Malware Analysis Report

2025-08-05 23:04

Sample ID 240412-dcejkagc2x
Target Nezur_External.zip
SHA256 8288d94f7db9c1d99ec5bfc0ae206d28bc8489b8276d2b638ab50eafd65469f7
Tags
themida evasion trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8288d94f7db9c1d99ec5bfc0ae206d28bc8489b8276d2b638ab50eafd65469f7

Threat Level: Likely malicious

The file Nezur_External.zip was found to be: Likely malicious.

Malicious Activity Summary

themida evasion trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Stops running service(s)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Launches sc.exe

Enumerates physical storage devices

Unsigned PE

Kills process with taskkill

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-12 02:51

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-12 02:51

Reported

2024-04-12 03:37

Platform

win11-20240221-en

Max time kernel

1816s

Max time network

2610s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A

Stops running service(s)

evasion

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{4C2577E4-BA39-457B-B1F5-53F89A33E1AC} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4912 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Windows\system32\cmd.exe
PID 4912 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Windows\system32\cmd.exe
PID 1752 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 1752 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 1752 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1752 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1752 wrote to memory of 1928 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1752 wrote to memory of 1928 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4912 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Windows\system32\cmd.exe
PID 4912 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Windows\system32\cmd.exe
PID 4736 wrote to memory of 3184 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4736 wrote to memory of 3184 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4912 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Windows\system32\cmd.exe
PID 4912 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Windows\system32\cmd.exe
PID 4912 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\Nezur.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2428 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2428 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2728 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2728 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Nezur.exe

"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Nezur.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Nezur.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://key.nezur.io/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc437f3cb8,0x7ffc437f3cc8,0x7ffc437f3cd8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/product/41-nezur-key-bypass-lifetime-license/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc437f3cb8,0x7ffc437f3cc8,0x7ffc437f3cd8

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11877858010357225138,11804525735150931402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyauth.win udp
US 104.26.1.5:443 keyauth.win tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 5.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
N/A 127.0.0.1:49743 tcp
N/A 127.0.0.1:49745 tcp
US 104.26.7.104:443 key.nezur.io tcp
US 104.26.5.38:443 1cheats.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 172.64.206.38:443 use.fontawesome.com tcp
US 172.64.206.38:443 use.fontawesome.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
BE 88.221.83.187:443 r.bing.com tcp
N/A 224.0.0.251:5353 udp
BE 2.17.107.105:443 r.bing.com tcp
BE 2.17.107.105:443 r.bing.com tcp
BE 88.221.83.187:443 r.bing.com tcp
BE 88.221.83.187:443 r.bing.com tcp
N/A 127.0.0.1:3000 tcp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
GB 64.210.156.16:443 ew.phncdn.com tcp
GB 64.210.156.16:443 ew.phncdn.com tcp
GB 64.210.156.16:443 ew.phncdn.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.17:443 ew.phncdn.com tcp
US 104.17.248.203:443 unpkg.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
US 66.254.114.154:443 ads.trafficjunky.net tcp
GB 64.210.156.6:443 network.nutaku.net tcp
GB 64.210.156.6:443 network.nutaku.net tcp
GB 64.210.156.6:443 network.nutaku.net tcp
GB 64.210.156.3:443 network.nutaku.net tcp
GB 142.250.179.251:443 storage.googleapis.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
GB 142.250.178.14:443 analytics.google.com tcp
GB 142.250.178.14:443 analytics.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 2.17.251.5:443 aefd.nelreports.net tcp
US 2.17.251.5:443 aefd.nelreports.net tcp
US 2.17.251.5:443 aefd.nelreports.net udp
DE 18.66.192.39:443 static.hotjar.com tcp
DE 18.66.192.39:443 static.hotjar.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
GB 64.210.156.16:443 ew.phncdn.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 66.254.114.171:443 a.adtng.com tcp
GB 64.210.156.18:443 ew.phncdn.com tcp
GB 64.210.156.3:443 network.nutaku.net tcp
GB 64.210.156.19:443 ew.phncdn.com tcp
GB 64.210.156.19:443 ew.phncdn.com tcp
GB 64.210.156.19:443 ew.phncdn.com tcp
GB 64.210.156.19:443 ew.phncdn.com tcp
DE 18.173.154.61:443 script.hotjar.com tcp
GB 64.210.156.21:443 ew.phncdn.com tcp
GB 64.210.156.3:443 network.nutaku.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 64.210.156.3:443 network.nutaku.net tcp
US 66.254.114.62:443 etahub.com tcp
GB 64.210.156.18:443 ew.phncdn.com tcp
GB 64.210.156.6:443 network.nutaku.net tcp
US 66.254.114.171:443 a.adtng.com tcp
US 66.254.114.154:443 ads.trafficjunky.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 89.187.167.20:443 iv-h.phncdn.com tcp
US 104.26.1.5:443 keyauth.win tcp
US 104.26.1.5:443 keyauth.win tcp
N/A 127.0.0.1:50811 tcp
N/A 127.0.0.1:50813 tcp
N/A 127.0.0.1:50818 tcp
N/A 127.0.0.1:50820 tcp

Files

memory/4912-0-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-1-0x00007FFC643A0000-0x00007FFC645A9000-memory.dmp

memory/4912-2-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-3-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-4-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-5-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-6-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-7-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-8-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce319bd3ed3c89069337a6292042bbe0
SHA1 7e058bce90e1940293044abffe993adf67d8d888
SHA256 34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512 d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12b71c4e45a845b5f29a54abb695e302
SHA1 8699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256 c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA512 09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

\??\pipe\LOCAL\crashpad_2900_YVRRRUOKDTTHHRZW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05d34b6b2f582c0d2781ccc0625d5b12
SHA1 f19ba7530443da1b1fd57f02e6a606ab28bccce5
SHA256 48a84d2de1bf813ada93cddd5dbec3fc0de4804a47f7ad862e3e473e7b2209ee
SHA512 e594f27f5c351ee83779cd0ca3cfebb55c0dae1ef7efeb8845927d05567322eefbef562ecafeb472e3ac99d9edac5b55b775634f1e54a7d6a5213c8dbae24cb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fdbfee94bd358f8968743e5a7db31e2
SHA1 2d0d2bdff9f45bbcaedb3d87bb5f663868d9091d
SHA256 5fe4a4e3d9ae6a8df782b88bf04df11846d5d35b89e8f32160c3ac304cb2a989
SHA512 e008eb2a3b59fe0ef27d18840d042d886d6fcccbc14ca3f82b9de6f583018eab9748712491a5b1a1336b75386af744fda502d049291920ceba33f513965ee4d8

memory/4912-91-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d8b5f54d29fdc63e4b8b9fe52ac52e5d
SHA1 c46755289f2a8f4ee5b8f8c4c1dd0703429c77af
SHA256 953efef1e33834d2224ae18356f319641069c66738f6421e8a6cbbd8caecaadf
SHA512 92052edce2f5cf898fcdee0015e9411668fdba56678f7a351137a630b2a09bdd64952ead60bd5712e18be7f0a92594676da535096d84595462c0e9ac62aed040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8fbda88265356e43e7e5c3ba2dc331c
SHA1 a2c0fc75469ec7543ca146eab49b72884e44414e
SHA256 195863a2416959a99c1bd909a34c42f39233e93c843fed9b3b837d90ebdd5fc2
SHA512 9bc71d84723d8ac6f7096bf34f984b5e1f9804c0a30d448e5555eda47dbbdca6520a12bbf810c504bcaaa0d27365c536ce134c92d9a859fb0bbb19f9336c5025

memory/4912-215-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-250-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff83a65b457477dd5160165be8870453
SHA1 b5758e6d0415cf26edd7e0c336df975049a5f66b
SHA256 d922118d5e8e426e3553a16cb7c3c2d73f760480c1a00984c738450a6d80c2c2
SHA512 960ae3c31ab2344ed8f5b84a7d56ae176b0ffa6acf8f0984dc8579ddb09ab2a2ec2382ff77b5a765f8dd960783b90fcb6c34a9ffad681b555ccb5553264a4a79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

memory/4912-274-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-275-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-391-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-392-0x00007FFC643A0000-0x00007FFC645A9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42c9303c1fa220a8e6a961c5f55e04dc
SHA1 5de0340f6f3c9d513d7a7f95cac4df43a81246fe
SHA256 c059e057952eb80b757fff1efd59d959af8257c5c9340b02e7c675ad1513495d
SHA512 a10d42400b2e3c014647334b362180919f384ff017cdfb028751106e51b0a269539555cf3ff9cbb59a29502c204c0a16d31f180a5d798cac4165d55c60dfcd07

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/4912-434-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9986618ff14e07dc3102ecacae6d1392
SHA1 de26cc9eb371c5fc561927c859161d6352b28696
SHA256 464ad8294401dd7738e5c66e6ddef2f7cf9af47fb6417a4f946f9af2c4e52f05
SHA512 cf0ff200e87c75b56025f7f74801d931025a3b548b2c3974f6d281bbb0708dbdeacf733e3e40d1ba49ce414de643ec805d2298feb47031de44a52ae3cc5a412b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d4df.TMP

MD5 3a19c42f2916bddef34134079c709a26
SHA1 b795d0b4cff3bc5318479a8ba419eccb4dc86643
SHA256 0360421696195314bb5981c640fe8ca0a54ff75653bdb1146dead3f89a27e9f9
SHA512 0cf9abb8c9788fab8a18b2218335c7dcdd1da118bc8c0715c66f85645d45254da61b0c12cf2db7344f4450a380fc98433bf2f3c310a1ac931fbcd3ce27571990

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5118755eb2c3b7fd8065b13cc70c18f
SHA1 873479454e7d3ff2eabc3c4b0d325528159d75e5
SHA256 7443af3df0b2a5bf1231298fdd4e2ac987d0b8a0ea7ac1c8a74ac6aaf3d665e5
SHA512 3ca14ff0e5b492977ec097d7758d3e50155ab84cf9046056e41243e15fd18f56a8f7015adc0543eeb7144fcec3be16014365110de368629cf1210c0bf88640eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/4912-594-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0990017ce7f2fbc17ee9ceb9817ad8b3
SHA1 6608b19efd21add0bbd106eecc504e4e527b2c02
SHA256 a5de4874c9561ebaadca09d686cd623cf338730bd5f5a2698edf73529903ad58
SHA512 6d875ce47d0a877ba634d6dc9136fc058c2c7b14aab016111fc6e10480bae97dbdd8f9a86633082a616b9190b126292fcc8cb080bcd437bfea0aaf2f96c68c62

memory/4912-627-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d599303236bb9676e205a459b32424a0
SHA1 d512acabc4ecc391ac0fbdf1a822b0f7b604daec
SHA256 92bf230dc415d01cd8322b40c7b304bfafdc4f035f2330f27e5c98c6a9217104
SHA512 11f5a2860ad4b194f1e753df8e248020e39db2b2241c3b02d2ccff6fca2c6eae07ae22b27de58967b92732d44b4d80eedaf68dc1533685196530cb93de9217af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 8ff42b760d33ac3eab8db029f3813afc
SHA1 3739c9639f09f5126b22ae442dffd01ca1ee0886
SHA256 02c861339110f8e917bc592deafaba09ea20d5061658a31ce8a182e25e4b6bc5
SHA512 eabb7e2f8398706354f7ae82e6a8f5294baa605009adc890aca4f40817c4921a2168e915afc0830840a9918de36c6e4ab1ba136e6ab41bb7db744ad1c0a26501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 d6f862353c2433098d82725f90a0e280
SHA1 55ab2e7e58fd35c99aec7fb52849d866eaefc438
SHA256 719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38
SHA512 0de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 5faa2facf1a28f6bd1c10e568f17074b
SHA1 04f20db7e5ddef7c8a2b583772c2137106eb12d5
SHA256 240bcb4c76b69ccfad67b80c9e372681ca6bab5c584528c042bc917362b7c89a
SHA512 1b91ad50f67d08aea447fe81bfd6468ff412759d0e88b130811162ef1c64a1d8e763c1984c674c56171a7578625978edcb74377441641b00e55dbcc790dbcc31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 48c80c7c28b5b00a8b4ff94a22b72fe3
SHA1 d57303c2ad2fd5cedc5cb20f264a6965a7819cee
SHA256 6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
SHA512 c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 34e8999c465fe11d2bcedcf94addd39a
SHA1 3af8608cebdb68c4ac4cdba6d927467f39b6be11
SHA256 9bf6e502cf5825d79a72759e4b3e59ee54839ee7c8a194218dc5d7471cb97d37
SHA512 8420c2fbcfec65ca905219913dd37ee446849106c12cdead13e800a9c884fbd732e8078ead4dae65a94a4b3e50834aec2a862c4c76dc14608555d4bd733f1a16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 f85e85276ba5f87111add53684ec3fcb
SHA1 ecaf9aa3c5dd50eca0b83f1fb9effad801336441
SHA256 4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432
SHA512 1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

memory/4912-768-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8c565e17cd4286584dc6132268b5a63
SHA1 af746674365b2cae0bf796da661ad7be68526383
SHA256 d07ab787a5d43095a230ac39e88e9206396bcc85a8ea932bc6fb7738665f9833
SHA512 004395fb624652acf046babb938a6254dbeea106d04ef20037651f23f2bca0aad209e6a3de256b6d335d0d017b92056fe0f55fb5554988ae8c36bdb6e580814d

memory/4912-811-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 febccef2c5124f3383fc00baa2d2543f
SHA1 2de1942bbcc4dd28f9aa32b8472c603c86314915
SHA256 38376c18b8f2a94d161263d98a6b938c73188664c0de239ec2639aa894d30443
SHA512 ad45c37bd1f8906c868fb6984bfe41caa1ede108fd170a02cdc3a3177be7277f106209143080589708cd9d4c27d1b433086b640006635f21c0b954d61a1372d4

memory/4912-844-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a48ecfb9cce39ca19ec4498263a1320f
SHA1 0d1bca9ceea15b074f262e4e3486420738949042
SHA256 1873822e861410b5f29b6852d39123dc2dcf32ae9933007c85ebb219defc2b86
SHA512 3ffebef35974575cb28fa4ccaad2c092d8aa12969f5210aef4a9dc28e74e31c10ba3c44183896f9f916d9294fbfc2d9222b9529ca9f8db93981a7499ccc4325f

memory/4912-864-0x00007FF713560000-0x00007FF714116000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 576b3fc7f16b7a8b77dafab242e23b8b
SHA1 146219ab9fd0fb9a0aa78ee6365b00fe1fd42a20
SHA256 dd1946b9466bc1c0650937b5ba6f6a83e1c36c130032e60382d09423cd3f5bd5
SHA512 e1e96cb0270e5d98398c514e3c41b0c3dfb93287c506ff1c1f976ab00fac824bcd09c3c58f043744a0ff615898a9fd50ecf2bf9059222d556c1a0498c6eb0f30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6fae8d3460ef111f97298434695326e2
SHA1 f9bdaed09f53da2424c28ce7ce9a8f30453022a4
SHA256 a8e788215c100481b0d38eef2ca89682ca54f966567193df14fa206b3fbd58f2
SHA512 7337004a9c70fd34a8faa22bec6167303a070335752ef6b833b18f13b6fe5f8bb65cc0d6b5290fb3dd86ac2a5ab48d346072d6115e9fb2e6931964e79434cb31

memory/4912-957-0x00007FF713560000-0x00007FF714116000-memory.dmp

memory/4912-958-0x00007FFC643A0000-0x00007FFC645A9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c72e.TMP

MD5 44d2431b3c56cc0860fbc2cf82a8f99a
SHA1 3c93922db05dc933134c8b30cc6fa5047fefb343
SHA256 3a4b6e221be51a24a6e72249e9b4810f3854b2bd8e41f83af2c0bd319fd5d28d
SHA512 4bf09808d7c4eca3f2ebaa082272b64fe30c160887ef79f8ca4c6566c9303c9a0246e0cd7761050b7a88c64127589677dd36a5be6e00183085f10bd38082637a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7fa292d3a415eefd07b8d48dee0efdb7
SHA1 3d25e3e774d52c81a305df367b8005321ee6e6df
SHA256 aa7832fb57251db1a21e06d03a00b56745c899909548fa1ac8a1e01065996b45
SHA512 5b46be65404e6e93b925c895020be2612c9dda3bdc0a2d5214261d9537087c1a7c0b4b274268f3a598675ecc07478fe578779cec5a69c890963213e02ddfe99a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 baf9b5094d566ef908392ae9c9a4d770
SHA1 cb145c206c34db54287f1448553e8a9e6eba4cfa
SHA256 4cf877cec9eddcdcb6b5d83b4d12ccc5e552040c7c7dcc2e28fe11535a394c38
SHA512 ea99f4e11d6fa0ec48876c1f164d0150d61c206cdc313196cb4968c23ff9689345c026aeba0d72af383e45c68eb6be24d389ba2c8bee44f7ec92e79c9dbe2aff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a81952208055af46d950c7b43aff525
SHA1 38336d4388b2d19c99c04f4baae9a61a82acb825
SHA256 869263b997d406e7d09276437d636223b49e2df057b7e1156e694db16637f4d0
SHA512 911d5166c50a24cb9ab3828027baec7c75985cb4cc446d91e80476676a1dac71333ee6c9bc2407dbe10a77be6743c57ec20a2ec4696d850682ba0fe2719074a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 268ed5b953364f64d1022026141e289c
SHA1 df304269182242a2ded336d6d7394b01adf81d8b
SHA256 37a4bc4866a2b1e4bbc308689a1c93978909b07487d75ea2e16e5c26b08851bd
SHA512 5402b0a7a13c35dbc31b2f0197defd79e57b789abb8516a4e2708b2665537c148bbce16d5a4db2664a013951d1351ec9b9907738b1a17dba6ee49489a65caa35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff781dee733bd573e0dadb73888acd1f
SHA1 e33c8de41cff61d25faf526b5c95b6f7746f454d
SHA256 3a1b3b28c2f7191da497a05b92122a348b234cb0441c5e6deac04a65411f0b1d
SHA512 9b129e8e3d4ebe06716dd44d0ca8c06595b1d0f5b737c108a3153d79aba275b5469e27e504ed6a7ab372c5e0d8c89d0c3652c7e15a78c4950a6ca0f7fd856952

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f24a43d2857d80933b4e62b334849a9
SHA1 219d7324693538bc65db52ab355bbe42afb7c666
SHA256 dd83f55d6654b36975978bd9cdf1db7bfdc1d061f1e7fa028278547487f54ab8
SHA512 1641f3ed2eceedd323151ec018fa4024f850336b6173556ab838052b81cb2d14c8642b67a64c62cfcd52a5c03990af08a49b3b759c03b1da33fbcab0ee681fdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a6bd1c9e72e9e05cdfc92cb1fe2982a
SHA1 01d2da0d62e40c9bdf4ae7c75ba4d829e8ec2e88
SHA256 5df54ba87046798a6339e8d5196b4fa126fecf5e40b53ff5c5b0ca152a9ad955
SHA512 e9e42a3fb20b29365f0cbbae499abc17201590523a706762f87a2b8f8285a531e3f7f06cdaadd6598ec24dc4c4b0a9e8dc1c8a5a098586d125eec7bcd5a27a64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad606fe9f555ec9ebf89b387d37c4f88
SHA1 45d1ad266edcfe7b22692099186b55318e3d0381
SHA256 04c9a839207f0fb0737566479e55a1f119f493aaa43fc48767be3b51dfdeb1d0
SHA512 c80e8293e29541e892e0b684e48da83dbd26c0e591303b8783426fae3bbc14f904b4380cce9178477f0ccc70da27b5fbb5835c9c729bee7f09630c5166e1ef38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a3336337a4becf0995149dc9bb45823
SHA1 5ded58c4d47ba86a63e2879c2aeada84d6a2d83d
SHA256 99d2db259cd9085517b664a6411261e812e22ab3afb47907546efae45070944c
SHA512 f5956910c8c96ee7fd8443adb9862e26fecf3011efc58fdb24d2058f52de2eb8b888021a1c5807987c3651a255e39183d393c2795c4e73ead535ae2ff3970ac0