5ea88daf5956173af9405f505db3076ab60f5c81e1df92bc165043195c865ce2

Analysis

max time kernel
502s
max time network
489s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nezur_External.zip
Size

12.3MB
MD5

9d51ffac7886daf04284f69422d613a1
SHA1

f521f6bfa41fd9c0027d51a4809efb2f7ae3f328
SHA256

5ea88daf5956173af9405f505db3076ab60f5c81e1df92bc165043195c865ce2
SHA512

c70db0cc62d5ff8a9f2ee59f47a8894f23ec3a1d5f4ba8e86358ea167beb711d6a8760ea95e1d84b1b5223ed9a60c935ecef59553ff706df8512a8f519b72ad7
SSDEEP

196608:suF12PaWaLEulAoIScYORyViRzOtdfixHvWrSJAupvz5UkV4r59:f12Pxuq/ShUyVCwUPWWJAutz5BeD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
40	raw.githubusercontent.com
41	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{12B4219E-E741-4DD8-BD34-F6AA7A82DA33}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nezur_External.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\d3dcompiler_43.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3388	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
3552	msedge.exe
3552	msedge.exe
3488	msedge.exe
3488	msedge.exe
232	identity_helper.exe
232	identity_helper.exe
1924	msedge.exe
1924	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
2908	msedge.exe
2908	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4808	OpenWith.exe
4808	OpenWith.exe
4808	OpenWith.exe
3672	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2792	2304	msedge.exe	81
PID 2304 wrote to memory of 2792	2304	msedge.exe	81
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 4980	2304	msedge.exe	82
PID 2304 wrote to memory of 3552	2304	msedge.exe	83
PID 2304 wrote to memory of 3552	2304	msedge.exe	83
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84
PID 2304 wrote to memory of 3024	2304	msedge.exe	84

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Nezur_External.zip
1⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa16fa3cb8,0x7ffa16fa3cc8,0x7ffa16fa3cd8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,7832617391283401995,8676873177034172531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8232 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0
1⤵
PID:2092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3176

C:\Users\Admin\Downloads\Nezur_External\Nezur.exe
"C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"
1⤵
PID:4352

C:\Users\Admin\Downloads\Nezur_External\Nezur.exe
"C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"
1⤵
PID:1040

C:\Users\Admin\Downloads\Nezur_External\Nezur.exe
"C:\Users\Admin\Downloads\Nezur_External\Nezur.exe"
1⤵
PID:2136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4808

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Nezur_External\D3DCompiler_43.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3388

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6f17eaaf-b1d5-4a46-a99d-642b6692e9b4.tmp

Filesize
6KB

MD5
349249e56bbd1a1037a2c1f584fcc9c4

SHA1
b26cfc9f4db60b623f4b85bc3ce05590c7ea3127

SHA256
657ce33b4d62012d96629a45f1fa4ea32deae7e1675f7b619f849890b637489a

SHA512
1b518d811e81a7555364c90239110fb0f34420cced25923a482614dbb05399d7948239b7a00ee8d0758d85dd81b3826caf4d08b46e436a0353dd705f824c9070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
1024KB

MD5
ae78984688bad532c4b71ec4da822f3d

SHA1
64ee212978d5a0fd7578f380a50fb6f6ec0a0ca9

SHA256
17f2e5d353360de2bdb79616bd05d6cf9a96f09e949ec3c0de4abef71fbefc92

SHA512
6f1303cd2d05f551859cbd486c81377a47ca3d2da9ace7a85e76974599f8666507bee8a08764f493e416185d5e2c8477c0ec24969a4bb25146c7005422c35aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
1024KB

MD5
e3726be5903bdc3e755a9e49b13b4d75

SHA1
5bb50dda728ee519d473bc9691878ff2dd113082

SHA256
c710a0335a5fa28c7c208872aca114129517ff48ecaf6476e28ed4f52e3a32f2

SHA512
e51c2a02621075920a8a4b9584457d3f3ebacb70ed3709c105c53933781f2fc1fe682fa114b3b5a242cec1429655e392222b962f5923c58ee864089ec63234f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
1024KB

MD5
312d78d27a06cee1223563ba4b0887ca

SHA1
e9bc03c9b4c6648860a4b69ba982516375390be9

SHA256
e670013f79524f44843c77d418d7321a04c38367b7f6dd3b7aec7f2c2a7572af

SHA512
333ee385de4981614c3f75407fee69b7eb6bdd007731af99b43d0b948fbbc261f473066b1a91829bc499630bfc471d52cd0ee58e83aeff45f446fae5a5b9cf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
1024KB

MD5
36fc86497b5b47cc031ce21ac137d566

SHA1
77ba420b1cdf51ebcfed9dd031d1d0a9c9f116db

SHA256
62df18f671119333688a9fea0693b56773f0366009682c72d2393dc329b2802e

SHA512
968013bf0eb2e758095cafc6abc4e4f1f061c0fdead456bb1521777bc0c28bf1cd161b8786ae688d7bf8f302a70a36bbe43e2d15ddd07f1716f0cdd096c6aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
1024KB

MD5
7ec01e09491fae7a17fa096bf431d04f

SHA1
084bf57c16848f1d8167b09fd3f4418b0de7cfa2

SHA256
07bb6768dc38191f0659f22478d80ed9d24d2a6b84a7f3e78e0d32bfec78c751

SHA512
72ba70222d848f7dc45d8fb0abc7780765ca31d77849658a2cfc78b188d4642922a5cb1c437c1d5984e013d70944bc9bbfee26e599212ef89b7e0ee6eaf2f1ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
1024KB

MD5
2991ed7d6e0f6cef781b41be1026153b

SHA1
35768823f8d42f8ac7421a2db8ab17c78fa6ed1d

SHA256
8890fe5a8f972c0b844db1a8837ae33cb8cfba13244b75566ecb90d54fb454fe

SHA512
18c7da9cf991178514812404d9b92c93a52c3390f24e4d7a5d4b2a9d68e81fbd2e98fb13b5abba0f063c410a7a961d454e5a8e1d389890cd14e03be06bff036f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
1024KB

MD5
4c186bdefadf200b9ac1bbb9856d8844

SHA1
3bd79494c4660cfd3b1ba5db7a77f2581e62e2d8

SHA256
324e1dad5e00ba645faacbe270d4a0c20b8e107f26b77db4b92025128e5faa4b

SHA512
0012aae12d5b6129d3db5f11ac6ab28c1349918f72cc26e1c2547e67fbccfd90101ba9c7fde6a7dc7b378cf9e25b1266a5658bc5baf77e09ebbc683bf5d7a1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
1024KB

MD5
4f4528c9c008b046a973d6e48c0c38b7

SHA1
91571bff69b1af1df2e93bfa7e60b0a08c1e9081

SHA256
3cc9d69593fcaf1a367e19718a736edbf2c4be0fd566f43b365430512e6c2581

SHA512
eeecedf96821cd6d50fbeee72ab4340339336c476c508d26e78744c44d8cb0a1736bb2181c9b0a75514caa67bceb51f22b0c012c2b3fc71ba41e8fb86b33e652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
1024KB

MD5
25ba347cfe7d7a5183eddca5946e7b08

SHA1
ad298d87ce0311c14d69cc3bd7210c64d7026679

SHA256
9f32fcc7c39d123785ca1ecef16b8a166b202560cd5ceb8caf15b0b8857cbad4

SHA512
3c956860d8abbcb717ebf0f91815c95e599a0a86261f4847ea60e25a2fb52f92c2e2e234fb199a219bc9caacbbd745f9f82e6c0b56b3237757f18607d5bf05cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
1024KB

MD5
96307038302a630b3af229c387d19f2f

SHA1
809e0c51574d579c0885ad721864759799a5f6f0

SHA256
655d6807c60ea8cbb2424d67bcf2c5835f77d12a88350efd8da7611965980cc9

SHA512
66883242228172ecb0d5a801281e677bd4dbbf5589be4c8d44a5e586aae37ef8c016e7aaff8d20cc6209558376595345c411c50a6551a10fd64c7f18952ac7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
1024KB

MD5
2432fc7522b1c64221ba3c4ab653360e

SHA1
2ad9bc92ea6682a91d665200973dddae80e3b31e

SHA256
4a52e0ff68542803a503b8c8b1c4440fe477368289ff0a4617fae736cf1ff965

SHA512
0161452007579c3d62937f9f3cf07571bc3dc5f07872ef5d93abd386ba26d8ea0ca3eec229d39fcca51d85e907d834ae82b04b64fb32dbcb1cbab7d7f0c26d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
1024KB

MD5
8f318a9eaaba2f88abde1248e766ed17

SHA1
fd3aafe3f78622933b9b0fc15a18f9fd4767f397

SHA256
e451343271a602a527b8729668e5330f79ca25415ccc6ee467bf443e8e531c60

SHA512
f2ada4faa8dad49401099e1cdf792117736f6c00c39cf20798b87d73320db4106998194b7778272fda885ecb0778acc74be820e6fff88e4a4402e4f2b8fb85bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
1024KB

MD5
b1c3441c261982a5370697d959fe69df

SHA1
e4f6cd4e35d463ee55d2b4fe7fabc2bb405d1729

SHA256
f1bab0f80f62ca20f0c3f7a42a08ae9f6f0808fd20786b91df8a0db1506a9ed3

SHA512
2f4ff08bdcba035568710e37cdab83dae51e2fcf88bae415a2557acfa0a35be09460d213c3fdafb73a672250780856e18caa6315fc30c7f349118f086b76d03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
1024KB

MD5
e94b638f45d475e55744b34bbfce57b5

SHA1
72073aaca8f88789685a47b4691a84df55dd4f8e

SHA256
b724b93e7a2ddf5a0b24e374536413083d7e0fc100efce1baf0c8af85b75e557

SHA512
baa4d0942417fd40ef82c25691c00548e30ac4c966d7fea0b480c1c81efd1cd1be42a700d22b4a977b9da4df21f789476d89a04abbac9c68700c681aa804461b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
1024KB

MD5
777b29a02233fd17c782a101bfd0121e

SHA1
bed668b34cd61f1fe9e63ff8b642d10db4101d02

SHA256
c07aba99e183fc715e337ae822b4d872605dcfe140f5a0d1a87a2210255b3adb

SHA512
d32313f73fcc8d1966cd12596558d4e4141e5bc1a933fccbe0e5f2b765f9ade6c2eba189f1de9ee62dbea7c9c84c56208380b1ebd7436a377d2c8255559a1cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
1024KB

MD5
f9bd24626a10028ff7e5aa7db7fb3895

SHA1
825abb4fc41bdfb537c890e993f6c2c624768edc

SHA256
125d5288abc16c308915557f2fc8acf142fbf302bcc2d39a47ea3fc489297402

SHA512
8ab0d2a7ad6b738ee982fad4e775331b4638b5b7c27b2a85deeffb3367bc4e84176f2e63e686cc2a67040056a5be55335dd6dc2fa0352950173581777c3c3785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
1024KB

MD5
741dae12b77c954660ae7c51c534158e

SHA1
b95d51e429b2564a6e4b84f34d12177c43624c29

SHA256
e5d5f590db5678e8e3f35f443e51a98fc2831c9e9eb56fd237791089eb895585

SHA512
d665944b5bc1d4a04e045f6023413c21fda0d38d0a199d823c67f95aed74c1c25f7193aed81a5c8be55875f92f61f8fa7df43c481b37e2db03244ee350675466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
1024KB

MD5
cb15686d42ac82721a325cd1681dfe31

SHA1
fcfa135cd3a9b8ae05b5e8721d2225ccc9a73004

SHA256
8f4b11adefa01cb47c758c68427fe52e9cad8d284ec985b4b7990342a202a330

SHA512
a007f5ca11dd0058551d5b5862f08ab5c8327fcf2238f2141e7293d154bf488d92d68d1024734f48c72d5cd2c92b1bf899bd33cce89cdf7a1453c6dd83b771b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
1024KB

MD5
8d0ac6d194e23b069f43a4b852c9b949

SHA1
84c05e24d805568324f65954a63fadd6a174a503

SHA256
cfbe04f38a6b6d3d21e7ff130ef7669d9ad7bff5874721a95d2a85445b452a15

SHA512
af6b933991ca71cb3cf4433e3dba723b15d4e5acd0b344e5b82250d248eaffd4114313c566bf94f9414efee87d4c227bc96669df29af07de9ab839655182b239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
893KB

MD5
c51fcf1cc7993daf7b3f843a72f48e06

SHA1
eed326ea943cf5cb8078a4bf58b17ec45f5ad7d8

SHA256
cad2312fa555699dce9e7701df43333f1722672ebe592e719b4f46953108cc1e

SHA512
e21e18245232d1c7e8495e1b8e67323fe9881f8bcd441eef8447b1461ba65ac18063ce135c643d52bfd6a7b32405198f8aea32300217978cd99866928e9acd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
543KB

MD5
11cfe96dc7c0a43f1cc029c792de516b

SHA1
acbec789b029167eeb1af16f1ebb1b30f4d0c1ab

SHA256
8ca8e7aeb294d228c28256ca4c9e8cc4b0f97b26419f415fe02d92c5f360e105

SHA512
82bc05d9087a2782725e6a433553a18a8470889908fbc676a20686a2f809e6c6134a032c4f09e1a57f077c825a24dbbf38ee0c65a9b0a71019d5def513db56e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
1024KB

MD5
1de04dc7faff46051d87cd2910779ba4

SHA1
4a66d25ff323bb48f14fc9e4dbed478b3222a3dd

SHA256
8a27d20a7c009c5ce60b78c9af9b13ecdd54692ec8be825651c22cd638611390

SHA512
e70bdcab1309ecb74473e018fca4ebd90fed06ecd40eafb8de431d0c881c008214410c71a44f89af4ce7482d75802d4c6ea1277568b9cacebb7420099dccad3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
928KB

MD5
bf5fcae546211924305ec7decc1706c6

SHA1
14e41ccd53b4e5310efb3644bc1cf512db13872b

SHA256
bfa2b58b9d8b6316957235507f00e895aba0f72bfca567a1d86cb6c09b492bb1

SHA512
90bdb2b1b20806df229031cdf4f7b03238133a82827e36dca25abfcab5f6be5a440f2df186fd4bbb203e38a391010dafd0bca1be27413c1a2f6f1b2991c14eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
608KB

MD5
8dd78ccb7a3061d9a153d3a195429cb6

SHA1
921e39a20879bc6fd88254c03f50e004c13b5c9a

SHA256
106057a11c5109d44fb76aa7562491c9624df15e5e4169cc6edd5e62a497c156

SHA512
c9bb4e290f0cbcf7c38f99acc08bbec38db5acced90068cad282eccf2280235fa39ffdf1d3b017f631be4de72a71d9f67743018a80ae387e243e1937bf7dfb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

Filesize
1024KB

MD5
a9cb8ce97a34e1b528c4fbfd811f9281

SHA1
f99260d56cf96ea81af87fee2874883f0748b406

SHA256
49dd7f4badeeff5167b87f774c94b45dfe1ef5ba6a6b721fc91e5738523a445a

SHA512
62e642c051dd2a067513caecf746136045ffe1d35fb0dec6275f141486555c1e4b68e76fcf661b7c711cf78c67823040e0b61db6f486e0ea7068fdb57a66ea31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
1024KB

MD5
d74ad9535efbba08cae7dc626363e1f0

SHA1
e888994805114fabfe9e9f69ba745e9c40d554c7

SHA256
3c7572cad9eb5c0d872d9b37e921c7eeedaf4db677a6f59f6663b8fd021c7faa

SHA512
8c336ae75868c1a653637c15179c301ad0bae701418fec97e788c2293f41932d98bd14375e83f8deb948ac082e29131743e16d212138450306a054680612802c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

Filesize
1024KB

MD5
50f24e4016a8081acc2fa5acb95f3d7c

SHA1
5d0e1f5357d871f7b5e2690722887f7ccaae933d

SHA256
932e633a2e28119974798a31dc7fa8b14dfa749e0b09a46bdb7474a14d3ffdef

SHA512
1d954a6356340c4142df14e5bb9f6aa9d805615c15d9675c340a41178c0f99dc55251c2f59efcac36ed3bd60ca4281928c08e91dda0a04ea365f61ce0510f8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
1024KB

MD5
f0cf79ec23e11e61e14974848e23d376

SHA1
a54818a7d844f812a315c042064f23a41e8563b2

SHA256
d1ea8ee152ce39bfc71f31d08dc099cb3ac1fa5540e1e12fdcfab5dc9125a6d1

SHA512
99a8826fec9eb73696088ee37e91fd052a513cb53bf39383378f00c117899bf51704610d50cdd18a56a7c23a5d27c7d5fe32f39aa925b3cda2937a1bb7f88854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
1024KB

MD5
00ce82de93e98dd387d35daea5a7b021

SHA1
9d0fb5eca4a24995c5471a8638112ad0c21d9c0d

SHA256
3bec838ea8b295829802f115b745285a6f7a3d7aae9429a8771e1300e32c248c

SHA512
97191a327e80436ee7eac61ad93c3aa651f0948192a29173d023f8b6f8af94579db02ae2c88a976e48b2d1fce2d9bcde881fc9e8ba37cc7b34d4c78abfac39c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

Filesize
1024KB

MD5
fe1c3289c6dca23a81f5cc5002193cd8

SHA1
fb4d3ce8bcbdd1467506a2c3d5bd70ca355b659d

SHA256
4cdf3762bc0215f78316b594683910460452d938d4ff5d87c1cd4eb7a9da5e16

SHA512
4d98ee637b9947091a04e04de47717c37027ecc7fde2d81eb2a8b37954ef819dc823107248dd5ef605891dbacf29b2d3d656633aabb21822d147f819823cbcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
218KB

MD5
39dc95f2e15d83292985c454feb1da9b

SHA1
23a42ac3a1bdde727eb46d05a4228a4eee4b0093

SHA256
f19e35ab2145fc4684087c5c16fc96fc6f758f5665af1f47405b60f6fd138590

SHA512
7937c4199a6d123ef24916b974b641f18b5d2d033cdb5af6a402f9add87c6108b40d1df8baa5f59ec3b346d2ad0b386adbed9642325efe6a41c3c46b66d1e827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf

Filesize
20KB

MD5
ddecb50cf7f3cf6e0ebe9b3374ea2f6c

SHA1
dba013bcbc2aaadd3089cfcf720c42348a48817d

SHA256
9cea35a9fbde3b0328bc0e72f696919f707112dc8a15c3032becce86c48153c6

SHA512
38ca3a3421504ed4d5a6a9488fc2d686d99c0755970b713742ed2b24d8d0c3c971580d16669f187f1d3db428f2804ba8a463dd3c6ddca7cf6128cc97c9082648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c0

Filesize
64KB

MD5
c86e1b32988ffbc37474c5ea5457a62e

SHA1
3b337c4d43ff0b4ff79f9bbcecff8143839c6cfe

SHA256
d94398ba2ed0b438809ec4203c64c002b4a0d960fbd34ab144b78fe7a49323fd

SHA512
58ac67c26bca36a29799d49ed95980a15b1e279282e425ce13620cbe93a8cff74e1c520b896f8e9545a6b7eb8266394547949d88ad96bcf2a879da65521e7f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c4

Filesize
20KB

MD5
aac67bece45ce8383387b4729b62147e

SHA1
2b8c2f23699460ed5d190e4b6896ef12d58ab0cb

SHA256
6012590eb665eacde75a99d23d7751de686c65e15275c4b30b7209e92a09481d

SHA512
38364475d8808cf807e75ebde81ab383d30b137cf4a92f6fcebf8cdecc780c1508dcbe299f970a80bca245c333e341718b773218cfb86fa3241d53158bb892bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c409374a0a3a5bc_0

Filesize
1KB

MD5
861fbc67160b3d2db27ebe5734a0cb20

SHA1
0bd244bf88a5c34cce559dfe903baded11d8ef91

SHA256
3a52f3bf8096283786ce8ad747615c25b724b57d340bc39764cbedcd73f68ec7

SHA512
c91e53612a8b0bd8b6f5e31ca6b457c49ebd117e1fed0992a787031e772818a93905e28be3bb2c4a7875808615ee9c1267cb1e8842a478b28c51a0e9f721bdb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc0d9ae7083166ac_0

Filesize
3KB

MD5
b75c1ffa2ff2bfb137222a42cd40d294

SHA1
69fc4c87c7aed2ad8a325f3545ca41b30c87a4a8

SHA256
2e432c2741b6fa46c00774d64c98f30d709513bc80af1fa9e21887b65bf831b1

SHA512
052677b8fafb2678bbec36e7fe55cde69cb1364e82a6f7e8afe52d038c4a5e37b0b1148550dd382b5f8be0906b84cdc057a5982499f8d8ee5ddc71a7ce38e1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f4679faadc1dfde3_0

Filesize
32KB

MD5
105a22a3ea0e0de2b28b4e8a7d5c0454

SHA1
ea3752778b77e0350c5691a9ed04a1e046599c29

SHA256
44faea15fce42779e673e218c4835d9281212cb2d63aba2256f3d8270d689eb6

SHA512
218b65f360cf26bba6a2c9e27604201eb299fc1680d87b2d85026322c2e77dd4be73b41e10a937c3bd90281df1d5cc0ddd2e07bd9233482e35f35196eb896479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
ab22f6ec027e9c544c56b1dc912bc28c

SHA1
9b6e1bdd548b985d81cda8dc5e3b27a0801d0397

SHA256
c3f467a8b9642fd392657a026af2ffe0607e5ecaf68ea17fc7ae634103703515

SHA512
6905d06d77667f72fbceb2a6890d233dbf2e9a036dd45a1fa2754d3d7df076917f36b1bced9cad629f07a4d7d583b9dbbb3d4c539a4421eb1f44daf42fbbb50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bbdeca02c6d455b2873bd556cb7524ef

SHA1
292b815f2697b3de614d7d42387f360a8671fafb

SHA256
de8011f324a07d57d9dea054e21a8cf95d025250d7198318b51310d1957e25d3

SHA512
aa038693f333b072c9842f2e27f4f1511a4a9a11ce32382013395ed59c7cd1c0a40e2c5eece01477ce45b05c67c3af1f3255b3ef7eb723ae83177e8b5eedb789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8ef05e7c7ba8fb647a8b5761aec47fba

SHA1
f3f555bc13f2f6bd1d05667aeacde4a8fc18ef56

SHA256
35541445c588811618f09c25560a97be2f54743bef70df7792e368c7ea61e601

SHA512
7c9d51b32f1cd82bc0729406a4d82b372b7a39db08df04e3f9cf6bf2a2c88729b15546851e53ffedae2ac10e12835dbfdee813185b408414937e20a1f052c6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f1160892b6ae027f930817f37a887e71

SHA1
c61b72e1900ba3ca838187efc4c2d2cddcc451fc

SHA256
5b300e50bc0a8729b4cfcd592e5ef7ec7f75a552ba6cc93c7932e8d2a1a3058d

SHA512
c7e75debf2b4f2cfdd85fd0be6b537ba0827cde7d420cae3bcebe143794886320fdef9b645f77e3c924db538e97068e766d23e61617f7d28e1562212d143dece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
50cdd6b93dc6937fb94e2260f769e931

SHA1
30bd98a419b6b7baa93c8a61e23913383af09750

SHA256
dd175945f655006eaff070b861503e078d93256ecc14be042dfb797e20befec2

SHA512
7d018d8812d2cf4b77bfcc78abe86232b2fe822dd90921cd43fe1e9392be8a132ddfd50b1623bbe6f8ae74cbed6d413a2b74c46ae9591c17dc4ecd1d7a572377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bb4cdb5bfae90d82800e2a285914501e

SHA1
338f9c2de7ebe1c2c904b24768d405d09061b345

SHA256
f204f2c17609a0569c15a56eec766504c5491a50ac5d056d87ab17e4d665979b

SHA512
5d4eeae414a80510b8ea720fe707056e4994e4e8c30d00384dbd1c3ccd3d4c6f326a51ae73c1a2ec367f35c742c92b442d80f53f53131cae1d0ac6e7c12394a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5d4f4ab52092b30843ed7f87c0b20e58

SHA1
866d4b4378cdb887a64f02e486de378b52e0a75b

SHA256
f8b0e842f20f6050b4feb71a3dc82c4f269686940f005d21c0437e32c1777742

SHA512
9df75dd78331e64f753d7e5372dce120fbd2db7b51bf5fb0cc214c75ed4a67254903a704e478b5efc3bbf371616adf487043d913236d33c211de8576ae7d6765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
37086ffe7382d10fc0466a40c80700ae

SHA1
18e2c00227c1f7ecdc033bea2dc715ed92bb3703

SHA256
910d6f402ad6df96991229512a62b352a6c65f01649985475009ebea00dc930c

SHA512
b242f142d9ee477b9fdfd1b95872ddf307fc38679feb319af875585018a0f268c10f2d9329e791e37c56ac121ae9d99ba4950c0ccf8a810c6e61c0b5de698bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f85110e6219ad410d721a5721acfa9eb

SHA1
56a7d71ca38ddcd9dd8f72c6fb0e60004f221580

SHA256
0956f92b839028666caa3bef5782f431cae0b698732246062e911e2fecee12a1

SHA512
36de8d41b5cbd597e02b0ac7e9249282b7ea257747398b667534ab39fb8d2f2130f4ce918046ff33491fd2f799652616c13b16ff4d915788f696bd5aaa53ea6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3557e5396a29aada2ebec086e736e8d8

SHA1
ddea3309e9f79baa8bfd6d450e71e5f2a0e247f6

SHA256
747c3e6f5aa5879ab9302430f8accc17e8b0b4a0f73ad6f1225b492840dec218

SHA512
4a68259b53f87fb85046ddfe91fd037d7aceb004ac3d49b0d9ee143227e6a6286e22a473460fd034ece7a4b9b3f3e8c1190a0361b3e37279988f55e748590470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
949f273fe359a4adae0e9cda2b4689ca

SHA1
37a3e2ab274822cef10062f094462a1385dbd6e5

SHA256
e50d0f29b4adc4fbc9545e7dba4752fe7650f89cb9b6d12e771161cb3826965d

SHA512
7af0bdba40192919488fb95d61dc91333421f272f4dc4a299f3900bff7a92bac7af17935bd56f22122e18e85ec3e44c820d2e30a517825288c8cea1e964d4861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa49d178ffea8f71dac764a39e2c93fb

SHA1
d3468fef38b567cb0e4e3718454f2bf08d56b653

SHA256
0a47537022b6bcac5030a05d79619ea4e058df6aef895787c09325438ad091ca

SHA512
4bf222f282cd03b208377a892e467589b0e270dcbc99fa40db35bf3f5f06b828f42812e058b9e184e0da6cb0ea95045f4db920c0b011f8ab9a326b13b4cee605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c48a53f0527eb144ab39c9c8a7a87f49

SHA1
c9bbd611136a1aab6b9a0fe545e981d67486bea0

SHA256
ebba24e11d77d7182c6be61bb3710df777c6d6e46df0a1e185d2350e7e57d2dd

SHA512
f60c86840b1718b772123302dc1a4d937273769a0297bb51d31bcb1dab23495e00e8692c6a3f1138cb4229ed2f32c7e4eca9d554baf68735148328cdb84d4001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63d2ff5abee709ad33cefafadb791d8f

SHA1
dddee079a31c0aeea4bb1d66063a157e51cd2fa6

SHA256
2ec95d4f4b867e42b18effeae43227ef5d53d973802294f07186960b1a68cc1f

SHA512
813fe7e0e90234852c329e2f0727a8dd4df7d5cc980a52915a024cb2aef531a11c60d0480a6f9a1aab284da14bf68c9358dfde8a93e9a1a43745ec29a3d71c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a5967b794944039953726be582464b0b

SHA1
93d1e60b6056381c6acf1bffa833320851bd9351

SHA256
52da77abe34c9efd940090847f9a596df8d96f0cc6653e2301f8d43d7968e4c1

SHA512
a0ab08b49e437a809606a6b00b728b5ed6bd99d075c783542c9d2a4b563a064f4f936185f7ae4de2763190a159c922dc55dfc3a739d40381b5cc4ffab68b3f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a2147ac4cb3382a3e96b0a0e43810d85

SHA1
b2cb8d841bdf74ca71f3dfb158e1aecedc7235f3

SHA256
792fd84d8c601896b00ae6decb5f66fa835fff7f4b52561eb7d34ad08e310f71

SHA512
46f0fb1aa3fbc302286ae5a3cefbc08f43ed64dd13ae34ce44d4c15f807169cf940832f50d0959b7927e431a1fdb6d6942f063b479bcc72030da0e1fac7eb2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
600101e36c76e71510100763ffd21cec

SHA1
d8228ee1f41e7735957c5a6b3b2266b1f04d442e

SHA256
8a543f0c12093b758fb3d83a9070099c615f15e84db3946c058981bbb8083492

SHA512
1c090e2650f0ea7895d04148050e46eaf2a25563715a3e5ea20babf51f72a9099887e4c95c0b310b9625498ab56dabdb0fc1c49ec1719ac386e78471ff116a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e474b3fa86dcc31ba0644bc391be39f4

SHA1
74a8ce9f9daf37562b66e67d619054a3c0300eec

SHA256
a793c6c25155734f4f9532ebbc746f32f12ae217ca7958956506dc1e9085b19c

SHA512
9f676c21341b21c0a7f353ab5b5b0c5f257f1966c9520278a7035a40d99c71987d234b329a3a9fd7181c9a2cbd0c920ae799444ab01a29d0d1fe50ac929169d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
89fedd51128f6a264f9bfea16362d8f9

SHA1
b8cf2159032cf139bb2d0d8338884c6d60453252

SHA256
f4e33e18d3a4f8de3e322b618f64a63993d037c5a00c3f58126968cfebb5be27

SHA512
dd44e1f472bb1a80286cbd966cf17b5a6c8c49edf57160c1cfbafa52cbfa41046b963847d536c17fba7f13cee7f48dbda2ebb36a02d70e0d25bbbb6410f1293b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
db47e745809fb4ed98974b2a36b7cf98

SHA1
3a0fe639a3060482d6e31aa5b4af422020f044dd

SHA256
00593997a2b1dc7a0ba179b4394976161fcc51e6ef7f0ba1488e7d24eac6f8b4

SHA512
5e2ee7e35978b1a2820292734dab9687574bf50ce9c3f2f15ea08f0d7f7447e540053cfd926eb3ca5e915c3933ba462340569e419e2e610ae0c8c1d733279f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3463370b2d05872b14b006fb9b935131

SHA1
556c56bbf1ff1599a1c96084378fc71c35f760e1

SHA256
7973d65c93de5ea114af7c3d6815a5e0130488b0d22935833b6506162b707f41

SHA512
adf299d4b185707178b7a26e8336863ae997e313e046e90a72142b8a5219d0dc78845fe074a70fc9e78c69e9207f178e3250936e4d5b1dea2a86632adce89617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
171226b91f9cd7d32d081388dc3a46f4

SHA1
e7ee8146bb3920f25513aa5764d1072daa3b04a5

SHA256
4f78e691ec2e308e87fac6889ffff605582323e09a12c8cf36670d6d13317076

SHA512
ee5b25e85cc51cf9fffa8c518d0464757b9730de2002f507e4a0cef892f40e5f355146294d9e09cb1ee7e3a0458d75e5c6f08974825f921b79797c8cce9f3f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0cec4cccdb63f130733ca8deda05dd94

SHA1
99e983da72204cd51180c12b7d0f5af1354b0204

SHA256
26e5bb1b9b3b71174b81236780bffb93c16c12939136966dd1a718a0bdd0f341

SHA512
58c0a126a015214023dda4fadcbeec5b7ded5a7935349d6b296cc3b00474f5922d2122ba624b50b08ad51ba9b5400335afadf3dc520ea96a74dff42aee028cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5826dc.TMP

Filesize
370B

MD5
2673b5072ea6c411edc3b5b72775259e

SHA1
e6ce78119ca51e69bc662f5eb2bc00255d8f757b

SHA256
c173f62d4fbbe624d4e828f84893a00dda0400a4c01a8dc561e2a8245b528d5b

SHA512
e7707b052867389982ef201f7c642c31b05538d689cf334a1db295705eb16fe8d48bfd66cc15318e8528351dd2c92fb3af65d75e8a8403af66be8145c8e69adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
627129deeda0e6822b24fefa53167092

SHA1
03860f712cc520810b9250e997445b3ee5d349e2

SHA256
bb164cdbe4a85f9981a04b74430615ae7d1c526b651d82d9d365776d5538aa78

SHA512
c0fe33fe27208bd2c05fc2dbf1d1e041d3aa63a35e980873dd8dfcd40ed25bc188512890afea65f042179490f3ac6b1f65180ab307c70f2e5e230d5c23213c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c96515ea5cf019fc45f3af1edaef92b9

SHA1
3fe1dbf401d49a9731fd4f7b879170b862a3fcda

SHA256
901e0047e41d35e6eb99c54b8eb6232e73638cb9a41118da53ef27ce27ef1e38

SHA512
11785d99be686e7d90f5d91e7511661d826011633c146747fccec252b6116878a545144b26e5610e87f4677933e886418efe2ea4de7ac1f453ec4311f56a51de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c241539bbc90b86936589eba7e4e528

SHA1
1fe7f67ac491c135168ec36d7e0a3da19d3c1c3d

SHA256
d7f5b35e41a34f8d0229b836dc9f3b8d9f9e30f4f81ff2ac1bbfaa15bd4d44c6

SHA512
f4b8f2086e54cbb6f429effdda175ad59279ed5c3b95c7236d6453391a349305d8a06fb7e61b11393b2cc44d701e38241341fa7fecfd0d17f001a2e004a73dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b15658ed22624dcb59833f488208e65

SHA1
0c64d98e2f6993485a08de3a4106aa51b0602a2d

SHA256
78d62e92042f01a68b74e2e7791d73b3a13fc6aa1c10e62c72400c4fa216114d

SHA512
6a4b9246912a98caeb6c484bc22d81ea608f574cab94ea3b8004b3d0b8c965aa827c80b3aa71ba0466a90cbac16d581bede8d2fe32fc749cd82ad97cd239571a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\Users\Admin\Downloads\Nezur_External.zip

Filesize
12.3MB

MD5
9d51ffac7886daf04284f69422d613a1

SHA1
f521f6bfa41fd9c0027d51a4809efb2f7ae3f328

SHA256
5ea88daf5956173af9405f505db3076ab60f5c81e1df92bc165043195c865ce2

SHA512
c70db0cc62d5ff8a9f2ee59f47a8894f23ec3a1d5f4ba8e86358ea167beb711d6a8760ea95e1d84b1b5223ed9a60c935ecef59553ff706df8512a8f519b72ad7

Download Submit
C:\Users\Admin\Downloads\Nezur_External.zip:Zone.Identifier

Filesize
57B

MD5
f13725a361fa36a51fd306547887f939

SHA1
6a05db7fb957e2837c941ab29e1c0d58e026a78d

SHA256
12ab6b19c45f325e25dd9158e8665014292237fdf05ef9f09732c9216893bf59

SHA512
c6955cf190eb2064465fba33726c22791f2842d08ee2b3111ea556a2cf72d13aacd43fa4fdf941170c6e72fa64a9dc4271779cb3fd6efa776f6cd50b05340cac

Download Submit
C:\Users\Admin\Downloads\d3dcompiler_43.zip

Filesize
906KB

MD5
a389a8e84447749fabe9a6284116f608

SHA1
aec515a5970b09a7341a5366c6d10968ce6a9c76

SHA256
dca69bd5bb280aba14fc1dac35abe2dde2da74d11e89573f3cc7eb03114c48bf

SHA512
200fbc0f6ce79b9c8e3629bc4cc757632a0b51afdf9369636d01e5fc3a2ff104f4d35a34e55ea1847245f2eeeea71a50de24d1c753cc048b5d7a1d024bcbf623

Download Submit
C:\Users\Admin\Downloads\d3dcompiler_43.zip:Zone.Identifier

Filesize
66B

MD5
31c01beb8ad34178cd746a9e961c6107

SHA1
f93e483d6f6c11d2a9a9395b86ca3c6116659d82

SHA256
42a7cabc3976c53e0dfd24a70ce0151f177c92c79516527407cdfdc2b6caff2c

SHA512
69c81fabd5ea15ff6d0b981a366885db9cc30db6bcce72ad44ebc3f3c282f6eeefae931f3bbbcb7d8e9622a14c44e2479cbe68667976822e8a6838d348eaa1a2

Download Submit