hxxps://a[.]directfiledl[.]com/getfile?id=70855536&s=242DC1BC

Analysis

max time kernel
134s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 13:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://a.directfiledl.com/getfile?id=70855536&s=242DC1BC

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5064	Nezur_Interface.exe
1884	Nezur_Interface.exe
3456	Nezur_Interface.exe
2084	Nezur_Interface.exe
3256	Nezur_Interface.exe
3372	Nezur_Interface.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712258905334398"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 3096	4600	chrome.exe	84
PID 4600 wrote to memory of 3096	4600	chrome.exe	84
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 4512	4600	chrome.exe	85
PID 4600 wrote to memory of 640	4600	chrome.exe	86
PID 4600 wrote to memory of 640	4600	chrome.exe	86
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87
PID 4600 wrote to memory of 4756	4600	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://a.directfiledl.com/getfile?id=70855536&s=242DC1BC
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd1011cc40,0x7ffd1011cc4c,0x7ffd1011cc58
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4480,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5152,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4808,i,3588476370326889787,7367460450095335135,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3152

C:\Users\Admin\Downloads\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Interface.exe"
1⤵
- Executes dropped EXE
PID:5064

C:\Users\Admin\Downloads\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Interface.exe"
1⤵
- Executes dropped EXE
PID:1884

C:\Users\Admin\Downloads\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Interface.exe"
1⤵
- Executes dropped EXE
PID:3456

C:\Users\Admin\Downloads\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Interface.exe"
1⤵
- Executes dropped EXE
PID:2084

C:\Users\Admin\Downloads\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Interface.exe"
1⤵
- Executes dropped EXE
PID:3256

C:\Users\Admin\Downloads\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Interface.exe"
1⤵
- Executes dropped EXE
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
378632c415bbb46ddf9d50b04bef1faf

SHA1
74216a4ee43024912b9e6f7786ce316064e5f83d

SHA256
9b03e1d110071ef1681d111ae443117c6ef41fdfefd4f56b6566d025abf4e642

SHA512
f640beab52ad5f109a328b59801a070e3a21d106ba579a6b8f57aa078cc4a3ed67767352423e6a8dd22b2d55da12b69fdbc796b959ef60cae6696aae656a674d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5b07be46b40b21f8d49ddc0a34e00977

SHA1
f5f2479d4acdc9fcdac1d7519519a4557a2370bf

SHA256
debf2fd9f5b68d7c88d8ea8f2830bcbf3d61a22c4c0327d3139e720f5565828e

SHA512
71def819b30c11f2b6aab4afc0133153a0ed42c6e733056ef3bf24e68a9f49ced4aaebda14965df63f645b70cfa945134a59c8f6a3c66bb1cbff19cbab7d600d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
084424e7037e9af15ada682f4b1df687

SHA1
b8ccdd301a918220d593c81b61cb4dd0767b7ea2

SHA256
e5b33786215424e6c6857f0bea58f5eb6bd068d40e9078c3f354dbdf02c64193

SHA512
02476087457df8dfcdd86308540d80115a181c0062e269740d747797bd131cff54327016b5002cd52a2b6aa176b87e5c40053370b1fd1f8d61957496924dee5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f01727547cbcd38241e29958e0b9a61c

SHA1
2e26591eebf57fc343df6f89fe406645fbdea3f1

SHA256
8f2aee4554c5659b43a5a5f144d65aa3e8047017cf0043cfdbb4730eb6642958

SHA512
3e9af76beb068ad621344e1908bb032fa7dda32bce783e60dfe364030a7c936cde631cd1979a127673d526ec93fc8a6aedbd27aba8a04c8f2618ebf3e4bd3eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd942fba9d157a7f9339199b2eb8b212

SHA1
5183e64fa154be37cdcdc843d666cd5f82d33c36

SHA256
1962d25d8ab64703174372d8636b45dcca4d9eb5c2487508e7af16ab799801fa

SHA512
04179df508ed44c2880ca796e2ca4e4b8aa5d0aed85d0daa7c0533ea74cd5da686ecbc14ae52725a7fa748ade74d0e0aac5156b667e19d4d86ed463256bd38dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f6205ec4031ff7369dffb2e105d83b0

SHA1
641aa192afec34b8d51958830f47582b015ab4d1

SHA256
fc0f967d73d84e62b4b36816da8846e151b86bec97ae887f6e19c30977874702

SHA512
c01dba3b068cbed53f2613f04a9f585e5c7428caf4c528affb628a117949cedf218c3d1ab44f1e0a88b42ea2d47afc1cb31807c899c378eb69e22ffea3ee8200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc819870c01e1fb80bdb70371d85e53d

SHA1
80521e69f04c9ff88b84f0d53b26e05c256b288f

SHA256
f586cde7dbad75f5398b3129f31cc4a02fabb45e0c5ae63b14a03156a8452013

SHA512
5f8ef4faeef78f7465e215603f9327fe5667f9bfdfea4529de6699e23ebd39d7e154c83dd2d25773325c634e15c992c8f2859b434735f7c55a7ff3e7d0d6e13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f02b3983a43cff84af3792626f66228

SHA1
3d1d01756efb95368336acc7e96f3068fe27133c

SHA256
bd44d3e8ece2897fb10845fcfff2dbba74b1ad9d33f72c16d0c18e447e6e2fea

SHA512
60fecbd472bfb56c4f0905d2b6d9c8a2f14dec05c51866884154c05417e4d5b62a2abb029fccf2dc7e4f3d2c17671e4d6f30c124d370bdf73875b976ebbec5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f41d6b6b89929ed1e8f88534e2a90dd

SHA1
f326bea3eeaf4af40fccc7aa334d8145043d422f

SHA256
ad11adc359d5078ce80b1f1a7867bf1cfea72cd8428f13c5cc47048e29c10fb9

SHA512
0a2e9c15c7650a0ae4aadd3afe47d1e2047d841a678cfeae0834531a15a0340a50c2078b71422d9563b5f4d1e28ee64622cbbe166fcda0a653d4fb4a1c8ade3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5084efa909580d60609e382da8a9f44a

SHA1
a9b080340cf01791001b988e6d83b7ac98548754

SHA256
615bc9aa017535619863e3a7587d7d1b858dfd68ee2b348cd257360336162f2a

SHA512
2b86d205737c530a5bb1bb956ceb7db8b5858d62897a9d8dc85c8ae25d9d9c4e6f09875606ce9e084fff43e94e806ce3546e5f5c3dd1b0ba46de9860a0e76c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b43936f15ce44e400a448fc72d4596ae

SHA1
e37ddc8f067f08e9c0296994e73301befe267cfd

SHA256
b9968c6458f7772106dab4d402f7a7ba96cb8d4da8740625e1886fff220c59f1

SHA512
667836af5464637f8659dcea9afaebfa1af160fd84545449ed46a617533b2eb0aa1878d87902d476fb6461ce81400e6af3a1821731407ce0539174cff140d6de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b1d9d7e8e45bc65c951501064611a29f

SHA1
4c5d518ff1d98cb4dfdd3e461f1fb5b81d8e121d

SHA256
8414aa66a4cbad85d1db14d879c5ab0e7f548b2c5a1c170a19cda172306c38e1

SHA512
7eb0e9f9ce6e66c22b310e3964e219a0ac99ef9eb8b3ec9b0d952dd26e4441bbe8a8bf222a0b7ac1b83ade21c2807fb2d356520e5148755ab0cae0874f0b55b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e4b949f13b6aad899dc5f62f6b0a7ec1

SHA1
c4ceeb660a239a09ce3bac58e595cf273d9ca8b2

SHA256
e2ca67f34cd4560e89beb3d574212427da7eabcdca6f0becfc4e628a6f26c490

SHA512
62f5adb463b920dcfa57a18e697791ddf28773c1a03f0026297c66f492ec99cd50e84ce17497f162a81ffbdd46053fc308cb19f90e569bf2a5f229646f3d04da

Download Submit
C:\Users\Admin\Downloads\Nezur_Interface.exe

Filesize
315KB

MD5
62ddeb34d900f007dbf3dffa3d37c6a0

SHA1
69c357dd3aca07a61db8bb78ba0ab70fc88c6d70

SHA256
2aace00ef40acb91d0131d07838d4ab0d5c4387730eae8a5a74c23806fe17d8a

SHA512
f5f26c7402c0d38cb61db5ea1e35c28e6bcff946000d401ae9f1281ad61a38251f6b60d7a53b2316d014bb04167b98795aec5a05d0cfbe666fecc49e8f29f54d

Download Submit