Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
196s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/08/2024, 10:50
General
-
Target
https://sakpot.com/roblox-nezur-external-executor-v3-updated-version/
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sakpot.com/roblox-nezur-external-executor-v3-updated-version/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a0447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3180 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7884296986231864801,13612731017858165062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Nezur_External.zip\Nezur.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Nezur_External.zip\Nezur.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultde3efd3dh5f83h427eh9063hcbf2fa215cdc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a0447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6101804297353802273,17157007385449013829,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6101804297353802273,17157007385449013829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault69d8a091heb33h4b2eh8d48h6a149a311b221⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a0447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1420,8234751107883246008,15978179826992041100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6e7fc49chae18h4497hbf1chf8b3bd7a66761⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a0447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,12272271117963636593,11443325386146583271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
152B
MD5e5609bbe458c6278dc686a3156165946
SHA10e6e06ec248634ad148b17b51c88f6a0fb16e20b
SHA256dccda5608e420fc56ae1e2a8d188bdeb6c36b726e128207c3a8d138861a59f1c
SHA51292a4fd2db229b04ed3b53023db3931684433cb191a34e3cd15abc993ced8316ccf55b74feead600113a324b89000d9443f9b8c0c0a4afceb20632429fc26f3d2
-
Filesize
152B
MD5b1aef3676143908be2b684dd6601e248
SHA16b1c544684c0c7fbe483212f7e27a3e8c5bfe3db
SHA2560f1584b492e5dba4483992d595195856a28d4a079121c6f6831e1da8767be112
SHA512a7bb38099020bfd2571be09326e2a5a9a0529a19f22a56d619142fb7a06e0e28fb116eb53fc2f67ed200b2c2cd33616b885a30115f23e6bf1570b28db8aee7ac
-
Filesize
1KB
MD5404be7f5a918e60eb87c625e18064035
SHA1c1ffd377b575cd1ee0549f31fe7c503b48663f00
SHA256a85982139a87664db11b01cfc985efe9074937f1e927241a4247d6a202524b99
SHA51211d1a2a575e6becc0ac3b44d13d43c65af36512cab408a457d695fc1180f30495d89b8861aa9753c47dbd2a415b85617a0af1086a517578f5b048a79bcc6455f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
7KB
MD5ebb1971cc039506a9c9a69095a1d2119
SHA101404084ee67b4f1ad32f5efbdfd4bdcecea9cbc
SHA2569a6af381b7c319ae177f5f630a1969dfb27402ea476a3122284abc972f9f83c8
SHA5129ac34ccc02dfc3e256204a59c883c0a4fb369fea0d2689d3fc586e9d5f45845bacd63d6969cde039cd326ed7663e2131cf6401a41904798128dd342383dfb0cf
-
Filesize
6KB
MD516693fa7ee99fe39f8aebd6263efe8a4
SHA1f89173c3da6db18f5fc9a0fe2258c2fc10104acf
SHA2564a595cd923068ef1ccd4a791b4ce89ab7667cc66b27478cd19ceac3ec69c14f7
SHA51288dab0059c5d40207439cd739cdfaf5d3ad196296c981a4ffc6497114ab612b347a0d1a2dcc6cd691fb770301630c712f778c9458ab146c26ad370f186c4f809
-
Filesize
11KB
MD5b12de731c312c0b01799419c4014b75a
SHA1247cfd841e47525f6f188fb19173ffcdcb2be1c8
SHA256eea0161b7907f24dadd2877729cf161cefd599dba2442b01aa6c32362f8cee63
SHA512825c246fac46b4898cedd7574fd0a7182a45e0be9676e0c890b0ab98bed235906029bab03e19a3c428ad66f13b4dd03405cc204b25f5f6617bda42760204dfff
-
Filesize
12KB
MD5e08e098e3d3490442323cd0d9bded21d
SHA1ad1dd607ea15c0a56eee06a9987988145f0e0f9d
SHA25612d9d1fd9578df0837b680adef3fff832b3e96e64303fe3b9494645576dd5ef1
SHA51288fc2d3cf7c012288aee32b73091ce5a9b237e1560e64547ab30caff492307a2ffbde4ba4ea3f4c96f9346bd75b673104e44987268cad50654e0b7ea7cbee72a
-
Filesize
11KB
MD587bd28a872d8307259122b3bd0dc6b0f
SHA1681dfbe6b8b293189d53a0c48e348d80204a5b59
SHA256278d0294f6390f6f697d983feef2234ed164e9ddb95296ec68bfc2a0acc95338
SHA51243a12549843ff1fafe7e555db0f447d5addd806ec29a57e5aca6a4eecb13506ba0e6b8fcc1176117a3ba26a79b175af93e31e04d9a9f9802d6c6c9fe65d0efaa
-
Filesize
3KB
MD5859cdeaeabd49fb612d61379675265ae
SHA18442f49e906158b1dd1c3c0294ab9a62d00fe434
SHA2567eaa0b6e11642fa1158909b318dc2e152cb5f505a3e923d0a6fd4faa0ce36387
SHA512f945b15fe60b1fc00bf55c75f95f51ca49cf1a6a8fe3020d2a5e0f7206be9c5898c2f8f8d0781cb1a05b96440bbea5db6d7ff6274df1a4aec194fade1816636f
-
Filesize
3KB
MD5521e17dbf1a3f9615ff1b9d814e20ce1
SHA1b65db992a836ab626c7aff480b3093094c53d2cf
SHA25621e3e394a9270a5954055ec6ca5cf13ee964d05ab3bc7a425875bf64e1d67477
SHA5122f455eef25060cec1cc47406715ec5c8302d86d5d8483290bc3719203630bdac1f5cb5363b2fbd459eef724a2254b3922a1f9021ecab7292b09c4b5885a10d0a
-
Filesize
3KB
MD5528ee7e83ef204e4bb145b635447ad8b
SHA1104fe36554bc4da26dd3dcda1f8292d2c202bbb5
SHA256fa72d4e8667567231ecff220544a8199d421e44d659c5aa43cdc3ea2c00eb8c3
SHA512add5bf145916037e6ec8b4e3f0ba8d15f7696730477f26924bfef4ee4a062112606a827a0a09fd9951eab6d27ee4ab2bc84a692003fb2ee90b0fc980b33bd96d
-
Filesize
3KB
MD5650faa40b713b24a7d36a67e5187d10f
SHA12808e608b754b61338d42cc517d3aeed06cb725b
SHA256f2267eaefa0cd52e182b37429a4ec12dcefb8201d57c6ed85e1bf53b5d45da69
SHA5127ddcdb94c0c64c0ac40fbe8b54865b044315f95181374bb20996805fa2c28ae0e3eff8ed58bef0ace4884a544c37cc4d962e08ff44e32df696cfce8184508f8d
-
Filesize
3KB
MD55180dbdaa45b6e2e11d5bc4ba892a565
SHA1b57c1234f574e2d22703208965e9dfc5352ca07a
SHA256f056fdeb85d78e4a568e56d2ec0a9a57d7bce22f4b52b308bcd1d7d1bcc8e19e
SHA512aa2db12294a897b49da04204cbe15eba7ab182f84d3c9394cef652e599a0a309c4bec4379c1dac273d61fd7974164bcd8d4eff6a960cddc74f07581596bad56b
-
Filesize
3KB
MD5dc0bbf339cce73fdba57a0321d89eb6b
SHA1273a3f1dd36da5c0568d10cf64620164bf3feb71
SHA256a2be548b72609e0b399d790e12608a5a15ddca09af1e18da1b70ae45fda92ec4
SHA51229f2af20949ca0beaf0ee495c597a1b7c01729e44992512ac6787b2712a43482aba7d734d36f568ffec4ca42c8f39c30be6ff51f7183c03ca6eff4e3b9aeae4e
-
Filesize
3KB
MD538fb2229580368a915090b112919937d
SHA1a67fc302dd8a18861b0832d0ad8c51a6889401a1
SHA25607fb9e63b5be2fc48adfafc76586508909dd438a5c108b6dca20f16923c5e3eb
SHA5121382fbcaeb56f0666fcfabfb284ca2afac790d731100f9cfaa0f962234947612896a4d49d6a5806a9275c4ea8e2df0a69cfe716c799307345644e26120350892
-
Filesize
3KB
MD5ac04f14d099b17cd6d11ab3c7290a4c7
SHA1d4223aa43ed4f11262a5a5b399ca1d023fc930dd
SHA2569f2343ca2eac7e759de3e34d3607f0c7bb6138377cf0b9381b8b60a331a84504
SHA51214bebfbba49c1de2202af69f8d531dae94929c0b457883ba7247b4ec3233a201035b4dfc30edadca2c59991ba9d15c56e029e599d50c6d00c3d50caac1c47d0c
-
Filesize
3KB
MD57f38762211f12b06e899819ad5679e01
SHA18c35d845aaab3f4b6a3e96d7464074352e98731a
SHA2563a2d036fb999bb4b3492e29519c211d3a8816f81d278d28b1ddce10d06a72362
SHA5127a212b05a2762df369a94ea7e82fbfc2f613dda23e95fbfd7213ca476116a4382a53a001d8e03139dd98d905167c9f8ef79acf37ea01ea4c11a9018c7b01ff05
-
Filesize
3KB
MD55d61c64fd3432fbac308ef8d550ef391
SHA1b221088a139b21944c4849dac0f8d05029a597ab
SHA256bc5b864ee7489b27e5a92af38cea1875b5d325b047a8701ba726a68481184a31
SHA512dad2aee862b8a38394b0d133c7e5f25dfad6fb3e04fecd4beb0c7a70288fc94884e5bf6ebc57017cdfddca6110ec74d60b66fbfda70fb25677875f1171d2b865
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD50a21d4bbb7e35e8d8feda202c1a92252
SHA1e8633c46bef38c7fcc23f1a6e330f44686a149ea
SHA2566cd7b8e1e55a0aba3808f2f29a2bdc07c000b3f0999d2e65ecb2ae566a008269
SHA5121328018345a945988dc4d84161b31817f4feaf613b3bd093adc11e120aec3cf8a5bd38c98092f35fd4269aa558d8e01f70782b36c2e7ae6a028cf275433bc808
-
Filesize
12KB
MD5bcc89d53bebfae25f61c4963fcd5c2af
SHA19e96f7031512bd1b3b0b8dd3eb0c383f3a4d55e2
SHA25604925c1f33c6596e85530696fed28c8ade27e72024a9f4528df01a70fc7742e0
SHA51227782d9c4aed1afd0cff649ee2b2a3834bdcc74a380e3a740e1fb70b7da50748e03f585fad26b786d26303cdcfcdfa8954bc6984ccf80a9bfad2143981a854da
-
Filesize
11KB
MD5cdfe0ead0ddb10613cc0e0c7af8bafb2
SHA102cb5643bcdfba0f1de3a9738b0d2baff5cc8014
SHA25682e910870ab4b05f76b7068b25b98b10dca6748a3d80e7f76682098819d463da
SHA512cfae132c228a1d8509cc278ff00ff2c3f983779297bc37a2986701097695a78727b2f6bbd73e578398a3ba06136c52bc0bd91a7f1083c8ccd3047170ae63ef11
-
Filesize
12KB
MD5e8669dc06062ba2c7e165dd672ef6521
SHA1493c843988b92437bb4f6b44be42e35fe0d8b99b
SHA2568fe93ec9bb3a8f86a8cdb2fbbddbbae1a79c0aa0c445703df54fae3fc5ef8892
SHA5128d4299ce9565362f3a7f36e66e525624b004338d048999739db8176d27d2c00015ab1e648d056b3a14fc29316bcf270d5d820315641e6e4fe9a9ef575b995c7d
-
Filesize
12KB
MD50ac29da6b4173d72c82c48e4797bc930
SHA15b9573db5a199688d471f899c03b7611094ed063
SHA2567ae99b643ef61e13a28b10b8fbebbe297bb65f7dcd2bbb70e7506fd7784f5f07
SHA5125215f75a0813c725d243b4e68d18262b71ee601422847d2b13e96ed30ea713c39ae29dac029139a60b9fb534056630db197a3574aaf5bd1349741f431a3f9d54
-
Filesize
12KB
MD5a07dc24ce56e418cd4da08ff0ff36bc3
SHA16c6299b9bbb0c351ee4eacccdfe71b15add65ee9
SHA256568797a529e39b61ae090ac2631eb83b8f1e7b67d317770e71502fd0ac690349
SHA512b6ff074bfac9b7827c3f892ea5f3e51c84777a430efd8fc8b3b96b1e990166f5af002e589f292641aa378a0cbf358318624300d11305b6691f9cb66f87424fc5
-
Filesize
12KB
MD5f22455122ef35cb99968a11ec18a6992
SHA1d631a845395a923f281aa0dbb7f5d245f00f026b
SHA25643016d4f8cfd29c118eac81d55dcb33ca5b0ad9cfae6e379dbe4b2928d4755d4
SHA5129fb2248213c7bfc4ba3fe2e238acadb195188fc3b352e2243a5a929dc349fee3d0475a6e7db5a88d92c80cd153a85782d893eaf4e613aa64206597ab87f6d71d
-
Filesize
12KB
MD50b93d56b0c836a34eae81673e04dc21c
SHA10706f605e3bfab57ef7f41b2b0c2d24fa755427e
SHA2562cb5e2ff82f7096da440620aaa0013ecf60ee22523b2bb5182b159069986771a
SHA51284b85acc30f032d6366fdcb5bc7219e1b9f936839c7c436084f31957f6d6cb52daae7c1d17ac7cd398cfa0a4869d80adcb4551e0284435c2e2a8d1ac99ddf859
-
Filesize
13.8MB
MD5c91c5f4248cb89c6b6202e41abbc538f
SHA13290abcdbfb4e8a0062e2bb20660167e6f3eccdc
SHA256ff0ab91f42417766aed64f270eb9ff347c361129ca3ed49ef096727c2f8552d6
SHA5127e1473102c7c0415a846f8a9c24b5d279599aee0de92437017688115402729ec82c928384f205dbbf25de4516c6372fa5891ed6e0ad2d2324fc318049aef3a10