Analysis Overview
SHA256
8288d94f7db9c1d99ec5bfc0ae206d28bc8489b8276d2b638ab50eafd65469f7
Threat Level: Likely malicious
The file Nezur_External.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Stops running service(s)
Checks BIOS information in registry
Themida packer
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Enumerates physical storage devices
Unsigned PE
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-12 02:51
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-12 02:51
Reported
2024-04-12 03:37
Platform
win11-20240221-en
Max time kernel
1816s
Max time network
2610s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Nezur.exe | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Nezur.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Nezur.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Nezur.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Nezur.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{4C2577E4-BA39-457B-B1F5-53F89A33E1AC} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Nezur.exe
"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Nezur.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Nezur.exe" MD5
C:\Windows\system32\find.exe
find /i /v "md5"
C:\Windows\system32\find.exe
find /i /v "certutil"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://key.nezur.io/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc437f3cb8,0x7ffc437f3cc8,0x7ffc437f3cd8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/product/41-nezur-key-bypass-lifetime-license/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc437f3cb8,0x7ffc437f3cc8,0x7ffc437f3cd8
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11877858010357225138,11804525735150931402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.1.5:443 | keyauth.win | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 5.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:49743 | tcp | |
| N/A | 127.0.0.1:49745 | tcp | |
| US | 104.26.7.104:443 | key.nezur.io | tcp |
| US | 104.26.5.38:443 | 1cheats.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 172.64.206.38:443 | use.fontawesome.com | tcp |
| US | 172.64.206.38:443 | use.fontawesome.com | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| BE | 88.221.83.187:443 | r.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 2.17.107.105:443 | r.bing.com | tcp |
| BE | 2.17.107.105:443 | r.bing.com | tcp |
| BE | 88.221.83.187:443 | r.bing.com | tcp |
| BE | 88.221.83.187:443 | r.bing.com | tcp |
| N/A | 127.0.0.1:3000 | tcp | |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| GB | 64.210.156.16:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ew.phncdn.com | tcp |
| US | 104.17.248.203:443 | unpkg.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| GB | 64.210.156.6:443 | network.nutaku.net | tcp |
| GB | 64.210.156.6:443 | network.nutaku.net | tcp |
| GB | 64.210.156.6:443 | network.nutaku.net | tcp |
| GB | 64.210.156.3:443 | network.nutaku.net | tcp |
| GB | 142.250.179.251:443 | storage.googleapis.com | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| DE | 18.66.192.39:443 | static.hotjar.com | tcp |
| DE | 18.66.192.39:443 | static.hotjar.com | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | udp |
| GB | 64.210.156.16:443 | ew.phncdn.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| GB | 64.210.156.18:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.3:443 | network.nutaku.net | tcp |
| GB | 64.210.156.19:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ew.phncdn.com | tcp |
| DE | 18.173.154.61:443 | script.hotjar.com | tcp |
| GB | 64.210.156.21:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.3:443 | network.nutaku.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 64.210.156.3:443 | network.nutaku.net | tcp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| GB | 64.210.156.18:443 | ew.phncdn.com | tcp |
| GB | 64.210.156.6:443 | network.nutaku.net | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 89.187.167.20:443 | iv-h.phncdn.com | tcp |
| US | 104.26.1.5:443 | keyauth.win | tcp |
| US | 104.26.1.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:50811 | tcp | |
| N/A | 127.0.0.1:50813 | tcp | |
| N/A | 127.0.0.1:50818 | tcp | |
| N/A | 127.0.0.1:50820 | tcp |
Files
memory/4912-0-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-1-0x00007FFC643A0000-0x00007FFC645A9000-memory.dmp
memory/4912-2-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-3-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-4-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-5-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-6-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-7-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-8-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce319bd3ed3c89069337a6292042bbe0 |
| SHA1 | 7e058bce90e1940293044abffe993adf67d8d888 |
| SHA256 | 34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3 |
| SHA512 | d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 12b71c4e45a845b5f29a54abb695e302 |
| SHA1 | 8699ca2c717839c385f13fb26d111e57a9e61d6f |
| SHA256 | c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0 |
| SHA512 | 09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241 |
\??\pipe\LOCAL\crashpad_2900_YVRRRUOKDTTHHRZW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05d34b6b2f582c0d2781ccc0625d5b12 |
| SHA1 | f19ba7530443da1b1fd57f02e6a606ab28bccce5 |
| SHA256 | 48a84d2de1bf813ada93cddd5dbec3fc0de4804a47f7ad862e3e473e7b2209ee |
| SHA512 | e594f27f5c351ee83779cd0ca3cfebb55c0dae1ef7efeb8845927d05567322eefbef562ecafeb472e3ac99d9edac5b55b775634f1e54a7d6a5213c8dbae24cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fdbfee94bd358f8968743e5a7db31e2 |
| SHA1 | 2d0d2bdff9f45bbcaedb3d87bb5f663868d9091d |
| SHA256 | 5fe4a4e3d9ae6a8df782b88bf04df11846d5d35b89e8f32160c3ac304cb2a989 |
| SHA512 | e008eb2a3b59fe0ef27d18840d042d886d6fcccbc14ca3f82b9de6f583018eab9748712491a5b1a1336b75386af744fda502d049291920ceba33f513965ee4d8 |
memory/4912-91-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8b5f54d29fdc63e4b8b9fe52ac52e5d |
| SHA1 | c46755289f2a8f4ee5b8f8c4c1dd0703429c77af |
| SHA256 | 953efef1e33834d2224ae18356f319641069c66738f6421e8a6cbbd8caecaadf |
| SHA512 | 92052edce2f5cf898fcdee0015e9411668fdba56678f7a351137a630b2a09bdd64952ead60bd5712e18be7f0a92594676da535096d84595462c0e9ac62aed040 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8fbda88265356e43e7e5c3ba2dc331c |
| SHA1 | a2c0fc75469ec7543ca146eab49b72884e44414e |
| SHA256 | 195863a2416959a99c1bd909a34c42f39233e93c843fed9b3b837d90ebdd5fc2 |
| SHA512 | 9bc71d84723d8ac6f7096bf34f984b5e1f9804c0a30d448e5555eda47dbbdca6520a12bbf810c504bcaaa0d27365c536ce134c92d9a859fb0bbb19f9336c5025 |
memory/4912-215-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-250-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff83a65b457477dd5160165be8870453 |
| SHA1 | b5758e6d0415cf26edd7e0c336df975049a5f66b |
| SHA256 | d922118d5e8e426e3553a16cb7c3c2d73f760480c1a00984c738450a6d80c2c2 |
| SHA512 | 960ae3c31ab2344ed8f5b84a7d56ae176b0ffa6acf8f0984dc8579ddb09ab2a2ec2382ff77b5a765f8dd960783b90fcb6c34a9ffad681b555ccb5553264a4a79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
memory/4912-274-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-275-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-391-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-392-0x00007FFC643A0000-0x00007FFC645A9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42c9303c1fa220a8e6a961c5f55e04dc |
| SHA1 | 5de0340f6f3c9d513d7a7f95cac4df43a81246fe |
| SHA256 | c059e057952eb80b757fff1efd59d959af8257c5c9340b02e7c675ad1513495d |
| SHA512 | a10d42400b2e3c014647334b362180919f384ff017cdfb028751106e51b0a269539555cf3ff9cbb59a29502c204c0a16d31f180a5d798cac4165d55c60dfcd07 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/4912-434-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 9986618ff14e07dc3102ecacae6d1392 |
| SHA1 | de26cc9eb371c5fc561927c859161d6352b28696 |
| SHA256 | 464ad8294401dd7738e5c66e6ddef2f7cf9af47fb6417a4f946f9af2c4e52f05 |
| SHA512 | cf0ff200e87c75b56025f7f74801d931025a3b548b2c3974f6d281bbb0708dbdeacf733e3e40d1ba49ce414de643ec805d2298feb47031de44a52ae3cc5a412b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d4df.TMP
| MD5 | 3a19c42f2916bddef34134079c709a26 |
| SHA1 | b795d0b4cff3bc5318479a8ba419eccb4dc86643 |
| SHA256 | 0360421696195314bb5981c640fe8ca0a54ff75653bdb1146dead3f89a27e9f9 |
| SHA512 | 0cf9abb8c9788fab8a18b2218335c7dcdd1da118bc8c0715c66f85645d45254da61b0c12cf2db7344f4450a380fc98433bf2f3c310a1ac931fbcd3ce27571990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5118755eb2c3b7fd8065b13cc70c18f |
| SHA1 | 873479454e7d3ff2eabc3c4b0d325528159d75e5 |
| SHA256 | 7443af3df0b2a5bf1231298fdd4e2ac987d0b8a0ea7ac1c8a74ac6aaf3d665e5 |
| SHA512 | 3ca14ff0e5b492977ec097d7758d3e50155ab84cf9046056e41243e15fd18f56a8f7015adc0543eeb7144fcec3be16014365110de368629cf1210c0bf88640eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/4912-594-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0990017ce7f2fbc17ee9ceb9817ad8b3 |
| SHA1 | 6608b19efd21add0bbd106eecc504e4e527b2c02 |
| SHA256 | a5de4874c9561ebaadca09d686cd623cf338730bd5f5a2698edf73529903ad58 |
| SHA512 | 6d875ce47d0a877ba634d6dc9136fc058c2c7b14aab016111fc6e10480bae97dbdd8f9a86633082a616b9190b126292fcc8cb080bcd437bfea0aaf2f96c68c62 |
memory/4912-627-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d599303236bb9676e205a459b32424a0 |
| SHA1 | d512acabc4ecc391ac0fbdf1a822b0f7b604daec |
| SHA256 | 92bf230dc415d01cd8322b40c7b304bfafdc4f035f2330f27e5c98c6a9217104 |
| SHA512 | 11f5a2860ad4b194f1e753df8e248020e39db2b2241c3b02d2ccff6fca2c6eae07ae22b27de58967b92732d44b4d80eedaf68dc1533685196530cb93de9217af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 8ff42b760d33ac3eab8db029f3813afc |
| SHA1 | 3739c9639f09f5126b22ae442dffd01ca1ee0886 |
| SHA256 | 02c861339110f8e917bc592deafaba09ea20d5061658a31ce8a182e25e4b6bc5 |
| SHA512 | eabb7e2f8398706354f7ae82e6a8f5294baa605009adc890aca4f40817c4921a2168e915afc0830840a9918de36c6e4ab1ba136e6ab41bb7db744ad1c0a26501 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | d6f862353c2433098d82725f90a0e280 |
| SHA1 | 55ab2e7e58fd35c99aec7fb52849d866eaefc438 |
| SHA256 | 719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38 |
| SHA512 | 0de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 5faa2facf1a28f6bd1c10e568f17074b |
| SHA1 | 04f20db7e5ddef7c8a2b583772c2137106eb12d5 |
| SHA256 | 240bcb4c76b69ccfad67b80c9e372681ca6bab5c584528c042bc917362b7c89a |
| SHA512 | 1b91ad50f67d08aea447fe81bfd6468ff412759d0e88b130811162ef1c64a1d8e763c1984c674c56171a7578625978edcb74377441641b00e55dbcc790dbcc31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 48c80c7c28b5b00a8b4ff94a22b72fe3 |
| SHA1 | d57303c2ad2fd5cedc5cb20f264a6965a7819cee |
| SHA256 | 6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356 |
| SHA512 | c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 34e8999c465fe11d2bcedcf94addd39a |
| SHA1 | 3af8608cebdb68c4ac4cdba6d927467f39b6be11 |
| SHA256 | 9bf6e502cf5825d79a72759e4b3e59ee54839ee7c8a194218dc5d7471cb97d37 |
| SHA512 | 8420c2fbcfec65ca905219913dd37ee446849106c12cdead13e800a9c884fbd732e8078ead4dae65a94a4b3e50834aec2a862c4c76dc14608555d4bd733f1a16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | f85e85276ba5f87111add53684ec3fcb |
| SHA1 | ecaf9aa3c5dd50eca0b83f1fb9effad801336441 |
| SHA256 | 4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432 |
| SHA512 | 1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53 |
memory/4912-768-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8c565e17cd4286584dc6132268b5a63 |
| SHA1 | af746674365b2cae0bf796da661ad7be68526383 |
| SHA256 | d07ab787a5d43095a230ac39e88e9206396bcc85a8ea932bc6fb7738665f9833 |
| SHA512 | 004395fb624652acf046babb938a6254dbeea106d04ef20037651f23f2bca0aad209e6a3de256b6d335d0d017b92056fe0f55fb5554988ae8c36bdb6e580814d |
memory/4912-811-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | febccef2c5124f3383fc00baa2d2543f |
| SHA1 | 2de1942bbcc4dd28f9aa32b8472c603c86314915 |
| SHA256 | 38376c18b8f2a94d161263d98a6b938c73188664c0de239ec2639aa894d30443 |
| SHA512 | ad45c37bd1f8906c868fb6984bfe41caa1ede108fd170a02cdc3a3177be7277f106209143080589708cd9d4c27d1b433086b640006635f21c0b954d61a1372d4 |
memory/4912-844-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a48ecfb9cce39ca19ec4498263a1320f |
| SHA1 | 0d1bca9ceea15b074f262e4e3486420738949042 |
| SHA256 | 1873822e861410b5f29b6852d39123dc2dcf32ae9933007c85ebb219defc2b86 |
| SHA512 | 3ffebef35974575cb28fa4ccaad2c092d8aa12969f5210aef4a9dc28e74e31c10ba3c44183896f9f916d9294fbfc2d9222b9529ca9f8db93981a7499ccc4325f |
memory/4912-864-0x00007FF713560000-0x00007FF714116000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 576b3fc7f16b7a8b77dafab242e23b8b |
| SHA1 | 146219ab9fd0fb9a0aa78ee6365b00fe1fd42a20 |
| SHA256 | dd1946b9466bc1c0650937b5ba6f6a83e1c36c130032e60382d09423cd3f5bd5 |
| SHA512 | e1e96cb0270e5d98398c514e3c41b0c3dfb93287c506ff1c1f976ab00fac824bcd09c3c58f043744a0ff615898a9fd50ecf2bf9059222d556c1a0498c6eb0f30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6fae8d3460ef111f97298434695326e2 |
| SHA1 | f9bdaed09f53da2424c28ce7ce9a8f30453022a4 |
| SHA256 | a8e788215c100481b0d38eef2ca89682ca54f966567193df14fa206b3fbd58f2 |
| SHA512 | 7337004a9c70fd34a8faa22bec6167303a070335752ef6b833b18f13b6fe5f8bb65cc0d6b5290fb3dd86ac2a5ab48d346072d6115e9fb2e6931964e79434cb31 |
memory/4912-957-0x00007FF713560000-0x00007FF714116000-memory.dmp
memory/4912-958-0x00007FFC643A0000-0x00007FFC645A9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c72e.TMP
| MD5 | 44d2431b3c56cc0860fbc2cf82a8f99a |
| SHA1 | 3c93922db05dc933134c8b30cc6fa5047fefb343 |
| SHA256 | 3a4b6e221be51a24a6e72249e9b4810f3854b2bd8e41f83af2c0bd319fd5d28d |
| SHA512 | 4bf09808d7c4eca3f2ebaa082272b64fe30c160887ef79f8ca4c6566c9303c9a0246e0cd7761050b7a88c64127589677dd36a5be6e00183085f10bd38082637a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7fa292d3a415eefd07b8d48dee0efdb7 |
| SHA1 | 3d25e3e774d52c81a305df367b8005321ee6e6df |
| SHA256 | aa7832fb57251db1a21e06d03a00b56745c899909548fa1ac8a1e01065996b45 |
| SHA512 | 5b46be65404e6e93b925c895020be2612c9dda3bdc0a2d5214261d9537087c1a7c0b4b274268f3a598675ecc07478fe578779cec5a69c890963213e02ddfe99a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | baf9b5094d566ef908392ae9c9a4d770 |
| SHA1 | cb145c206c34db54287f1448553e8a9e6eba4cfa |
| SHA256 | 4cf877cec9eddcdcb6b5d83b4d12ccc5e552040c7c7dcc2e28fe11535a394c38 |
| SHA512 | ea99f4e11d6fa0ec48876c1f164d0150d61c206cdc313196cb4968c23ff9689345c026aeba0d72af383e45c68eb6be24d389ba2c8bee44f7ec92e79c9dbe2aff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0a81952208055af46d950c7b43aff525 |
| SHA1 | 38336d4388b2d19c99c04f4baae9a61a82acb825 |
| SHA256 | 869263b997d406e7d09276437d636223b49e2df057b7e1156e694db16637f4d0 |
| SHA512 | 911d5166c50a24cb9ab3828027baec7c75985cb4cc446d91e80476676a1dac71333ee6c9bc2407dbe10a77be6743c57ec20a2ec4696d850682ba0fe2719074a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 268ed5b953364f64d1022026141e289c |
| SHA1 | df304269182242a2ded336d6d7394b01adf81d8b |
| SHA256 | 37a4bc4866a2b1e4bbc308689a1c93978909b07487d75ea2e16e5c26b08851bd |
| SHA512 | 5402b0a7a13c35dbc31b2f0197defd79e57b789abb8516a4e2708b2665537c148bbce16d5a4db2664a013951d1351ec9b9907738b1a17dba6ee49489a65caa35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff781dee733bd573e0dadb73888acd1f |
| SHA1 | e33c8de41cff61d25faf526b5c95b6f7746f454d |
| SHA256 | 3a1b3b28c2f7191da497a05b92122a348b234cb0441c5e6deac04a65411f0b1d |
| SHA512 | 9b129e8e3d4ebe06716dd44d0ca8c06595b1d0f5b737c108a3153d79aba275b5469e27e504ed6a7ab372c5e0d8c89d0c3652c7e15a78c4950a6ca0f7fd856952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f24a43d2857d80933b4e62b334849a9 |
| SHA1 | 219d7324693538bc65db52ab355bbe42afb7c666 |
| SHA256 | dd83f55d6654b36975978bd9cdf1db7bfdc1d061f1e7fa028278547487f54ab8 |
| SHA512 | 1641f3ed2eceedd323151ec018fa4024f850336b6173556ab838052b81cb2d14c8642b67a64c62cfcd52a5c03990af08a49b3b759c03b1da33fbcab0ee681fdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a6bd1c9e72e9e05cdfc92cb1fe2982a |
| SHA1 | 01d2da0d62e40c9bdf4ae7c75ba4d829e8ec2e88 |
| SHA256 | 5df54ba87046798a6339e8d5196b4fa126fecf5e40b53ff5c5b0ca152a9ad955 |
| SHA512 | e9e42a3fb20b29365f0cbbae499abc17201590523a706762f87a2b8f8285a531e3f7f06cdaadd6598ec24dc4c4b0a9e8dc1c8a5a098586d125eec7bcd5a27a64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad606fe9f555ec9ebf89b387d37c4f88 |
| SHA1 | 45d1ad266edcfe7b22692099186b55318e3d0381 |
| SHA256 | 04c9a839207f0fb0737566479e55a1f119f493aaa43fc48767be3b51dfdeb1d0 |
| SHA512 | c80e8293e29541e892e0b684e48da83dbd26c0e591303b8783426fae3bbc14f904b4380cce9178477f0ccc70da27b5fbb5835c9c729bee7f09630c5166e1ef38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a3336337a4becf0995149dc9bb45823 |
| SHA1 | 5ded58c4d47ba86a63e2879c2aeada84d6a2d83d |
| SHA256 | 99d2db259cd9085517b664a6411261e812e22ab3afb47907546efae45070944c |
| SHA512 | f5956910c8c96ee7fd8443adb9862e26fecf3011efc58fdb24d2058f52de2eb8b888021a1c5807987c3651a255e39183d393c2795c4e73ead535ae2ff3970ac0 |