19270891b1012e8c844c2652cf3e8701dd5b4b9c7c26252082d6aec3bd71e2c3

Analysis

max time kernel
296s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Papers, Please.lnk
Size

1KB
MD5

429bfefd0bdcbca9038d18dca715d834
SHA1

5914f7324dfaca8dfde121ea0abf058cd3b289cb
SHA256

19270891b1012e8c844c2652cf3e8701dd5b4b9c7c26252082d6aec3bd71e2c3
SHA512

176be0218db7c18c99b241217984b6f88aa368f8cfc0e578de97799cd7f038b003f8d909951bfb0b09fa4aa6ac8584939e397acf0bcf8d75ef39cfff7ded487b

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Control Panel\International\Geo\Nation	Nezur.exe

Executes dropped EXE 1 IoCs

pid	Process
2020	Nezur.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Nezur_Loader.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
5828	msedge.exe
5828	msedge.exe
5348	msedge.exe
5348	msedge.exe
2668	msedge.exe
2668	msedge.exe
640	identity_helper.exe
640	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeRestorePrivilege	5412	7zG.exe
Token: 35	5412	7zG.exe
Token: SeSecurityPrivilege	5412	7zG.exe
Token: SeSecurityPrivilege	5412	7zG.exe
Token: SeDebugPrivilege	2020	Nezur.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeManageVolumePrivilege	5176	svchost.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
5412	7zG.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
2020	Nezur.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 4944 wrote to memory of 3452	4944	firefox.exe	95
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 2764	3452	firefox.exe	96
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97
PID 3452 wrote to memory of 3692	3452	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Papers, Please.lnk"
1⤵
PID:1464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.0.1178207217\531058972" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8118a12-dfa1-4eb1-93e9-bc0ad80a8504} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1820 1bf7b922b58 gpu
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.1.461877115\1834148510" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf44286c-722e-455b-97c2-eedfde2d0f3e} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2388 1bf6ec8a858 socket
    3⤵
    PID:3692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.2.360032121\1796756482" -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 2880 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ad7a03f-06ab-4a4d-a78f-7b6dba8f924e} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2796 1bf7e6d8f58 tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.3.1222245733\1295645527" -childID 2 -isForBrowser -prefsHandle 3892 -prefMapHandle 3888 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ee2d125-e121-4e50-8a4d-e5b30ce7ecb1} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3904 1bf80baf958 tab
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.4.54100909\1047180059" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4996 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {156085f5-8d8b-4b2e-9c92-4d926fa67768} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 4860 1bf826c0b58 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.5.866647199\824762864" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93ee8f39-2c07-428c-a776-023819a5468a} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 5148 1bf826c1d58 tab
    3⤵
    PID:4736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.6.870950991\1056731192" -childID 5 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd16c135-82ff-482d-80c6-244eb578f994} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 5376 1bf826c2658 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.7.955621309\977257395" -childID 6 -isForBrowser -prefsHandle 5940 -prefMapHandle 5936 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {912e8711-59aa-4ac3-91d8-aee2be1fd620} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3012 1bf7ac2d558 tab
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.8.1861680099\1290418083" -parentBuildID 20230214051806 -prefsHandle 6068 -prefMapHandle 5420 -prefsLen 27776 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1070ae3-9ba0-45ff-a368-cac3da7ba607} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 6080 1bf84198858 rdd
    3⤵
    PID:768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.9.885583152\1301007252" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6072 -prefMapHandle 5000 -prefsLen 27776 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8f144bb-643a-477b-9fea-1eac63b8c09e} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 5200 1bf84198e58 utility
    3⤵
    PID:1164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5508

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nezur_Loader\" -ad -an -ai#7zMap31154:86:7zEvent19179
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5412

C:\Users\Admin\Downloads\Nezur_Loader\Nezur.exe
"C:\Users\Admin\Downloads\Nezur_Loader\Nezur.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/product/41-nezur-key-bypass-lifetime-license/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec68c46f8,0x7ffec68c4708,0x7ffec68c4718
    3⤵
    PID:5996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
    3⤵
    PID:6044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
    3⤵
    PID:6064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4624013556253187364,7687159167729196548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
    3⤵
    PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nezur.io/key
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec68c46f8,0x7ffec68c4708,0x7ffec68c4718
    3⤵
    PID:5544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:3596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
    3⤵
    PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 /prefetch:8
    3⤵
    PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
    3⤵
    PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
    3⤵
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
    3⤵
    PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6384 /prefetch:8
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4104 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,4683159060659153356,15881764617265880894,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5556 /prefetch:8
    3⤵
    PID:6436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x474
1⤵
PID:3080

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
f999f7af94ef334ba8a39811c46aba7e

SHA1
2481f67f6e5174f0c912ba1de944e7305637aa1d

SHA256
61bd5d225ca85b7f2116beb6d6c75aaaa8cee5addec48317bb67ac14d07235c9

SHA512
4e71992b3065c8d48201303ef0404bc1fa673349db6c9b367f7d74565a675ec51e28b4c274965eaf86a2e39e957a3d89054d41fa261a34f886b47a22d1eff26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21ffdc8d160d3f5a62b2d1e1203565be

SHA1
37e49ff09a6c4037e2a1d0aeeefe7c886c0b281c

SHA256
fa7eecffe4fb71cd0d0aaf77627209cc6b97115915d9d3c2c7b06ad93affd2a5

SHA512
3fb8fe31ff8995fd624b2857b2359c47bffb6703fa2fc139108a184d27e4bc033ad9518616179cb2779f1bc591552c7cbbd6c19729947898a3fb1f0b20ce3bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
39f7a59d0a4cbe6642e8e5f0f8eedc44

SHA1
ff820a678bac608985c147a8ac203f7189537416

SHA256
57dc0496fc34b81a47f1cd2107de82721063ed6c4d93d2ec9b300d9c6250838a

SHA512
03de0cffb1d4201ab875b54fb618a113e3b61c3a77c02c9e34fcbb610eee2e2f38a8eeaba609be1ebd13d728d27fe3d9c5fb092aae8ae963a8bc3ce3e01213b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c2d5c5d661753aac165406ff21304d96

SHA1
67bfd7ab8abcff2d3107117b9bb8f7849a4350db

SHA256
7f1762c4a1c6f55b4788863c6cab7ac170ee023a1f7bfef13608897f308f27bf

SHA512
0422cf03f2b5184235380f42c968c9ff7218809b1a644ba7e3d2287dbb1225591c58c73c27a59efdecda16fc49ecabfa73add29a2b0aae317ff5b16ca80bf423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9204db385e0bae8a3725cb8c7ceb8d26

SHA1
9c5977fc499d5d66f7ff7e49d26b538259216526

SHA256
78376c63a4562910eebf1baedc7d2f742020abf0899d66aa971a8508edb52152

SHA512
7ce51c46f0df8bd5e52eab0293a98e875e59132c524077dbd1a8b40977e42a7f6ad1ccb412a0a59dc9e9ebdcf3fead217cdd9046ccbaac93ad6fea43ae7035f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
b6d7b6674d8962b2624cf076a6aa3728

SHA1
4d2bde6144f87b81963b2de22b4a1bcfe26414ab

SHA256
32edb88e2a21403a7327c37ceed0be7fa85c4124121bc6a58616228efb810f28

SHA512
9d110f43263b1e30e913e815652a5de0b86b7fca369d1b116ca1e9c82954b742d2d20a532754da85c8c8ed1309e2578331a23dcfc891ff2b5f936f8f8a232f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a13f47b478d4a02a7f1c6201dd7f4f61

SHA1
44b17d4d6734b73f4c40849625f3425d7999386f

SHA256
a3006a48823a279ee9323c4857af32bf9524b3873caca2414e1ce833770da038

SHA512
b3f1ae38c52437c48cba752acc07a9af9be1c0f87a62cd486210ed16730ed393e8d9186f0fbb2a5a8b6887742e41c651d30540776fd18ed8bef44d90d6b7cbc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
75be740c4bbc5fa4f7411448729105bd

SHA1
496b81b6b84030694cf49601f609b6bddd1ec4a2

SHA256
0ee5daf11e4b47d4097bc49ed38bcf5b85a6c91074ac73179a1437ee3c504c07

SHA512
d371043b2ed5dda74b0a10370527930ff0a7b83c904b88099ca4f5397cde2017fadeb772ed2dd9ef49dbc557162e6fdf32a8d8f74ba84b1178b470bb0b660b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
f774427df2877479c482577b1094481f

SHA1
e907649965b06482495668fa77c7dd5bc0b28ddd

SHA256
0b0c69fb05023903cfcb5e4a33b73759a00c2ea8094d6df40e9b9501466af4d4

SHA512
cb005bb7ed40713c827cbb8737f51f4ba9a89279422c78de88d727787e62e201237076d2fed213f079fde8d1532ca6c41661404fa5b9898df7f899039e536efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6aaa3a881042aedea2ca125e0620a99f

SHA1
f2af721aa17c3984025af74fd90e92ad9e082b9b

SHA256
5078906a03d15cd56e4d4a4f0b5d6f82d985b4141b21c8f8b9c5817064ee5eb9

SHA512
54da2a40aa367cfdb2faec9866e9348fa9872fc4bd6565897ccc973fddb8c6fbca5855f31ed5c98fe20be8c93f0510d3795d0184eb835662e7f0a54390acece5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
cc5607908a15309938fa29031cb6dc6e

SHA1
1c8f246ad9b1017c98d9954c15b22d865e2a96ab

SHA256
7bf7a73c63908d6dfb6d13c0e5663c8b1f4674d49257cb6ef453072428f09156

SHA512
d3c9ffe70a75177eb5f7e04c28040c15e341c29dfb055c6647a45c7741cbeb8a8f164e28e9532647a159d96ea6b84e257dec81d1784604753f3bf36c0cd6c86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
e8d2dc455bb809e0583e2e351e2d116c

SHA1
1272a2c8fb0b5f8cd24c80289205ff4a5afac18c

SHA256
c55222196d68b80121ac63d5cbf760150bc6c4da83c6fd66ec65fff715dfd2bc

SHA512
19de4f3e3e3ab7b2cf023cd8b85036844791ff51f4feb7d3b28a34b31cc23ff86049e1dfd11008341f04c1cef732dbbd57f615411a248d2bc6865c85388eb210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
9c9dea9da088544d0347c458e18a74f9

SHA1
922869d23c31b73609d6f8d9d4f2a39ed3d5a59e

SHA256
634770f70aee816bf987982ed19e8e648621adb25681143856b565a6b13e1aa8

SHA512
494c72a8de90ee84a43e5c7ea54c7d142ce97f6f25c2a8e7c3d3b5b3bc02018b8f072af4c3e2d6c45ce8744ba24e0246d5165e3aabd833ed62ef1fc344cb8df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2b57573b5532a169881f2b6b208ed4ee

SHA1
21157b775de7be20d10bf57aba4bc98f2536c4f2

SHA256
14a6556c95be941c7d762887962090190587201d8eee7642a514b4ce8fdad6f2

SHA512
6583f749bb4de90eac31691427b7ab1b580c762cb7e6ecf1ce469cdd295c8d31111e6d20dd96eb3db217b51497b8a9eb2661476448fc51abdc41f87d7cd01416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
a3d56ff208cd4bab140efb2e0d018366

SHA1
54616799f4435120ab623532f45dddbdb86b8d9f

SHA256
c2f95031ef183e12817222805fcb19cd38fd58838cd25d4faa4163fb6fb2f690

SHA512
c1f3cda57e45a17f4bcc04c99eafa5b5fc301b0ba67a0e590b41efc18de8fe9b81aaec88f4ed38e711ed2a426d696ac73f42da32a54bfcbeecbae64c4c127f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
9e675bc597c7f0d2c3509929d6cb7f70

SHA1
586b142e9f24939c314e35290f3a0cb10f6e1cd2

SHA256
d010f4140fa71648cfdd836c85d7f46a1909d9dec5f73a03e6f54c7ce49a4587

SHA512
86cb6b318f28e4963c8c55efd3eea2ca790b1d75a43754aebc3062f61f657eee64d550e530a9ebc9ba410457646cbd5840d5530ccb97dd23d13805aab4d01c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
170B

MD5
e0fae414f1c53eed33fb24e04782e7db

SHA1
d3cf7e352e80f5f823bed21820f20dd4ab5e0a96

SHA256
ce268d5293140b2ed0dbfbf3a0a4396b4afc1e125a4aed02362b908adccdd958

SHA512
8f1fb47a3e977052bb6631255bc421a45cc20976178e36b9e70bb4421e5d3f91a60f890028667ef036b40fa2d9740e54249480a2c91e54abd7a877feed0a8819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
fe505c92ebab8d836ccaf7a780b1c04e

SHA1
96e4f63dd20aa68dade16b54d6faa0545c2f635e

SHA256
2f185f569cb5f591d8ec10d5f102941e6db0eb375aae0d234821ec21fa416f35

SHA512
6cbc4c5e31ed69113e4cbdde2bae96f902539501c2754739b29438701578b6d45b6cf9251383d5edb70b9c7f5912b977d0adfdeb8613a9a1c30b77e3e9b4ffa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
de2c59a2c63ee0fb01d10e9b1d9ded6d

SHA1
06df6bdf3faae7c8a3943116269b81a41619e2ee

SHA256
c74b949d4bec4b8ff99dfc22c2080d6d08a39c19af618a33d72724aef849fda5

SHA512
c9efde40aa82572debfa0670f699f0239c957012ca630d0ad2cb652f1f2fb39d8835689108ab18bf24026c425bdef30a4db3fc3e46e7c988a60e8e14060e6871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9a6898391f4aa927705a480ee4625532

SHA1
87fe4061c0d0be1435603dc1429b64a4d2c33670

SHA256
8600db047ceb7098b082b9b6a400bce34dfe7f5dae399c006e6a0b2f1b8bcdfb

SHA512
a6630cf8dea4735cf979c85f35970ab07b54ecd9b6dea95696848a803d888b404abf621427a8229a60864e692b85f0da963fcf361819159404765a9b674f79ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
040237b591cf96236427a2ab903fc214

SHA1
bac097b7f44d920dfacdf1d82ac25c5ceeb63b69

SHA256
1ec69d07a4b1f1608a13fa8f42d9a67314a1106c16df2e183ee9120ec3349354

SHA512
a791520c98decb1ad5098025d72c5ae42249275c31b9bcc1b3324bd525be92472e2bbd957f1aa3bb0eea8862659ceb32d6e8b029e9b3f146b43b217f3b812127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb10997a1eba83e4fb4bdd7e49756930

SHA1
3daeda012b90972799bf4aaf9dbec2e2405c2ce7

SHA256
6378f30fdfc6b929e21173842b2c982eb8ddce4ee0f62774d5dd8afea8a488b1

SHA512
68fada8a9183d91b5f12706173a9e1e56081533978e92fe86d975d240718098d0d1e228b62946b2c36fffd8e3a24b50882683a243be586860ae3eb31a1a0f7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbaca0debdf7547825a98d87aa9eebbe

SHA1
26dd7f798e5b474586116791b133c6e3b4c29241

SHA256
5bc0ce1ca3def29426d8f217ed050bc9eb660fd9c182c88eca4a99bbb82f4ccd

SHA512
39c7641b7d1adefdb6a3f33d102e7d9dca807938898b1b86f3fb328402d8c13c2397b9d907aebad114b1c4359821e8a474c2e7231562a64ccbe6cd3449907dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0c16485d7b562c7802ef77ff865c5b1

SHA1
45499e75c7ea79715b6dc1d5cb8f3f060c72e96c

SHA256
6abcb93843df46af403436f487d944f45407bb6304b92c06d82b79bf264f7c59

SHA512
4a105287c78cad636002a6c2d0346c8e27db7d9611b9011b2f42f25a1ad589e88d202fb2f5a34553e8d237a0bbaaf11f170d957d5b0fef56c069eb45cd4f4ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e8c5f43b88945876e93a963d6fe6904c

SHA1
5df70e5460b18dbf81a1ee01ccc00ad84f3d8fb3

SHA256
7ab8e94a76b2cffe860e19d6b2ea6605f902e08f9234f12bba64a16804cdb121

SHA512
5abf012d0c0e0e6618a4c9c9ee1f9155d890815dfb25c96d6bad93b48b5b67ef4106e43f7c958aa9e900b644af0d9db1afc0ae76e241b439a4b64bfb10b7a8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d7ddefcc608a36833af6edbb3b5e089f

SHA1
2aae07ce0372b082bd62636bb904de70d422a1e7

SHA256
3804437d565cdc71b7b5a88e775e6a7096b930b013ecd90c963cfab4f8b06155

SHA512
d09a851a17df1d3f7f6c5a0a13bd2923969503f98381a9d093e662164431bcf03b6ddefc1002437fcec2906accb4556adc13771f7c2990680b85b351ab3b36f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2595d80b13d9d1451fece82ec65eeb15

SHA1
c11fb3397122295cd9d72c7bd2cf17b91265669a

SHA256
eec8799ccd3b7c315f7308cd84917cfbb1ec2f8e9e34830f1b42cdf628cb66cc

SHA512
d894a70217c8215b19befb6b810ce4e4f9b95e02657b6b258aaaf172955fe1bc656377e73082de8b1587e226e82d80c774380807869a08d717d6fea43cf3425e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
938b49c86ac2135de5fff6132f937cc8

SHA1
483cb999c5e50846a6901c9c1a44c878012dd088

SHA256
bc0e3c25194aa9bc05bc503a9fd826e5cd5c35789a6352279b7e855c677637e7

SHA512
086b40032eaf4df64e2a86d963e4282184070215cb689893c0b9c0afab15f3eb5c631d69118381d00ae630bef3f43c547a4286cdd13b8a152d4a36577a791f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
283b6d624a128ec9799f5f1efd3d9df4

SHA1
3aaaabce3a06e4865a89520593a8225396060a41

SHA256
7334f96f315bd852c4a5db9975124e1a5efa8d815e5ff6700be3990e84988fde

SHA512
141d67ac5dd76fcb809140b5dff6e3e6f3a3cbbf6ea4c48cc169ef5f7dbe168e04237891c649988ffe20d48266b8c27b97c6535c6fef30d5601fb8cabbb7cf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
6f2983268a3cd9c1795fbb41533cdfbd

SHA1
ad1e24ebc97c319ce860007b4a8f26567c106f60

SHA256
e59db28f23e0fc4318cbd10ddc12aa6caacf93a90d0539491fbbb3eba6b10efe

SHA512
83ca9faf3ea15bc7200ebba7a443fae126a341862414f33255fd26d70d9e535afafc08cb371388c6f8fda414a0eac91bb33e8932f02568f5f28c531efdca0ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\5dd3f236-d04f-47d3-9b2b-4d845ba03aff\index-dir\the-real-index

Filesize
5KB

MD5
2ab1cd2e93647fef19e7c8083260f059

SHA1
39faaf891519e1ba71f080cabd38cfe34172ae6c

SHA256
72dfc7969c6ac40ab2cbcf290320d3592cce9d4631cfd3ebd68cd2a8e5e5ff95

SHA512
cb6ea8a83560a87b6b0bf0e51d50237c5c58846b9b8fcafb40c50596a886541c96457d37db40894466c149bd086ce2f5c1b05d4dc8738e8db8a9acc9bd49b22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\5dd3f236-d04f-47d3-9b2b-4d845ba03aff\index-dir\the-real-index~RFe5bad63.TMP

Filesize
48B

MD5
21f3b6845f17dee94942ef63ea3a258c

SHA1
fa98191b26b1a8ebc5bf3f6e537bbb3edd534ea0

SHA256
6960828873a6d7475e1ddffd216ff18c43aa890e5f06e2c43ab22a171eea6028

SHA512
82189a95c398c18c631c9fad75bd39119d5038057df84a644c8085ba572672e3c66e48aa905a6b20e931724bf6d9d5f787ea9f0c708290372129e1fa5c011168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
44ffb2060707356b84cabf574d5fb588

SHA1
da41e331d2f2f21167769ab655ec66ab060e0ddf

SHA256
8364ef6dfe30619a5609fdbdf516c7ae274c3e60eda122f1270eab762d4aefc6

SHA512
1cef7efc7abe017af860f716f4dcfc3811ca1704c0bcc787604e625f77bd8033de46f1c6751f539cc9d7175ea8a091f96492444aa9d278fcc4df16c0102b5fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
8775c16aeafb370c39d0ed2e789c8f84

SHA1
2e4ff0b3889b770b9a2c54b767357d9f7aac26e0

SHA256
423174718cb032a716205099d14f671cc4ffbe3857991f9e7dcc1bc1dcd12eb5

SHA512
fac303ac372cf79a8468339499714200e4b68605cd75fc211d93b70231a2df3e052474e50b57d1b200660a4d2df7a8fba8089b72c0598f00b6f7f9b1fbb02864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
07a6b0c3379d6197349aa5071ee72c0e

SHA1
194fd6ff0d1354880e094eb1d8c82d4f7db45b5b

SHA256
704e50b5ae7b0831bca3ac707185f1a5fa196f0493dd7e196764238db6da5f9d

SHA512
921bcbf1e7d9ce3108eea85c1861788e0152a8608583a5a2cf56c9bde98477b6128dfb9375a9f84765e4277659f78d486762f1ac47c4e5c8a33c9ce21182a2de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aeec6.TMP

Filesize
72B

MD5
d0781e1e418ba4bb3a20b38d41035145

SHA1
a883040c5ce846bbcd52c7607a14904b7b347cac

SHA256
2204d4edb9a2b9aad175be0da43f1775be0c2e8e0440d2a92400f710e66564e7

SHA512
80503e2d03c926ba5c655144a7429ae05bb2a3acaae3f37cfbb7126ad0ba7ed49b77fce2f14f22d359a87baf7b9d4ddacf3c608876a6a386ed8377e20ba712ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
2477005e1d43b689c6d039da38f73718

SHA1
e71f273ab80f3df5f2af82465056811eb808e92d

SHA256
5559d6c83295bec86104340035f8b62bede38842fdbd054d75845231e514df2c

SHA512
dce5889542f2033e4cc89454df80ca01a7a3af8e39ac75ea458a92a90532fb853e793f2d7a3be8bee9e2ff151069bc9fa1ff45c5f16617fb7e983b509315896d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
4d12196add9d9742b64fb34618b6c8d8

SHA1
f24cfd09d31852e8f9ee9a891837ab502caf42c6

SHA256
d622596b26b05855b0fbc133c25441b1bbc91eb1e0cab1c61307a1e617e64791

SHA512
0e5899a16b84a140b18643c07e30f54a14d97b83e4ac19e13235c09167f9e34461836953616957b1326595747f67cb5e1ee4d47e5e950fb937c987ac72238631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357615536456126

Filesize
24KB

MD5
9c6f1a317cfe10c11f5490a92287ff2b

SHA1
3ab457312c97901f2306e27f33cc9b6109171492

SHA256
e86cd38c8a60a6b5abd4a406f01492990f2ca571cf9493a919a2e809ea817d2f

SHA512
9bc599e2a41a5d14278cff42758a7ce5e2f5046fffa588b27d9527f166c2aa419129fa0f7ad67e59015dafd7a09d4b542e20f9513737348c4b0e8a3388e31144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357615536836126

Filesize
11KB

MD5
85c1553f729d4b588ef09299ef5523f7

SHA1
dd57a6d331466090fa26acb869ee70bb7acd99ee

SHA256
e0af460165f0eb6354ab5364e1ed09dc3ad413e3a62b893bebbfd1d80b042fbc

SHA512
f8468421db1ef472fdba53cd26069b85389eca421887440cf1d400644af18c53f9e978b0a96ba34bfbd7e7c6a689d6dc968696156e93c2d3cc8d6d1bcba8f0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b100b6c5859cf69c6b978944338e2ee8

SHA1
ae10a4dd457212d7d9cbbdae521f6299dea611aa

SHA256
281b7f6c44e6fc578fa08864c0f4f6d81a1082164765ede05f1ada7ee01ec359

SHA512
5b6b1c8f1c44e50ab8a9be674831e3792b97e90bc8fab6b64a81c60f0079c95c4e144842140d04f748f638c0fdb26d4380670456180d3d03b277b1832b19dff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
71c8ca745adfba3c3edda8f2daf84877

SHA1
018ac4c648df83e3db1d7d97f7651367f9c2f251

SHA256
d9e14a292b7ef8fbe32eb9e4ed5f4281ea12dcf8b04be1903a619219d75e3310

SHA512
67a186d55a8a15e85f680095e53fe42e709572e568c09f29651b158fd39ba2f269b77c25614805a034033e112f115e9153e9d3e70f2b4d5a8e3a5dbd07d2c97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b3b31a5cc2fa44b56cebe701c5956a76

SHA1
7291cf8f83cc67b1543169562b8fcced9cbcc659

SHA256
1ac243e083669830bf80a1db84263dc4b04222bc21869ebde16ee35aae71556f

SHA512
0150d37924ea5925627495bd68674b745a7fb9a3c8d08564e8ef6964f006a065bc09fb402c207521a021cc154e8635488a24905a0e48c59bbcbe6cd6f3f4a773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61f5f43a12f20a95d2068d4b30a629a6

SHA1
17fced85a53fa0115b6c3e32b9012365b2fb42be

SHA256
249d00f80f579a41d0ee0821a6430e0dbeb6b59dedce29a56893b0f3092334db

SHA512
a91fc628286a7bc5e4dfdf4542ad0060504186764ac4ed78eb758aa6cc207c58110dd733be65278c213ad45306cb1950bc9a7725f064fefdc655812953133048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d7aaf16b9e967fb6b2a7bdfa31708af

SHA1
9850f77bf763316cfee2487bead0aba3286ca1f1

SHA256
ee9f1eb15d7442bc8947545d4c51ab71a6bd7c2a143ff4cef244011be1211456

SHA512
737749ef64aceefc84bc955a564b5d4be2adc9b5fc5cba3f8028c0634f502bbf82671ba13a9998d4093a76132f406ef453c1f0e36a0e0179527b7ae600e3a50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3fb071dfec9a4382c8c25d43811c20a3

SHA1
de7525639300d5e025215b218c904378d407622e

SHA256
b4b67b2f2ce56b292b6a20e9f6bfbd4e42706ffd986e886dc7c271b47943e497

SHA512
01658d64abcaf0b3fca84d16f82bb71eb0867d1240c804d3e1250253213f9f84f545317aee2f8665161f3283a99b529d5399e0f58ba609e4e30584228a8947d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
50c9bfe22d851bee73a92ef9cae93550

SHA1
c4f9d99115c06b352f4b53c36a45d2dde1dea39f

SHA256
b56eabd415f62815a9a0799e70404f7061edeb4414fe1bb3f7b994fee1e72bdd

SHA512
d3995d425186db347c067248d26e8c4f177598ce7da213b88aef9e545ff6c127a2d3d8d1f581fd4a65e24db2f08ceec210817b792f6d9a41f78d6f9b0a929dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23e8cb99f8bfe27a3812f88763010744

SHA1
d9da65c9487fc45e23f572a0c0798312e6b8471e

SHA256
139c5936c2bb727d98de11fdc2e9eade1ae221cf6a9530f08ec168e5b1538ccb

SHA512
91175ba49d1fbb788bf8f040064469cb1267cfda033b901c241cc39b845d965c2d3c90d1004b0459b075e7f53fb1234903b4817bb42171631766d7871f382bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e71a.TMP

Filesize
204B

MD5
69bfa0f1ec3e85b7413067a5611ede26

SHA1
0d6fae0f85569ea0db8cef9ca564d7faa6cdf5b2

SHA256
3ed225f08e98c98b5718da8eda524028355bed809b008dba45bac3ce02ae5ded

SHA512
18cd021ac99e59abf0161fcf1e80e210a457ee151dbb8cac994218c6b7a3548247a2068613ccaa9ae0b1cd93986ee58934a66fcb25a74a0a8768a55549a9a8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ea3e548a0f4dee982fe03ff86e232cce

SHA1
0965c2247f6490a37d89c0dde8cf72f59d609332

SHA256
32fbb36ace4ea2bb0d4f351968da805d733929f382cf0e82e0382d604167b7ea

SHA512
bf13bd9eeae57b1f2e407bf566014f3496ef01b9bde9abbba2a466320b82b223785a2ebea2907a92f91625f0f9d3d196b49d56f4b23833e7a9d54779ddb4cced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
8f8c7c99f635e1fb550cfb403a28d25d

SHA1
3eed0062ff42bda37e861bc366b44ad3a629dc6c

SHA256
dba78141566b1815bb0a84976f9fa2ab4f38f1496cda9c8445bbe043f63cfe58

SHA512
487baa265bbfc55bb8c0afa3848e07c68897568f666a91c5fc4691ab5735d67ec558e73976a44f83d2178bbe38166c7f92846dcb71f088e92801504e537eb05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
402KB

MD5
91e6342c91acf055e1a2895d308fe4dc

SHA1
61872d1d57a59020e181f132f3ae3c4a04622f01

SHA256
bbb31d51d5a6b6f85ca7b2bf159d4d4ab6116ba4e710a4c61e28908eb4d6b7ba

SHA512
cbb82408287fc789468cc6ecddfdb9e2ef19dfa776062155027932477eb6ec2acc32f546e9716a1088ac2132587153436211a3636e6c003c9540ae8e40ac4e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
4e977bbcbdb30ef5f07aa2f2c2a235dd

SHA1
404db9a40ab090657618aa7dd9a5b0c1a2d77aeb

SHA256
c3f7363811d5b8fdd06bd9c94a2c23e9d2e9b04f04a89527d4750db4e5a7b891

SHA512
672d41ca73b5fa476057429730cac5cf9a5653b890d9d4a328df1aec0e5729cc6003e90a8cb07c1ce4fb89bd862cedc9789114cb63981a3e99190aa45332f060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
715c08898a60eedb2189e438b97a97f9

SHA1
78250206c180ceda590378bf84a780f55e61bc86

SHA256
4cb058dcb76108d0184b6835a820f70a2a0e072c2c0cf1e8a8647cb59b0fddb4

SHA512
92f4a888db19fd333e57435d1610d674449a6fd951ccd206555d24c6f7e90eada63860702e6c722bb08f3f57b2d7cd3da9d3856943a66ea3f4b3fb8a890a7ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2167a8674ba0034d44ff6079234f8473

SHA1
8e223970acbcc202cf7c5c754d6ca42b929463a4

SHA256
010ffecebb6ca83ef001083f6728ebcd914f848e6711791409d2ee639e556443

SHA512
1fec3a02b5ef2d51f8be2fdb64db0813891f504803591b93aee982cc30e656d92a37b6a4f7b1e0728423d42d8b472f0b8e14f5b7c43f562b9c5f7b967fc40526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b9b90708404c6a040ac6fe2ba5a88488

SHA1
212feb99bdecb911c61f61663d8faa71a69b6f04

SHA256
92109b5bcc848721f416018a65beaaf6dad887efbdb71a8d1c6cf924b2ccebea

SHA512
e2833c1d486f94941fd85bf9a9f6cccc873905c247b9b7f5d06667a81576616066b7dd66695d7b84a567e5ca5205e573f46a71bb43990e50b6be0831d6858356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9b24a605453a2085c9d1c59d787f4cbc

SHA1
60b9c8c1de7a511ce286f25e2c1761dbaa64bc1e

SHA256
3c072c1661329c227dbde8e701785f0efc1eb53130d10bcb2f8d435529938d5e

SHA512
6cd3079f7b1593b182d70609a16290313f1d04291715307f38032c89486394b7bf1f34d14730c8f161f39d32ec82c6dc94b4169d1df2a4ebc804c7d705616bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
feb31839656c071937604bbd6ebe7d71

SHA1
1fc4ec4a615e76452be5014e367ee1f3b10c3868

SHA256
added0ab9f69dd4ead5879f04d437c70452bd990f1afe73425bc494d8a629e12

SHA512
6ad166737bbe3396c8c907ca731b1f91f0bb85357ac2f4bf80973d8d282eae72319f5f456469ca5a96c3a93e6db96fec965b3759e0c4e961132fa175630ddf3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ae7418ae4922667751c349dfb88230a

SHA1
ddb0b68889f01d579ab50e97337c1f242778e149

SHA256
f0696ca9b25e7665738916e8a1048f749adffe43d9bcd4f57c3d68676679b5a6

SHA512
9df42003a0567b29a95c5c4f90614c9ca8e333de320b9f0f44b6483b71cc3307b507b0c4b4aa395e725d8bc43a3768bce703fde5e5ba4411e936b56d5a1d7b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
940ce50e2445594bc468a623bee790e5

SHA1
d76356460cd86668037860ea69eea4df65de07f6

SHA256
f83aafce2d139200f0167bc1a3b39d55a11020088d27d7913e90e49afca6bba8

SHA512
e5cf55d365d7743dc8048ef581cecaae7efd44d803647dda33231dad136d7d4edebe72e7b62407c6cce1db2f6b205155ba02de83c1c9ef66d2204f08a7e14a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
91313169595daaffcc67a5cde1b74204

SHA1
94f8eca9176b81c88c4d6c70bc37e59ebc1e69ff

SHA256
1487d0390794ed439b1232220ae532e0ead8feea595f8ca22d380d0209c8c49f

SHA512
2b635dce6fe511f8cc46f5ba04d2a8f8629e445cc9f48683b14ba89e0d69f2dcfe40a9d26adb4d3ecb652742cd2504a63d0e669216f3b9c89f3e86bf9c36340a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hwldqhqu.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
2f51b8c1ea2e3b66c756f51fa405ccc1

SHA1
ad54ddc28ec0e904e62cb4382e1b88ba30acb7b4

SHA256
86bd26b9d67706533b309f27432e6c1dfc68bf73506226093f6fd1ed971d40c5

SHA512
0aa76a363ecc37f1685764262f02aa55ed36e92d2ba4f06ec3d3a15df11c594cf59e0fd359f1ad2097cf75c143903aea51066e53380e0227f626184eb88c438e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hwldqhqu.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
44d1708a3f96bdb96e67d3c37e89b1da

SHA1
57d0d34086d58a9a69a7ccc8243cff355fc4ab91

SHA256
4c7b7569484a7812120498477bdfdfde4ea5c57000def9b4f00c907c0b995215

SHA512
9095bc9f704e1c5dbe8ca4ecab7f62e462b5b563e139b890979bfa541f521417755a1f2d0e55177bf5617b069f16fcca6ded5ee942ef25fcc660fdc2916f38c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hwldqhqu.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
52d638e910b486f425698c8a934c51ef

SHA1
1ad7f4fbec81f80cb53173d88e04011513f70c9b

SHA256
46f169a18f7593d68cbedf45b49e45f6a026f49165d998566ea9e867f6fb84d0

SHA512
b5fe23094bf1fb311e2702011dcd8b36212d33ae5941d115ef7b309a8c9aaecad16fa7862b2e80b6d5c57014ef307d8cdace0bf92a53ffe8cd376810444f8b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
ec2ff883bec78cc1e7cfb535968f6005

SHA1
9f4c83884c10d50faa28028257635121103ad19a

SHA256
ca602e963703cb84d200facd723375cd83e8ec4d1e667d10e04baea61d05780f

SHA512
d73c7fde2da8d8638bb94757d21d11676fe6936fd9a4d130207d1acfa0f0635b3bbb3b3836883be1b3bed103a3f3aaa92156a1d56a1e8726b263677db7edeff1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\prefs-1.js

Filesize
6KB

MD5
f76b9cd37dbe1ec10b1db81ce3659513

SHA1
7fdbae9c98143502841d97800610af0203b83d95

SHA256
67b5b4da4b0644b7a6184a739f0fc134b5b2f4f7a2fd637dada063432f585683

SHA512
9ab0dcfdc223ff7182138fb6bcec948f3d177eb4785c696a31e23aa981601abc5909fa1be2e2da6f83dfc3ad4cbe18ea725fc432bcaddf0ec3a41747eaa4b253

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\prefs-1.js

Filesize
8KB

MD5
2bf4d98368f1f06025110f03829be97e

SHA1
a79d74232fe9051e497009a3eefe048ad5689f70

SHA256
864b06ae3b773178c4d5365b08b0361bdaabea91e8f1693348659133742afc0e

SHA512
9610d297c52ec5a3e00354009336f1033558a35ef9ddfc015342991c8a47c7ef8887384531989fec57e287a5c75e3f23f1172bc9d06fba3f2a6cf78e4bc82152

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\prefs-1.js

Filesize
7KB

MD5
358005b315c91a34b095fad4cc60a9b1

SHA1
29423d6b2906751b5434fabc2822fba281bfb1ab

SHA256
aa58a550834d429de32aaa808d790613413ac0e7025c4245c159bb3c7d803326

SHA512
c6e82b8e0a8e74f2c15640eadf71baaa8e73cbd24c884799f8e89bb28698283fdf91f79fa395cd57e5f50390a547b50ce081de51d9fc1c1f5dcaffeafcb2da6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\prefs.js

Filesize
7KB

MD5
a512aec11aca5fee47ccd87f35df74dd

SHA1
6b5b0e39a4a5578a8928e648856890429ebb8ffa

SHA256
624b48fed14371ad321d14d1dc4a99ae52ff3dd678279ec95ce2106ba428c618

SHA512
68e956ca558d05547f0aa48f8e47c16cf769aeef2ea3507dd3aa16f288d2e12b81c3c4e6f96decace34998ef1f67e2089f5da1bd7b3514165241da6e268622c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\prefs.js

Filesize
7KB

MD5
675fd0d9bf51dc0f19722d03df252907

SHA1
96e4b4cb597d26a6951a5f707e45abe3b6819fbb

SHA256
86f7aec44e503a4a7b4302bedd700e41bcb11fb8f9f24bb3ee5d700833b6da92

SHA512
b3f425c749421a0bc6d4021b5713845cc5209ee28cb568bedfbb8c0697dc700073f3fcbe687489f854156ba1a354f86d7cc104b2871acbeb17e0645e704f5863

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
908e3a94f9e1aa0d3c9b17a822109e7b

SHA1
5083cb7ba9e813e68b4d43281eab84e11975d483

SHA256
bd13030a352dc7ff3344c19dcc06ad19e97b86d00326e4f29ec4fa419652a31a

SHA512
43a11a5fa05e13e105cd80ccc366a4f8f465a0bfedead53632f80f152cb79e50952e16964534cea4efece240e89779e47a6164182b42d5fb64cabec584b96f8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
69e37ff4174ff1065787f4e3454ddfae

SHA1
3952eac892a87aff7f70086ad379e9e882729948

SHA256
ce80999c97bbd008980c60fc4fb33f47abc14cb8c0f914d90410aa22b1b583b9

SHA512
9691baae132b2520c021c1eacb168cedc399100ed2c3eb6d9ce569cfcf009a78e7cfc9ffefaad24a6551d6edf81bbe56579b5194aabb33960f2783f6de14b68a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
9456631ff2123ba196e2583d66c1f804

SHA1
f39027b3693a480f85254b8ae53cdc2c05023e93

SHA256
c71bd2d0dad766c358e6b4cd1a0426bc85c50ab1286958175f0e6777edab2ca4

SHA512
017a6b949c34ac9439b6a000cbf5b4d5cf5b916f312e4ea0cd436cb53eb0f867254381a715a37fd91053f4631f8bf511057658f319b2bc340ef487f8b1b66197

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
224883dd3b29993183b98da15e43ab02

SHA1
fd7d20d46f6ad6b5e97d99b72a7e304320b365fe

SHA256
dd6f23f30709f883595cf03b5e9fc67f3bf3e0ee29fd9948f655eaff1b1eeee8

SHA512
a9dfe3865e500a24632bf3f8cd66420bd640415d205a221b277ad2254918ab48444f872c09393103fee627c3ae7119532e952f8e8ce2037a9a9aa65fbf7df4b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.0MB

MD5
67518fb07389318dd18f0e9521faebb7

SHA1
e5f22143573ef1e5f0f795186aaf4414221bb78f

SHA256
dd682d6ac9cd0b446effd564195766b6fd025e93a1fff5797980d64b99adcfd9

SHA512
fd8b343a45e0eec0c443da79fd450b79d180234a76dece0963af8469807dfb0ac38297a6a6d1c142b6db078b1afe07d6cc3122cb85e84642915d0ef1e15167ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hwldqhqu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
8.5MB

MD5
646a1da8eca3ad5b460c2afd9c039ae6

SHA1
29ce1a9b72c857cd9b194cbbb9c66fbc014dfe94

SHA256
06b6377e832d6690aee866ca15651a2ef65db46990541fc64be30db0b433eef2

SHA512
2d3d6d36dd7c3cb55358c52b350df50dfd3c4b146429846bfcf8440ea49639c431170b127816cd84839a961dbc7e935e85d6bb93132dadf802392e780695e1f8

Download Submit
C:\Users\Admin\Downloads\Nezur_Loader.F0KZ0yZM.zip.part

Filesize
24.9MB

MD5
dd115b269dc94531292ae747ca33bcbf

SHA1
b643eb6e5a727b2b82a23f6bfaa696e8848bb5c0

SHA256
6b714e2ebac200c350125636828409f4b276df4c513db973dc544aaede359847

SHA512
8e525553ba37950741dfc752861ea7cb7b887d814f58a0f1eab183f4b7de602fee821d83fddeedbfa997cfc849663a415a8ec018bdb9a8fb9335fd54ad450060

Download Submit
C:\Users\Admin\Downloads\Nezur_Loader.zip

Filesize
130.1MB

MD5
96f8c60093835d781cf3f38bc723cf30

SHA1
dcfd69d864d71e23045bd458a91c012dcc0df354

SHA256
1a7351453a89de23e71805704199af17fcd0aa1e39fb7e0376c23d786d34404c

SHA512
ab3034a3c541abf595a9b9041860d6f9e29245592ea1fe5442f15845d13c4d7dd33e8cd4dee5f294172bc62d0896fc05502fa0b258dc995d300861e86bf293fa

Download Submit
C:\Users\Admin\Downloads\Nezur_Loader\Nezur.exe

Filesize
26.5MB

MD5
9368fd67654ec71b2d52dd0d8fa31bdc

SHA1
5550c19ead9a17988d30247b646be69b776cb693

SHA256
bc07898a6136045b88ae61abdf5cb081a4b7ad792c555afce1c42b3ce43cdf0a

SHA512
e6f06371262b4de8ec57800c2a06492f1e977b7a05bb34258fc1d27ab11cb089776fcca6bffdc64a407c222a5b998d5a36aedc829342baf50707600912268ae6

Download Submit
memory/5176-4457-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4464-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4455-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4456-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4438-0x000001ED6F240000-0x000001ED6F250000-memory.dmp

Filesize
64KB

Download
memory/5176-4458-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4459-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4460-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4461-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4462-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4463-0x000001ED77850000-0x000001ED77851000-memory.dmp

Filesize
4KB

Download
memory/5176-4454-0x000001ED77820000-0x000001ED77821000-memory.dmp

Filesize
4KB

Download
memory/5176-4465-0x000001ED77470000-0x000001ED77471000-memory.dmp

Filesize
4KB

Download
memory/5176-4466-0x000001ED77460000-0x000001ED77461000-memory.dmp

Filesize
4KB

Download
memory/5176-4468-0x000001ED77470000-0x000001ED77471000-memory.dmp

Filesize
4KB

Download
memory/5176-4471-0x000001ED77460000-0x000001ED77461000-memory.dmp

Filesize
4KB

Download
memory/5176-4474-0x000001ED773A0000-0x000001ED773A1000-memory.dmp

Filesize
4KB

Download
memory/5176-4422-0x000001ED6F140000-0x000001ED6F150000-memory.dmp

Filesize
64KB

Download
memory/5176-4487-0x000001ED775A0000-0x000001ED775A1000-memory.dmp

Filesize
4KB

Download
memory/5176-4490-0x000001ED775B0000-0x000001ED775B1000-memory.dmp

Filesize
4KB

Download
memory/5176-4492-0x000001ED775B0000-0x000001ED775B1000-memory.dmp

Filesize
4KB

Download
memory/5176-4493-0x000001ED776C0000-0x000001ED776C1000-memory.dmp

Filesize
4KB

Download
memory/5176-4494-0x000001ED775E0000-0x000001ED775E1000-memory.dmp

Filesize
4KB

Download
memory/5176-4495-0x000001ED775D0000-0x000001ED775D1000-memory.dmp

Filesize
4KB

Download