-v3-updated-version/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8f9246f8,0x7ffa8f924708,0x7ffa8f9247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7000 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1968 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5076 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,574029660499532072,14735404315148407768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Nezur_External.zip\Nezur.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Nezur_External.zip\Nezur.exe"1⤵
-
C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"1⤵
-
C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x150 0x5081⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
Filesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
20KB
MD54a2961dddc7ca6732df1c0646aad5129
SHA1ff0b7265d2bef3824709ee3000621aca2d2c8724
SHA25658a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597
SHA51282c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0
-
Filesize
984B
MD52281e905595fb82c3d08f8e8f5d32360
SHA1dfdb1b605a37ab048e8cf6a27c6871fdbc02ee21
SHA256da415306fa14b4c9ed7eb0a44aaad20bdca67b8d1bc406d8b0c9d21fd3549451
SHA5129924f281927ea9c460d359941cd440480b4084d85b9d779d969aa7c6b2e36081b99c87c426e376f400886fc5acdee2e20ac775a62c5fe4673c669bf287a6f287
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
7KB
MD5144ec80df45c4c7fc25c434f4e1f6785
SHA1901f584a24fcc896d188cafbcc95770cbea1f9e4
SHA25696ffb1b4378c3ffd4eb139919f8a8949b8936f37a1567c848f7952e885906c51
SHA512df9e42cc88a3842a5eea0b1d3bc43e3966b175b7ef83eb290d8234f821f0567a1bbf6a9eb9dd5b09a3ca1779d0023bf726d9d43ba5ae109912c4891bf2888a33
-
Filesize
5KB
MD520fe35272eceed1b2b7541466d537c4b
SHA102d88b976be7a6ecb25b87a98ce292d1a363ace5
SHA2566befea7780aa03b3c253c3644fc7b20a23918bc2084cfa2e25bb55ce7213aaca
SHA51293831ea1551b3cb54120ab929f9bc07aa15b7ed3a0a7c4130f37da35c498f65ffc4be1f6ee22d822ff0447911e45fbc2073941e3c43a2678086ad1e309cc1074
-
Filesize
5KB
MD5abb25d5e4b53e893d49884e380f612ea
SHA142514d8b96348c4d7997eb977e905a226fc7d431
SHA25667abcc65e69d78ef57dc1ed926a6f1e17ffb69d7a8a34e53e25dae17505594de
SHA512fa6bd4ce804afad0981326c49a7b857326f5fdbc185a1900a0a6838e398faa302c5a1eb005f773a26464543036cdfcfe04cfb89c4f1a45d29dce98869f7a165a
-
Filesize
11KB
MD5f882245d39618e2baae29d0380a69020
SHA1f3cdd10935756ebd5fe7336bc0cacc6cdd06741f
SHA2560f4bc1b110c540fedd9f03f43d94dc4a3ee6a7235135d768f7bf91733353e464
SHA512406cc0da929dd081e49083c2cca9da3d225a6dddf047b69a7032ac5ca55fe4e974c7f860d385bae327b59c7fc7ee3a7a752e785106e2e6c9c3450c6d0bf5915b
-
Filesize
15KB
MD5a712fe0a0b6384192752054ccb9b5e9f
SHA175328a30c18c214b65d6f16fed9151aef50d010f
SHA256a15c338aa1d373aac24de3887e41cc198f25876ec0b8e0868d89df1cd30e82df
SHA5129595aed782a945209314870a04440d17798763517b17f8a4400301fb4f32a3af89c7c150764687934a06b68aa76faa103960be8679a9f45a42528e3479e323e4
-
Filesize
8KB
MD58dfaf29e4be3276900019c4fc05eb4eb
SHA1d2660f5fc06a116950c4ab9b29b3065b1ffbef40
SHA256bf88e1dc8bef1f922cbf4b4aa1de5bbd78306e7432d7626538bd2e309a303855
SHA5124d3881b0b17b908d1f9d1ca1df25e82df3a70379ca28a7d43bb82260d886e37a7dfad8f861a9d31f1e21074dc2c294a7e3594d5d30caf974770c394e8d2c0952
-
Filesize
11KB
MD5c731187a2f91ceaa683ff2c8f6cfb3ec
SHA174c6c78b68466aee07b1e0af5c85ee1271909e1d
SHA256f606198f654c8940ab1bb9807170a918eff73832cc05e47bee24475158120e17
SHA512c0719fe47247141f5cadb1f9197063b5a5ff4be71f466f4dcbda117528dfe203c3f655cce9ea209e77382bfe842f06b4dda6bce564534a18c4b59efb6e6538fc
-
Filesize
8KB
MD511337e49934731cf87635d7799d8db55
SHA136e7f9eff7d48924cee4a57a73396af927578007
SHA256f6c74ef77b96e518da5a71f482c12224f1266692c7911ba114ed9787756a1d05
SHA512f72e31c9ad8b424d8ec090e5ea4a38163eec6264f12544ae8b237ae9d9112f64d95159852cd9caa5a07b7efeb955ada7674b4ea8cb2e88ee5d7a7e2ed90fadd7
-
Filesize
8KB
MD54ac3d3df84e1afbf257955b40e381670
SHA1e19e45ee77f2e3f1ed1fa7996305665b90513421
SHA256e753cbdcbcdcb022f89d305af15bf268fcfd3de623d6fdd3f264a57b2533d8b0
SHA5125ffb77026e1053edc7d417b362931a726d39855b1bc15fbd065fa81ddb757f0bd7c6ab61c055b7b8fea3ec56e64e31296cf022fd0890ec27e3f9a85aec5f111f
-
Filesize
8KB
MD5b768775e37585703e7adf92f24934d13
SHA1bdd2f8f09ad4bf065acb0276c048cc15e5a134e5
SHA2566277e13c303ec15b9048f7e7ad2f4199dbb5685f954b1a2796b53f3172b7fdd9
SHA512ebacf735e3c2c2c4a40ce88f229cc49b2c49bb07a58f84b03490ffc963f1da70db81ad29b38b7b8ef2aad15bf02415a24d73b9a8a470411effdb11eb40ff017b
-
Filesize
1KB
MD539c930501edf5af9c2ea077b2fd41156
SHA12013ae5bebc045dd8a6a3c4252b26ee77e11efad
SHA256fc1a07a552511c74e9f7b360b7a70028dccd73e44f727bdbd0889c646acdf87d
SHA512821a8b4e6c6a3f096038b59d61fd120d92446e1171d61403696ccb915067bc5b17854fcd3b379b9d6878e0b083a5abb9873bdf60674b6d9b2f92c2a3e2a6ad7b
-
Filesize
3KB
MD56b12bc31c267043dd24869526046a0ed
SHA18ee7cb9040bb18688951ec62269ae4db67d5fd55
SHA25616271393cfec7c48073805d19988db9fb41e2c33d23d40b81b6756707ad9f1f3
SHA512def0a53b842e495365756fa2b5faceb0fd138bc9c487c37e54b89f02bc34d858d577a90f1c1cb962b5bf0f620d075637883099b69c191b01e7e3d54e4512dc3f
-
Filesize
4KB
MD5e584247454888a10cc595f75a4f4f1fe
SHA1846e4f735ebdc8f10f7a2d642926b6210679fcf1
SHA256af91c5b53fa95d867fc66205fbfdb87bfa8fb518f79187dad0895d17ec76e707
SHA51275a9e44e05f7361f2223285c64179e8fd56a5e81ec6b2c20d9d76eaf66f1edcf0b7f172c8a036b6430c39044fc390ec542f4816ffb7a60c7671c1ca92d66764b
-
Filesize
2KB
MD5ec2501b0ae1496dc86adf91da866a94a
SHA1085bae7cd19022f67c86f93b6f260358cef2d74b
SHA2565bcabfd233122dd9f9c6b7331876f535f90bed92a5df9b160023be5ff2be8a6d
SHA512a79fa0ed097d1ebac14e769f1f22cebd93846c3d7f770ffd8dc1aed6b8797e1707983afb5e704af6bf73394997d9d8caa5315ea350db4c2b3c9bbdb5cc94fcf5
-
Filesize
3KB
MD52d8af2a6bf93111d17a75367eb851df0
SHA1ff4e8eef4fa3c34e970014531495204e3b3a4cca
SHA256f42b23f350a2df9661959f3694a21b8ff30faf5271c19aa3984d5b6a0dc8abb2
SHA5129c493635fc34ece018d0b86fe5ea7d32f0a3146f25234b3ac7a1d7d3bf1b05e43c041760fe27240f2af6b183179b9a36b1ceadea32db705425f1282db557229d
-
Filesize
1KB
MD542cc6d1398b74c32cf94a66d67777008
SHA1184e5f7958929c7f9feb4ec879d53014e8d495c7
SHA2563f9005683fb161da3ea9a77139c6448745b16782843060d164ddb942303fb300
SHA512a80147e46a43cbe9e6bd1524f6f0480de3566b255a6879e2ac6091fca9108a2cd4fd32f6352524da48fec82da1e9f28cc274c828ee73254a56429c8763626c05
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
7KB
MD57e75e35075eea128b18ca3e5d70eb75c
SHA179f59b9df39b956aa3e2d8f85f2fa229cef6970a
SHA2569a28418c861845e8499f054fed5e82ea0f90dcd10b41f10d36cf3cd3fa8d5e1c
SHA512081668bc27749b67724340ede4a6dbe1795bcdc1b9b5335fecddc1258db3be78c30d37bd59d1e3ed1fb211dd06eba36ce67d61b7259efcb52c2908099def0a3e
-
Filesize
10KB
MD5ce3a051ffdcca0fd2eb7067584cdb88b
SHA1e50871779b7c56e95e08fcc67ce57ca774464729
SHA256b41f2e20257a83acc1e306de8188c6ee59de38b188317156ef94232965c40c25
SHA512892319c1a2defffbea866f02966e0917c50d444016a93b2e696e756e9f5fedeef6118c0b51b6e996e6a4f1fe8e904b3f45f0d04a1015551d1f1da22b07bc27b6
-
Filesize
12KB
MD5d168dfd00b77aac8eb8ccad7cc4ea4ec
SHA1c6acf3b94a6ecaf3e75cfaf4950f7f82f91b367c
SHA256076eca274dc10f55a70af0c7903d840f25ac290046a0b004f78eb19c2247ee3c
SHA512eaab06f9b52d0123b5abc0028fbeb8229e434c78d405e7b8d2f09e504c4816071dd8fa6c1c95cd88c7deb0bbd9f08a7dcb1e347c7e74a93a2dc2963d8e6e2d8e
-
Filesize
12KB
MD5872474315e5dbc79f1a7afea8146dc1a
SHA10e313a01a2e3ffe1363739a42650f9e091cd2950
SHA25685f7fd6ff8b4ef11aa6183bb17f2eeae2dd374c048fa967af280b3edd2b2838d
SHA5123c7ac48d754a14955dce7599530125b7e756c9c846b251125dfc635b547877a1f7b934f87d8264e36310ac484359bbc61847481fcb4a67c9976f460bdb2e6507
-
Filesize
13.5MB
MD58a34597dcc59aa647dca61b7a4e20e55
SHA1e09fffac22795340b34fe9b29f6b2cc808de5f7f
SHA25629266daf08385d46ba7da5447341e790e517da12dafe6b536e0a68bdefae0c01
SHA512e900b123739d87a66da3e2adb03e695b1b1453dbe33d9fd714a76ec3503273ca72df391c66b020f160c39590909c739dedbb1c103331791dbbfafcdb1c19bd4f