Analysis Overview
SHA256
da3e8288c6a92b776a56fdd71b436ff8621c9cc7967b64a425425044833c8d6c
Threat Level: Likely benign
The file Nezur_External.zip was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand GOOGLE.
Unsigned PE
Checks processor information in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-03 04:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-03 04:32
Reported
2025-02-03 04:34
Platform
win10ltsc2021-20250128-en
Max time kernel
84s
Max time network
86s
Command Line
Signatures
Detected potential entity reuse from brand GOOGLE.
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-950679536-2019665560-1662069516-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Nezur-Executor-2024-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Nezur_External.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 27175 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e0a0d5-51b0-477f-8537-5b1e012d42b2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 27053 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6aba8c-0fa6-4a40-abed-623fd921319e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3160 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3352b39e-1e3d-4095-be68-af8f8ba36195} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -childID 2 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 32427 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91417e12-2992-4875-85c3-f6fe1ad7d96a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4768 -prefsLen 32558 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c995d06-69ea-4010-aeb2-f9764e6b44ca} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 3516 -prefMapHandle 3496 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {602f7f32-97a8-4182-b7cc-1430b99e67bb} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1791fc-0d11-4908-99b0-75724046066a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 3496 -prefMapHandle 5816 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098cbdee-39fc-4897-a2e5-77bc2e7a0915} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 6 -isForBrowser -prefsHandle 6184 -prefMapHandle 6180 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c6c6529-8bb2-453a-94e6-4396f1743d7a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4072 -childID 7 -isForBrowser -prefsHandle 4644 -prefMapHandle 4656 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce521162-b8fe-481d-98e5-2d86169a1da2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4552 -childID 8 -isForBrowser -prefsHandle 5448 -prefMapHandle 5528 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe38f34b-5875-48e0-a719-bc158ca04add} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 9 -isForBrowser -prefsHandle 3012 -prefMapHandle 3280 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {907f1457-49cb-40c2-bab0-0c007b6be323} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" tab
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nezur-Executor-2024-main\" -spe -an -ai#7zMap32116:110:7zEvent15415
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| N/A | 127.0.0.1:52591 | tcp | |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 151.101.3.19:443 | www.mozilla.org | tcp |
| US | 151.101.3.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 9.247.209.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:52601 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:80 | bing.com | tcp |
| US | 204.79.197.200:80 | bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| GB | 88.221.135.33:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.135.33:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | udp |
| GB | 88.221.135.33:443 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:80 | duckduckgo.com | tcp |
| IE | 52.142.124.215:80 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 233.54.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.153.16.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oit9jcbf.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e1220c1529a441fa19934f1b94f484d5 |
| SHA1 | bd364e1168efdfb428f7f59693cae0d8edfeea2a |
| SHA256 | cee5137f622cc908e015005ac152fd04a267aae871da5a5b461a7c55fce3b42b |
| SHA512 | ae3520f31513beeeb366c724bf6978a790b275d79a583021e7822430e7232a2475933c24c5b2b115ca512ffe17299c79520f2fcb650683de2e15436343b0172c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\da7f955f-5951-420c-9017-3141ce2ae589
| MD5 | 1dfb0c31fef22df42a171d9b2741e8a8 |
| SHA1 | c7bd8ed101950a9b0d3fb82b885c4312c0f381b7 |
| SHA256 | 276d3b63c16116da081ba3a1d67daf13aa17c05089d1cd7b1029acdeb8e98d17 |
| SHA512 | 71a8f434f2a42a9cdda7aeeeec58a5f3eb9eeb7fba778de62de88909675bcb83bb624ba68990ccd4b4637dd95e57f4dd6547c2396883fbabd16e64d6601ad362 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\097c7cb3-6f19-46b3-a345-268e228d3448
| MD5 | 00c470a64365d6e83811b33927c6c78b |
| SHA1 | b2a9a3df22b5013425b28cddd1b152876dee65ea |
| SHA256 | d2ee7832a40bdf9ba51d96c9611200f9e3704559656c0bb2cece8cedc90cdcb3 |
| SHA512 | 7ebe939e7c8b548039bd4ea1ea3b66204d2fa1b1ff1230fcd4e23489a65cc4e07303068ef986bd63fce81a762ec93264b0b3239a579a84c58deb36984475316d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\096e1b30-9697-482c-8a53-5a47b49e9ce2
| MD5 | 12db0af0cdb8e288e448efe8c17faa23 |
| SHA1 | 50d35170fd300874878135095e4237968844c71e |
| SHA256 | 63aae523e05fa60e6b40ad6cc1535010d9cb50c3382d9091ada2c88592fdcbf9 |
| SHA512 | aa0a175fa6013937cc36b28f190ec557ba2f855246b6248258afde513555701c2c755055bc9c13dd510636aac06a41921b521f553509040b334482f9df11ef48 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9304ae6fd0a669fdac165e65236cdd46 |
| SHA1 | 5ca1260868124dd56a988a15c3fa01b600cff997 |
| SHA256 | ca3aaca2ba9cf5b92a9d4696619acfd3c7e5ea8eb94aafb4d440768ed327b1d3 |
| SHA512 | 15a959427987ef5bda08e38fbe0a086e03d8c962f6c577538108cf9687244396ff0a3dcad019d7fe47972e4273799fde83c38bce733af386d96c986ede12054d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fb40bc48d0431355f2ee4d6b55a5db41 |
| SHA1 | 6a0673838aab99a5c93564b42ffe63f658f4e320 |
| SHA256 | 2c47239acdd87ca39e1c5a70f380f3996fe917f6047d0b819ed2f04a6660ca05 |
| SHA512 | 7248ba5c357e6fdca285de7b37498b5f3bc6c4045c224f9c9b80b6517b117eaf2d17c143138606cd635a3470a91d60f88fbd73c6b67d8f3923d049f9f30f8b9e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs.js
| MD5 | cab9922a742f8aefb21d7c90eb42a59b |
| SHA1 | 03a4b3363716cf169d56513a7f045f40dc6e23a9 |
| SHA256 | dbb987053b5bfe0aa08373d926237ccdcc4de0e9fa6c7cd42a567894aebb6a7d |
| SHA512 | 1304ccc01489aef992d9c0c9e5b9f679335b475ba1124a83d08ab630e52c0b5833e58bfda6cc9f65ac4465203f60d098be3ac6de05aceb75d8b66cae04d5b334 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs-1.js
| MD5 | f475241362814a5233d8b8740c6bd155 |
| SHA1 | 988538c82d396228ccda60cd345cfa520a7a1009 |
| SHA256 | 627fdd64908a449eebeccc343cfa8cc9abf9ac86093dbb242ec4afd06c376e76 |
| SHA512 | ada38f487d97de472b4140cdeb914ee89fc5fde1cf336b45a0fa64549469b81de26ec2f504e03e5dead3855d9060f7209e40c7a99061c2d85837d5e5ed258ef0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\AlternateServices.bin
| MD5 | 42f79599c36913f10b304641cb101ffd |
| SHA1 | 23d46402f0de1d56929109e700d7c190b329e5cb |
| SHA256 | 66dd0aa95a97ce0c7431e6472f6766e6d27b0c5db74832a283aec83426ebbe6d |
| SHA512 | f28afc788f3b2c6c24007a7a797c9c24521d1fd45e07ab8842d47519dc9d90a67e1eaca467e545cb1cd420dd5d921193e1f42e715b82233090edfe03559caef7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 931848e1edc5f4b887ca2b2194320850 |
| SHA1 | 9af8f6e5ef8120dd2562a23d81ea6bb42a04114b |
| SHA256 | 17a60cd01dbd9c6911bef83fc682df9211b8653f3f19c4aec3ec314b934c468f |
| SHA512 | 312a2bec10b2497c0312c1bf4b9023bfd831213d19a804f65fe2e310dea85d071e25f90ec57da94ecffd3623f1f5662a1e80f85513582081cabdb0287b7026b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ae1f41de21d418231ffea098bbd051d5 |
| SHA1 | 1d5228c071267e331cb64f56c261bbef9c5b2727 |
| SHA256 | 01e74efa22368c680fbb80134d62ec1ee1a48d3975333a467b28bc97fd3a9a2f |
| SHA512 | c53b067a16da467c2e1b0b78cf7b295c14d66b2ad1e86c742f1dcf257fd51e67ac8f7fe9e6923662f7b2d06d5f758b6fb8b56d811fba8398931ceed3d66457dc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\AlternateServices.bin
| MD5 | f459b009d2a97da43f3664f945df9913 |
| SHA1 | f06f99bc6d68fcb3d59cd966decda58e27820049 |
| SHA256 | 3dcc6cd8b1ffb7ecaff304734b736fe39e655ce45ba4678fbe97e8fbe9545cf2 |
| SHA512 | d3bc9a72cad8f4e0703a051933fdb35d7e81ed6c646d4927e943aac61b562599d1d392174e7333ce1a3b57903a5042d1cfbe6d5539d49243ceca749020b3de1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs-1.js
| MD5 | bcaa31512128893991697ede8712751f |
| SHA1 | c955d426f1da2b32b755bac80edd013df45a993d |
| SHA256 | 57c49ad412811af9450a930bb0182f2740a0e8c2682236bba5f5b02def433daf |
| SHA512 | fd8c4e21243b060a1cca672d4611e2c1bedd51b3ece9c1c879efb1caff4385f26e15089aa76c25b295bb84dea199ac1279b5e24a68f3890d5b43ca4f2d715cde |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 965ffbffdee8bf8629f522526bfa03cb |
| SHA1 | dc1b6539a5c75b6bc1b6350804224acc2b5ffdde |
| SHA256 | 51ec519451afba85382db3e0651025d6fdfad23e77544d309c2a2ee6394d5bb5 |
| SHA512 | 7bf2fd34e799ac195deaa47dad1d4d8f012bc8f2ca390ace51bce493a23c367ff62d65de283bffeab06ffc18b7c52ef952c965f6993f74d0f6ff762a5f30beb7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oit9jcbf.default-release\cache2\entries\D947845403205EA7F2B4DF066D1698C80C704952
| MD5 | 5cbebcabae8bb21a3c282252456b7104 |
| SHA1 | b2269fe337a77bdb527ba07df848070d6c4e5cec |
| SHA256 | a0a03f626f86652250c9785ecd3ef9b6663ac17169109dac37fcdaa501316874 |
| SHA512 | 724d8ca5950e394cb9667e9f26b85130badd57fec238de5aec4d0a18d9972e957d4adcdacd1d3b4ec334b68e355fda9e86974f4854dab06c0be713da0f684d64 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b7ca17465470eee0302fb57aca73bb0d |
| SHA1 | 42539a64c56d2d6121bee5bb324a029f4101b4ee |
| SHA256 | 304f567ac9ac4327c0a7319b3c3df88414d7f0430fab11216243161cf28e8853 |
| SHA512 | 6ffb77bac734ce0d0505adea77af3a2efb2c6fd053c29df27e5e8212261adfb1c5d58e7f888b61fe4b4ea525d101e035be4a327f58a99ada5f7d64a9f27d18d8 |
C:\Users\Admin\Downloads\77bt0U4K.zip.part
| MD5 | ec4664390448337d71769194af639955 |
| SHA1 | 4d8a4f28ec06e40cd2fd8b640e5dc0c11a49bc49 |
| SHA256 | b86ea670802afdf90e83214e6c8867d52729771cf1a71520c6470ebe2d1976ae |
| SHA512 | f883472bd94a4ebdc89d10e30ce9bc3411f5f13cb6f35dab959574342e6bdeff7de0c7bc3a7c9887310bdbbd6aab534a831f7773804a37c840b165755b4612b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b491b7def149ad2700f87d57f63e3fb1 |
| SHA1 | 9cbe87c1034683b1e78750ef89980739c71d94d6 |
| SHA256 | dc3810a1fa865810ef8a4204c076fdc09e85a6d0eb3295f9c582899559f72026 |
| SHA512 | b6bff23fe6c84b2240a0dd8faef3f74d1e12db7d3ffc7cf27668c00a2118c2eb601aff3be5b9c2412c3d6ca0b43ac95f2e4fd4400accf3cebab0d86c45de64ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\datareporting\glean\pending_pings\2f62478a-267d-4d75-ac4c-b9e09880ba09
| MD5 | 7f57dc0aca51a327e7eb47fa51477457 |
| SHA1 | 4c80cc255468f6571a8017a4495ec88f43903e08 |
| SHA256 | 41ec1f378c31c5d882e7a2b1aa5b88f03c1199e10bd64f16a468327d5942532e |
| SHA512 | 6ec1cd06b56db19e5c5625f260c7ff82196f8b13a54831af472f4269f1258fa598a4bd98ed95391a441413d8e28707c3937994f10e1d895ce0458c63d8415bb5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oit9jcbf.default-release\prefs-1.js
| MD5 | 6b431ad7338ca4765e9a75d7dae1243e |
| SHA1 | abda97c5467a0f5d85d05050eb5df0926dee75e9 |
| SHA256 | b9ec3c98b386cab3d9418007889c32833f4bdb32d3ab13f6d4512a563cc0162c |
| SHA512 | d41a6fe2eb0269c5dce58bb668c6339921918d4d02348105689f6eda6e08d3dcf68fc7003087f3e6d75503f410da52cc9a2fc637f020152efc0c0c5eb77c7c26 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-02-03 04:32
Reported
2025-02-03 04:34
Platform
win10ltsc2021-20250128-en
Max time kernel
93s
Max time network
94s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Nezur.exe
"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |