hxxps://nezur[.]io

Analysis

max time kernel
1682s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nezur.io

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
47	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4976	msedge.exe
4976	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5356	Nezur.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 2908	4976	msedge.exe	22
PID 4976 wrote to memory of 2908	4976	msedge.exe	22
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 3952	4976	msedge.exe	89
PID 4976 wrote to memory of 4556	4976	msedge.exe	88
PID 4976 wrote to memory of 4556	4976	msedge.exe	88
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90
PID 4976 wrote to memory of 3976	4976	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nezur.io
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb10a46f8,0x7fffb10a4708,0x7fffb10a4718
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4204 /prefetch:8
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9770591564173694018,9465217206767289027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x444
1⤵
PID:4020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5588

C:\Users\Admin\Downloads\Nezur_External\Nezur.exe
"C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51fd38f5-b4e1-4167-bbce-df1d1d591621.tmp

Filesize
7KB

MD5
b2a85ad55e214885266cf764fd82b8ac

SHA1
e32b919f97b6b8d716826ced93a8aa262ad49342

SHA256
cc04ac8d080cc12dceaef322459804a4568235f5b77d251724e96cc6ff467ca0

SHA512
670f3273ec5cd49d29cd9445f5371ab8ba09d5d4fadec5b7c722818833e31f56ac8c146540db0f84a41380001cdc4043dfb2eee1ce18d4f4b013abfc2c932eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
94ad82bcc127876633c0ac7cf2928ed9

SHA1
5b5435f3f7b47816945dfe8e9655908e38b25109

SHA256
0bfc108d97c88461c6d44e1d8ae4d5b4f812ff2c18d9719b5a2bcba587ae4f42

SHA512
b07d156de3a9c4429cf187402ba670fa7d68f17903c66a81372d381709ff6a807ab2b27c156302969d4a21f981fdfe154c78f61fcfbaac7a4f2446ca8a14008e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d06f18a149c3e133e242e78ba72d0d84

SHA1
2f409cec310a7e229bba378e34c769f5a9102274

SHA256
995411f73c20987f4687e2b51bae28e06edf474168e9c80545cc66ad4f04ea4f

SHA512
893165dd6fe8bfd6de4fc694a855a434c67163554396288dec7efba613b8909c869642aa0172596ad8948c076cb391ba460219bbe72e5ef64ee301240655460d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61483a115c42b96e7105e35251d38db0

SHA1
9f0475cfff9979c0d63e3d839e17cfd8327de22a

SHA256
0e5887848967b5c4c8d60beda437223b7e77b656a6c950044941d6cf7ea0ac98

SHA512
f925e740ad7fe09a818a698ea27bec299cd76d6f6977d0866df2ad31dd52400647b40646684b56128392fddf4e0eb17e5d86cb8857b4790aa9f093f86e7b2e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbefb621e2c1886f09a95575d9a096e0

SHA1
7bf79cfded5cafb2acd8ebf20a614f6d432c7011

SHA256
c4d61109ea54ef04bd43e1e5f07b237e1cb11d4cdbcef7c83f2f0e2d4491265b

SHA512
ad885f408088de2670cb8a96037ea5d2893e9af8f26c11a6eaadcf243883e4fc886f7984738301b0921a1199b3ccc22b7fcf88463a22f522fa74c1d07958b307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a019006478147cf19a41f7b841ff4fe6

SHA1
e121b0b40c20aae82a3ba5506a3832df6be918fe

SHA256
6f58e66f24b123db2977b4156ffb5b10c0a8f7065ea81b240b080741a36c8aff

SHA512
06915c63fe9d59ba2baeb6322839d7902093b3b735c5a73db97c83ff12bb7cc4333d34aa7fbabd9ce686bb8634cfd98896661466a5ee6bf06d6c657d050e0c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1841b431c15c2923b0e2f31888ff6070

SHA1
b55b8cc90dd6923cfadd57e09384afe1334364e5

SHA256
bc2117e64c53ff417d8c3602d51594e530d4269cf29db3ccb5c0326eccc55c1c

SHA512
2bcbbb067f234d63894242108a9dfdbc1ce0edbde8f8e0ff0fb3ffc2c4b54af5a1d64c4c6a1bf71e83312ee0efaf4ba9a255121e300c5b69d371279c7eb222fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a46f350af04f8cf27a22d54e6a1b892

SHA1
707b6b8e2e0b253f0f16815af23e10449d5352e1

SHA256
1ad29f6d0299e762d861d83724ee0572bf0ebe72a0ca16b3d45b20860325702e

SHA512
b1cdc9b6e45c71dfcda5b8d415748dd53c6a6f885aebd62ff2de97530dc8be4325e5530c9bcbff13c02dec9c8c2fc6bc44625e368e62d12edded56c27e6e16d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
122458a3089d00a9002772d47f7c1e5b

SHA1
79be71b8d42a4fd9a79a03dba1e8920a65fbfcd4

SHA256
8290bfecf2210fd6ddea5011311cbfc83e2956109e19dc829e26b6abddb66fb2

SHA512
5c5a29548ba33a1cd992787c10efaf7673b27d844bae38dfc08c07125642ac5c3ecec997e4ea594aa52dbbf521d19756af13f0f9000aab30f4e783e33beedb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b286d0f9bc755711e6115b75875d366e

SHA1
6d2d867b8711643e6684b7c2839d8b2c9d460cff

SHA256
9cbce7cd297a4210d3e12f69876759796c3a935c8dada5a8caf2b4e55ee5b4a2

SHA512
5d541f52f018e4e7beb80d89702f45357644f492b03d2957492859e3871815ed5dae3dab303458cce67098483d4826d88a4686ba65912cb4109fa35e9d6499e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbde.TMP

Filesize
706B

MD5
94a2816d1f9c10ce8777647066e3385d

SHA1
81fbc62546c45f781a6f5a8b3f04ffe384192faf

SHA256
263abca7b46ce696aaad5d960c1fa2e2b1fa4f21956e7fde5ca607a870710f43

SHA512
198aeaa2e50ce5d3e8ee87cb9fc79c7b51222f1808cf77e64a0bd3fd5cc3ed0d247b146bc4f2c3740c9276f7c32c3c54e3870c3799469328b26aaad385fdc487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
148b57268b698a65638e22e6eb316341

SHA1
2d520e0c1fd17524d80dd1249c48e08611c91c05

SHA256
658c730ac1d24dd6b4b9ce9b8457c72ef1aa3229fe5952f210b94af662a1a166

SHA512
136ae7c090d3c16c432fac2d4f0de8480b0c778ef292d860074974b38ec7f28bca729eb020a6e1b941194ab3e9e9e1274fb460fbde3a3af01a9a51acef268f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d36347bc1de0a13a1a5370dbbc9b6eb1

SHA1
e80e4079849d59da8c9744865736a1cdd8d7fa95

SHA256
65b5ff965c3f334420b98defa91564626a2abb98454440b63f17d1871f58a509

SHA512
ac170e80679410cec2b0ba1e7c60ac5de72743a3fbcd190e5f0f27f84f12cdfd4a2cffa32f89f2a2eae11bce95124c835681518a6eb9789b66077be36e723b96

Download Submit
C:\Users\Admin\Downloads\Nezur_External.zip

Filesize
192KB

MD5
f304f85d636de26990a3801ce6965012

SHA1
0eddb57040ce1f23a16dbd3e029205b82cc44348

SHA256
e89294873167000d175e275e774eb12ad5533d91b83a6fbecf08d1591aab6ece

SHA512
5bceb83859e8ad9185a95dc75b74ff2f0db5c672b5d47b4af1e56990a2065931d45ca161bc3fb1f399c5c692d20c145dc34c60c1b0c2df453c42b2aef13e535b

Download Submit