Analysis Overview
SHA256
f181338bfa23fde91554ec27e36162a5d9d37e5a43115eb56cc5dce69d8a6020
Threat Level: Likely malicious
The file sample was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: lottie-player@latest
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: detect-gpu@latest
A potential corporate email address has been identified in the URL: [email protected]
Enumerates connected drives
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
Browser Information Discovery
System Time Discovery
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Enumerates system info in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:05
Reported
2024-11-09 22:36
Platform
win11-20241007-en
Max time kernel
1690s
Max time network
1694s
Command Line
Signatures
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: detect-gpu@latest
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: lottie-player@latest
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{BF6E1B65-826A-497B-88A5-AE20175B5658}\.cr\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{b16df2a0-c74b-4842-a33c-e03a23c6972d} = "\"C:\\ProgramData\\Package Cache\\{b16df2a0-c74b-4842-a33c-e03a23c6972d}\\windowsdesktop-runtime-7.0.20-win-x86.exe\" /burn.runonce" | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Drawing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Globalization.Extensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Formats.Asn1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework.Classic.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\Microsoft.VisualBasic.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\UIAutomationClient.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.NETCore.App.deps.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.DiaSymReader.Native.x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationNative_cor3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Runtime.Serialization.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Security.Cryptography.Csp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pl\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\mscordaccore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.IO.Compression.FileSystem.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\es\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Net.WebProxy.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Runtime.Numerics.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.ValueTuple.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\es\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Diagnostics.DiagnosticSource.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Security.Cryptography.Encoding.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Collections.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hans\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Numerics.Vectors.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\PresentationFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hans\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pl\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\netstandard.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Reflection.Emit.Lightweight.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\PresentationUI.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Threading.ThreadPool.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Windows.Controls.Ribbon.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.IO.Compression.Native.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.VisualBasic.Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.ComponentModel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Net.Quic.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\WindowsFormsIntegration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\fr\PresentationUI.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Drawing.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Security.SecureString.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Threading.Tasks.Parallel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Windows.Forms.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\Microsoft.WindowsDesktop.App.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\de\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{4DAE978C-6175-400D-A508-2403109B89E9} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICF38.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5acd78.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5acd7d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFF1899B3EDCAA9B26.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID6AC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF346F985EF6E9D887.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID4C7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd78.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDE42.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE509.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFB86443B64DB5D33.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd7c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd82.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF62D76A27F79DBCE0.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID9EB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd86.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF193D73584DC49F35.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{9D0BB263-30C0-477F-A78D-D5E25FFAC64A} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID71B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1BF41F8E1505B697.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd81.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1BCD85E50036D140.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF50B0B76D7FC0252F.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd73.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5acd73.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF882D8EAE6D52FE3D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd77.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7AD058F3CF34AC1B.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFAF4275D7482C4E04.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF9845842F484AD5D1.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5acd82.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF51631002840ABEA6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF50C72DA10D0B0890.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF9D5902C57526FE5C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5acd7d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{5B42B80B-A402-4711-B7E4-2E42B953ACAB} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID8C2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{D21715FE-E342-4744-A499-76ECE655DE5C} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF11A776BF87BACDE9.TMP | C:\Windows\system32\msiexec.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{BF6E1B65-826A-497B-88A5-AE20175B5658}\.cr\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756635849276097" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86\Dependents | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\362BB0D90C03F7747AD85D2EF5AF6CA4\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.80.15184_x86 | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86\DisplayName = "Microsoft .NET Host - 7.0.20 (x86)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.80.15184_x86\Dependents | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{b16df2a0-c74b-4842-a33c-e03a23c6972d}\Dependents | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\362BB0D90C03F7747AD85D2EF5AF6CA4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CB060CF1DBA5E1C781D70245BFC4FA32\B08B24B5204A11747B4EE2249B35CABA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.80.15245_x86\ = "{D21715FE-E342-4744-A499-76ECE655DE5C}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{b16df2a0-c74b-4842-a33c-e03a23c6972d}\Dependents\{b16df2a0-c74b-4842-a33c-e03a23c6972d} | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C879EAD45716D0045A80423001B9989E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\362BB0D90C03F7747AD85D2EF5AF6CA4\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.80.15184_x86\Dependents | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_56.80.15245_x86 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86\ = "{5B42B80B-A402-4711-B7E4-2E42B953ACAB}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B08B24B5204A11747B4EE2249B35CABA\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B08B24B5204A11747B4EE2249B35CABA\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C879EAD45716D0045A80423001B9989E\ProductName = "Microsoft .NET Runtime - 7.0.20 (x86)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CB3DA446BAE55F97A38B91A4056C255D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.80.15184_x86\Dependents\{b16df2a0-c74b-4842-a33c-e03a23c6972d} | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.80.15184_x86 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \Registry\User\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\NotificationData | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B08B24B5204A11747B4EE2249B35CABA\SourceList\PackageName = "dotnet-host-7.0.20-win-x86.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{b16df2a0-c74b-4842-a33c-e03a23c6972d}\ = "{b16df2a0-c74b-4842-a33c-e03a23c6972d}" | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B08B24B5204A11747B4EE2249B35CABA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{b16df2a0-c74b-4842-a33c-e03a23c6972d}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.20 (x86)" | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B08B24B5204A11747B4EE2249B35CABA\PackageCode = "E3F2021F6B253AB42B88C0D7635FF771" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86 | C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CB3DA446BAE55F97A38B91A4056C255D\C879EAD45716D0045A80423001B9989E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EF51712D243E44744A9967CE6E55EDC5\SourceList\PackageName = "windowsdesktop-runtime-7.0.20-win-x86.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\362BB0D90C03F7747AD85D2EF5AF6CA4\Version = "944782160" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B08B24B5204A11747B4EE2249B35CABA\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96EE1EACF0954A06831232C7AE4DDC76 | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Nezur_Loader.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 329096.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0de4cc40,0x7ffd0de4cc4c,0x7ffd0de4cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1760 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4904,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5212,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4828,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5280,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5112,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3688,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4920,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5396,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5428,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5616,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5768,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5760 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5904,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3068,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3096,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3188,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5240,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5252,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5568,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4356,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5360,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4992,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=736,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5932,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5800,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5852,i,8940107561878875818,2376975130331804099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86&apphost_version=7.0.16&gui=true
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcf9493cb8,0x7ffcf9493cc8,0x7ffcf9493cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,9841670018098567539,2736964958298830202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe
"C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe"
C:\Windows\Temp\{BF6E1B65-826A-497B-88A5-AE20175B5658}\.cr\windowsdesktop-runtime-7.0.20-win-x86.exe
"C:\Windows\Temp\{BF6E1B65-826A-497B-88A5-AE20175B5658}\.cr\windowsdesktop-runtime-7.0.20-win-x86.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.20-win-x86.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756
C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe
"C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.be\windowsdesktop-runtime-7.0.20-win-x86.exe" -q -burn.elevated BurnPipe.{84C9E478-3342-49AF-A5F8-EA48F85AFF67} {24F9A567-1A41-414E-ABEB-54719085B197} 6060
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 798C42701B1CA4B453E19634D83B9939
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 33BF686E0BB8B5F591A795CE844B99A2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C740C00DE04FFCC6F8FB3401CC8401B1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4B449B137D5BEBC97AEAA869C20AF53A
C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/product/41-nezur-key-bypass-lifetime-license/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9493cb8,0x7ffcf9493cc8,0x7ffcf9493cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,8630637857129158740,12581507295784831382,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,8630637857129158740,12581507295784831382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,8630637857129158740,12581507295784831382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,8630637857129158740,12581507295784831382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,8630637857129158740,12581507295784831382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://key.nezur.io/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9493cb8,0x7ffcf9493cc8,0x7ffcf9493cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://key.nezur.io/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9493cb8,0x7ffcf9493cc8,0x7ffcf9493cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4495053722726380748,16459598932273226986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6156 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 172.67.167.94:443 | waveexecutor.io | tcp |
| US | 172.67.167.94:443 | waveexecutor.io | tcp |
| US | 172.67.167.94:443 | waveexecutor.io | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| GB | 89.116.109.5:443 | magictag.digislots.in | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 91.108.103.72:443 | magic-shield.digislots.in | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.103.108.91.in-addr.arpa | udp |
| GB | 91.108.103.72:443 | magic-shield.digislots.in | udp |
| GB | 142.250.178.2:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.213.1:443 | d116cb3a97103f311a9079c34f870995.safeframe.googlesyndication.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| BR | 172.217.30.3:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 104.21.9.9:443 | nezur.org | tcp |
| US | 104.21.9.9:443 | nezur.org | tcp |
| US | 104.21.9.9:443 | nezur.org | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
| FR | 46.105.201.240:443 | s10.histats.com | tcp |
| CA | 149.56.240.132:443 | s4.histats.com | tcp |
| US | 104.26.6.104:443 | nezur.io | tcp |
| US | 104.26.6.104:443 | nezur.io | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| ZA | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| IT | 2.22.34.124:443 | aka.ms | tcp |
| US | 13.107.246.65:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.65:443 | js.monitor.azure.com | tcp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 13.107.246.65:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 23.192.22.93:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| US | 13.107.246.65:443 | js.monitor.azure.com | tcp |
| US | 199.232.214.172:443 | download.visualstudio.microsoft.com | tcp |
| US | 199.232.214.172:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 52.30.162.214:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | 163.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.162.30.52.in-addr.arpa | udp |
| US | 199.232.214.172:80 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| NL | 18.239.15.184:443 | d6tizftlrpuof.cloudfront.net | tcp |
| NL | 18.239.15.184:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| GB | 216.58.213.14:443 | www.youtube-nocookie.com | tcp |
| GB | 216.58.213.14:443 | www.youtube-nocookie.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 148.155.9.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | securityintelligencecenter-eastus.azurewebsites.net | udp |
| US | 8.8.8.8:53 | assets.onestore.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 23.96.1.109:443 | securityintelligencecenter-eastus.azurewebsites.net | tcp |
| US | 13.107.246.65:443 | mem.gfx.ms | tcp |
| GB | 184.87.176.59:443 | assets.onestore.ms | tcp |
| GB | 184.87.176.59:443 | assets.onestore.ms | tcp |
| GB | 184.87.176.59:443 | assets.onestore.ms | tcp |
| US | 8.8.8.8:53 | 109.1.96.23.in-addr.arpa | udp |
| US | 13.107.246.65:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| IE | 20.166.40.71:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 71.40.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1cheats.com | udp |
| US | 8.8.8.8:53 | 1cheats.com | udp |
| US | 104.26.5.38:443 | 1cheats.com | tcp |
| US | 104.26.5.38:443 | 1cheats.com | tcp |
| US | 8.8.8.8:53 | 38.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| NL | 18.239.18.104:443 | js.stripe.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.18.239.18.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 172.67.74.136:443 | key.nezur.io | tcp |
| US | 172.67.74.136:443 | key.nezur.io | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 172.217.169.42:443 | ajax.googleapis.com | tcp |
| NL | 108.156.61.73:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 104.18.34.201:443 | assets-global.website-files.com | tcp |
| US | 104.18.34.201:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | 73.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.34.18.104.in-addr.arpa | udp |
| US | 104.26.5.38:443 | 1cheats.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.26.5.38:443 | 1cheats.com | tcp |
| NL | 18.239.18.104:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 151.101.192.176:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 34.217.197.255:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 255.197.217.34.in-addr.arpa | udp |
| US | 104.21.89.193:443 | lootdest.com | tcp |
| US | 104.21.89.193:443 | lootdest.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | d1f9x963ud6u7a.cloudfront.net | udp |
| NL | 18.239.38.16:443 | d1f9x963ud6u7a.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 193.89.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.taboola.com | udp |
| US | 151.101.65.44:443 | api.taboola.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | nerventualken.com | udp |
| US | 172.67.197.84:443 | nerventualken.com | tcp |
| US | 8.8.8.8:53 | 16.38.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.197.67.172.in-addr.arpa | udp |
| US | 172.67.197.84:443 | nerventualken.com | tcp |
| US | 8.8.8.8:53 | d1wzdj81h1hubn.cloudfront.net | udp |
| NL | 18.239.47.157:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| NL | 18.239.47.157:443 | d1wzdj81h1hubn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 157.47.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.onsultingco.com | udp |
| US | 8.8.8.8:53 | www.bf3jdsk2d.com | udp |
| US | 8.8.8.8:53 | curyrentattrib.info | udp |
| US | 104.21.41.244:443 | 0.onsultingco.com | tcp |
| US | 104.21.41.244:443 | 0.onsultingco.com | tcp |
| GB | 18.245.143.77:443 | curyrentattrib.info | tcp |
| US | 34.160.222.255:443 | www.bf3jdsk2d.com | tcp |
| US | 34.160.222.255:443 | www.bf3jdsk2d.com | tcp |
| US | 8.8.8.8:53 | 77.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.222.160.34.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
\??\pipe\crashpad_2516_BKXLJMMZQXEFXXVY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f3f74e08b0c753714edd6d669ebde61b |
| SHA1 | c556490d8703ef3a2a18f96783fa11c2f76f4bcf |
| SHA256 | aff6d03d2b5be619e82138b87e3db0ec3aaeb00c5ab2ba31df2ae498e9cde874 |
| SHA512 | ce0c2d14e97a85ffd76c1602530f13b854bcd14388037a34115bf0597efe2eb360b222cfa83af047ff898ec807f3d7dccdb156e256a266c25b57f744f3084427 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5a6e4b4614818bf9870593c88c4f4051 |
| SHA1 | 5a08cda5f2dcdc86b34c96ac347f95d5d31d2fb4 |
| SHA256 | d9f380beda826764404547f3c7585cfefedd433765bf84b83042f988dcefba87 |
| SHA512 | 3d394853a20bb388a4bf797288baa9caa18ce9140170b38e59183c1be73bb4dda35a205489d0f8d1d7182ae0944b07ba7e043091c97dd37e23e2a0b3610d4dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2fc013a5f0de3bcefdad290a8e9509ed |
| SHA1 | 90a567925f5616f9523105977eeea004977bae3d |
| SHA256 | 0e33768aba4fc2deeb4780e2e155b37fa8f2b56d2ca4bc6d92502d2cee7e468d |
| SHA512 | 6555be77a2b89fe86476fc4df737e497795dc6e5d61bf19a696bcbd3eaaec0ff6ea363382a23ef3a30f7fa2f01cbee0dd148ba8b46ff6900d993f0aa621ae2e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99e2e4f2713ffbf8c5e4b9a531cb28b1 |
| SHA1 | 52b283008df7d209b202e3270bfe1b3b596ca8c7 |
| SHA256 | 4295ae0be536aee6f0f4831eedf000fe4d31cb2aa9394f0426050727daa0c378 |
| SHA512 | 2580c9ff7eb3700a09f1fe36c1bd90e9b9777e6d1dd82a8a6a68c86f942659f1b8e5ce6415995a7f22bded4f76de96dd1e12ec20a71d19f2b4d376e5c390623b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 779fe2ba10dad3ac01a13c615b9918af |
| SHA1 | bc859f57ae4b846de8c7424b9d96fda06899b105 |
| SHA256 | c64351cc55b0e15d340d2157aa0d9ade959a060ef73906ab9140c982fc26b062 |
| SHA512 | 733293d3a4fa61f849f5ee1fcf261ee1867c9aa237c1b476663f493049ee47cee82015c0e584c17b09e5a7e6503978da0438e71aaed47f57bc6d12ba24087016 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3bea3f7d53d98e709019896c6c6f2088 |
| SHA1 | d6046b45bc53c4627786973e6174b1fcc2a164a8 |
| SHA256 | 43ed345e2d6894e2f4096965773f1d3eb56d93784014d86b8ca4739dc7fe20db |
| SHA512 | 351195e598e9414eb623f8d1e3dbb5384633e267d3a4a6e1dc965ce46a128d7ea6d059bdf94cbf650635c4154ba6e6633b18c891956072d0780479c3a095458f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ba9b4da7ca0e2a5aa041bcdd0d72dd3d |
| SHA1 | f496015c41da57558275c64dfe2b2f0b78fd3275 |
| SHA256 | c7cefb084a657484cdfdee86b46b963ecf95f5e609215d03987e34b8307688c9 |
| SHA512 | 0900fdf239900a2c62496d60824134a76f9d4253061247f5e2216b3a17e3f0d91a5bcd0917a14fd2f2d71d71a976a00ea2628938927c601bb4a64c3e77a2a367 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74f23cfa0a0625b722045058dc92ad83 |
| SHA1 | b8aeb4ce25dbb1708c13072dfd8c415ea0ac11ec |
| SHA256 | 63521b324c928e534b12e50ad954525d6a75f6d771f442ee4f047e7d60faca07 |
| SHA512 | 5443a1d4aec41ae2f6d3f619db3e0bfac1e822c267153aa03b663a81f62024f4972d616d7b445d27becf78869094c9c4f6f54f2d3b0a2c99a1721d15b7cfa26c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 24393e2ccc4e7a164f062df993d27335 |
| SHA1 | c8f960244677439e72295d499440f295ae5be7c5 |
| SHA256 | 3ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130 |
| SHA512 | a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | d4586933fabd5754ef925c6e940472f4 |
| SHA1 | a77f36a596ef86e1ad10444b2679e1531995b553 |
| SHA256 | 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2 |
| SHA512 | 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 234d6eecc9787b97db62c8b372fd8190 |
| SHA1 | 6ffb263545ffb530e59f620622fe8a5ef0506169 |
| SHA256 | 95206f8cf03edef44bbe7547c556d8c828846c24f47e2a7ea4e4038a6c9226d9 |
| SHA512 | 203e0bbead9ed8f8062d33251a6910a17f9dd0e2f00c53224554d880355850c4836e523ea315c510b663e63ceee9ca5b4ad45026f53b75be091b652399e9b064 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 47034bc61a21d3ae5b6fb59fdfa0f53e |
| SHA1 | b16912cb70fd25db5874eac58e5c932da7cc3f72 |
| SHA256 | 44d5c30a6a57fab9889b08e51e3054905a7ca22a8f46631fcd75293d85b21058 |
| SHA512 | 96dbc15d83aa935e3945afc8c55dc11e429d84d4e5b8631e17f7a1579af38fcd7d49a8a47daadb6e7d91a76a21f3487d03bdef7a3063e3fd56bab6e5e9562bfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c863464bdde894e4da355df659d7fff0 |
| SHA1 | 42b7b1ccc68d09bf736f3db0d6497e1ff76b6e1b |
| SHA256 | 8834aefe23e0e9cf3c85d4d892922fe36e6b3916add7f2dc5bbbba37ad8cd227 |
| SHA512 | b23cc55e4d877b9e4f1ed57dc41bf6192715706d7dd98486a668a6abe0c97bb56f8f5f22088d0b93d32be723628ba657aa69c69696f6e49bbda944ecccac04f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 683023ed67bb8909fd9b27cf568526ff |
| SHA1 | 2dd1f33b62b218b33e866b2a866c24cfdaa1b8df |
| SHA256 | cdaf2b9f3f100cc2bc9acc87694aee757eb8ffa40799aefed0b1fa4c02bf0275 |
| SHA512 | 5c316beff3c9e10f84f8c93db0a0656448958453cfaafaaf423e86ab42deee8051bfb2e9a00dcd6e927779b6dee17bb138f46ca4f12ee7bdc7fe5598c86f48a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d25d08be0cb1adbb5fbb00854c40afd2 |
| SHA1 | 9123239202f253e3a990e554982f9dfb8bb37555 |
| SHA256 | 9d4743cab7b0fa2c414bcda01598319e8def7999b70df2e2a65e39d65f5bca05 |
| SHA512 | 7b40651b618759dfb152459406fb183c8703f05bf8492594c6061d1aaf470a4d6b5acadd2efcdb9ef3546bbb70fabae05858a01480eb767a8686147aef4eac8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6914899eee6e9c466581dcb5f2dcd173 |
| SHA1 | 611cad966e8d056bc54d7fd54041351dc57675fe |
| SHA256 | bcc20514f815e4b4d9efdff820fb6e44a9d677fb273cdee5934d075ba3cbdf94 |
| SHA512 | 32ef6b44dc9da1baa282d618284a32c502ced5fe3d7dfa5c3956b0d512725b8ca43e8000dd55b15543bb150637db416cc8b5d9056802dc195d6c21f1b41f0666 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52d51b379c8076d030e06f30e24903c6 |
| SHA1 | 020dfc520ba81a7aa1edac176f4112a27eccdf83 |
| SHA256 | 6b20e4bc7034e2ea9933cc2cbe5abe0b990cde27d488c3dca4330b25258d7cd1 |
| SHA512 | 5d233f25948c3d436c1455aaffe8ecc8907ad470b9f94b150da339a0b6a494d4c31849eb845e70ead673c07116451c5759f65de269660ed7cb6749630ffd6d10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1be66fac28a03f060f1018e6b9d5605f |
| SHA1 | 296366f2fb8260524d3f3cda6eddc3bae65326f8 |
| SHA256 | 2528e27e9b3c2d9fec8612eba343c6f4732135f6fb2a3c6656a5007cda573b30 |
| SHA512 | 507a3522735ae8916e36a6f8c9a5173776ef772f07eaaa8c37728648a3e295f55445ee6bdedf2212aa30206047518b45b4d2faec70f428524e09e0a08782ad50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0bdd77b6765608b36724377b3a009917 |
| SHA1 | 5060a13776afd3d0e9221366d02788aeac992e75 |
| SHA256 | ed8792bf777d2635c66fe22c930a1e867adb8e79d01ec74506f20c95cc5f76d0 |
| SHA512 | c6f78ff6b280b251a28ec73e0aa3add8cc292003c6022e810bbca793ef86422e2790d44bf429bffd0f691dfcf03d786babaf492bce28a2999eff18a23cab5199 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74213850d87788c630c2c2d4f97ea375 |
| SHA1 | 4f966ecf47484d54c76807a6dc5c39ef5dcd52e7 |
| SHA256 | 70cb9843b1119c535a291dd6c9b8372cdd2954bbba384ff03dfc68f61dd1592a |
| SHA512 | d01f4ca05d13f392ce79026da468f8a3f5781bd8c3f6312ae7b608d049eee4bdfe00b3e9cbf07b1eb4fcab2671788343678571fc1ec740f942f8ba874e092f55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac04c2edae4c34398f5dc52d7c6c2be0 |
| SHA1 | 61d0a697c146e3f32e19b77904b83c8bfa64bf8b |
| SHA256 | b05449b3777cebb7d34cc1126a70d27766e8ed52f0ef0b3f1ad1a153b08e0885 |
| SHA512 | 807366cbd704d2dbc6075a9d8a7ede81baec922c450f13f95f1eae46c70a14a39b26d86e05617040cdac0f938798babb041a0c19778c3b505b214274adb2ba0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9a37f4972b514fc2cb315b55660c493 |
| SHA1 | 17c1a17e9cce7414ef5a2ed3c7d4c308f128765a |
| SHA256 | 99d09938cfb37de4bfa6613ac6d5bbb5df9a5729952e77fb7037ce4ac24694f3 |
| SHA512 | dcbb0a995de0843bc9c84e04d5a47b0a6d20a4a08fdb7e58eaa8e7ced3c29f198dc6a53e705b03fa0f0f9b441bfe855f96625d78f8886708f34f1d9ec023ca7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 59905dc53528e885a31e2e9d297e9c5e |
| SHA1 | 85ea6f9829487a95e8f8851bf4527b344ec6b122 |
| SHA256 | 41a39750076d07cbaa17b27111a5021b0d38b6c8e715ee2ea2a2562ea3cb3fae |
| SHA512 | fd288c3dc4bf6d2915531d67aa3af52829ad4d81bc150f9374f32e8060cccecf0861f9ac0d8960218e7869062895a71ea21eb524dc1a74b69e153d409900875c |
C:\Users\Admin\Downloads\Nezur_Loader.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ecdfdbe30168b7cbcf08a1fc1c9a3f2 |
| SHA1 | 593c4544531b86fd1ef19c6c02f563f30bcabdf6 |
| SHA256 | babf32b3164922206dc3b6d6c92dfd1f08ade81d4a1677ead513ce12073fac71 |
| SHA512 | 562923071a6ba046f33e10cada26a7e6c9185fae27b965bb5417524b68a505b8e790e14c003ec2ec9a8a8950f10a0f7156c6eb728933c82f80033d68586b423f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fe2d44c97e6f336d090f37f1e8e9b302 |
| SHA1 | 78be8e30ed0189de657f6336f575150dbe219b00 |
| SHA256 | 9159fc7a2d4213714f309ec10d51deaad9d54fe1abc32d7e6bf587e0d1ac76eb |
| SHA512 | f084a2db541d31d23a039145ba4bf0a93289ec37fefcd4a7a055445e51481de6a59d11348623c4b33d351e23956bbce80e29d73a5fef8d4c128276a9df32d826 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dffb2b85355ee69c18a6123e5bca91fc |
| SHA1 | f5416c299db55344d43c2ebd78d9f5dca6ac3288 |
| SHA256 | 438ba9b2052f8b00e51293583569ce251c9929b54f9bbb785bcc33a542d2041a |
| SHA512 | 45d17862c85c2227d7b5b2d894e0a6b9ba4d9b88877a1223d14291423fb10fef4932e65d2b7200a78fea81b439973b93728f30d464f073fd48daeb2e4ccbab40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a1fd1a644ab638371506b19442d53be |
| SHA1 | 4961a696cc7578ba390e76470b62e387929705a2 |
| SHA256 | bff38d9d4be237acc143f75c5857bb626c2394fc42de7f2e611f24d42deee0a7 |
| SHA512 | 6628599c781274f02d546cb5777a0872a273d63ab5ff0eecb5433a640677f7c3ec3f2022fa54a053a3f9a8bbf93ba1a51067f41436bbe9fdb4849c2d2faf836d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60b6eea8f9554164c52ea9700a1dc8d2 |
| SHA1 | f1824548e18ce684c4564f3c6f832e2581d37bfb |
| SHA256 | 644571157d4046d7130002e7d7e68d05444c3d8c65e501709c2ca923a513019d |
| SHA512 | 94da814b05edafd38d7455b1f17320ae882d13fba555361c4cbecc1cf7f2e638784371ad01dbe98c9cdc033bf4777956d677cd318aeadf4e5fecc02b964ea598 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 436255a7b7f73dfcc2534c83096e0cbd |
| SHA1 | 3149508cde0fa9d00ab891f1a0e5e6850888c9e9 |
| SHA256 | 94a23c8260612867ee4c7bcc05921b89826badb5ed888a559138727a47721040 |
| SHA512 | 0b3fa740207992f99972eca769837cf2f19b7c9560724d147bd564cc18a259b1d57dc72fe5c3ae06ca168bceed6c9ce0e02588b4ed9f6d3399280f719c4b0038 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c03d23a8155753f5a936bd7195e475bc |
| SHA1 | cdf47f410a3ec000e84be83a3216b54331679d63 |
| SHA256 | 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca |
| SHA512 | 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d68c7edc2a288ee58e6629398bb9f7c |
| SHA1 | 6c1909dea9321c55cae38b8f16bd9d67822e2e51 |
| SHA256 | dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b |
| SHA512 | 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91d54fd44d647cf9ef80a22dff442f61 |
| SHA1 | be4a3c04709b2a89c2d0acd8d2f61659573428d2 |
| SHA256 | 7ef64cb6f24d3e8594d5ddfe4f3be49411679bc6fb4e8bb07ff209d0c0e7e5dd |
| SHA512 | b7fb990e4c30d73658b60fb82d635b4cffe352b26c180a4610149b4a72147cb00fab5cc6492b26d02e6d0414913793a5c6a38b35af66e891aa2765b4edffcf52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4762e8915c1814b24289e87753a4fa9f |
| SHA1 | 00a0c6ec84327e69aaad46764de8e1ab2ca78e89 |
| SHA256 | f6779befc293bba341990f7393fd534310d66ef35417f79dfa5c94048ac1acc0 |
| SHA512 | f76b35fe24dc401d564f6a05320a640aa283520c19fa701bd0c6e1699f61fa169410a8c80f7c13bcde7f1fa3ad7939c8d787adff7d81f76502bc7adbc682218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c97390cc9ad75309acad5c365590e43c |
| SHA1 | 0866f2c687796d20331cd91ecc5fcf2acfa6e993 |
| SHA256 | 28450f981e6b063c0f6793388b228511b7b0753dc5673df182482d0a40cbb72b |
| SHA512 | 8c0fe0451fc9afe3dfaf65a120d93ac64ba941c248a7814534bc0a67821709deeb2b84c75f1641d9f30cba3840c3952a630613ddbd814ab2c41fddceaf584844 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 4e3e8d3b9c21501982adac924a67f775 |
| SHA1 | c262f7cfc8c4dfe50eb083bc0dfa2a176eab23da |
| SHA256 | 1b0c8b92773e0cd08e82a18dda96cad6d25e361d1c7fbb9b45e200b548ff25b6 |
| SHA512 | fbfc08ac27881c79e7d90428a986fb4c18d10fd235d61b846d6269c11321e0cff7deba7fdd6c2facb2bdc76f4957b705ea5e438d864138f44db0d8913da734b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa10c0f46942f4a7cae1f389b5291643 |
| SHA1 | 964e715ea6dc3f6e6c540d04ef00dacbeb5e1ac3 |
| SHA256 | 2719c7a5071cb6fb97f3729212b3ead865e7665b8c5679c8186fcd63b702bcd3 |
| SHA512 | 8ab2e4278e54ca1869dafee92525cb0b50ac390f5d9aaea19c1e450a8bff007814898f1996e10c4797a676be8ccada5e2aa75194158a9bf701df61615ebf1e20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a52cb91f12c8e280d0eb214ad9e48424 |
| SHA1 | 9b5c2ba0aa064e919152ea87b0b7335e7f0f311e |
| SHA256 | b8add6eeb9875fd1c2c24def74cf83914fac1be4c1ae7ae259b1902f6cd22f53 |
| SHA512 | c1f8c9f8b7b4beb54c9764209e4fc5fe73d8bde0474fa7d55307922490d9aa8f95e69b93c83b9505759a88d9d7723cd3d4ccae5565ba3cf30c325052b4d967e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8089641693e7261c0dff72363476eaeb |
| SHA1 | e2ad738d2ede9e0f92eed677f5c4e237040e22b6 |
| SHA256 | abbf85a85e79fd3f334befeda66814406b4034db7f9e11d99c0f1fec6c47d1bf |
| SHA512 | 901ef339caf6643bb13aa595b5bac1e825de628f63ba3a9c808643b63fe0457bfcbac941fe54c3556505b14f6483100acdf5f14b5fdfa1aabfed929fe727d813 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5881a6b8e8e68e0879df85aa08e8f2ff |
| SHA1 | bd3f988eb7545b3d4f8055ee6303b7093f1a90e7 |
| SHA256 | 47f66b2952e14e87f323365ce46832b67509939426ec95c687482ff40f79af3d |
| SHA512 | b1de8750d5591af3faac57fec36014b2d1a69436d774ab371f3a2f0fbf6e9ebd4abb275a75ba0a9f72fcbd77c69b3a66e34a61c2b409f7549f5b09f8c9f0da99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a39ce.TMP
| MD5 | 360340a52d5c3e44c3094a614daa57af |
| SHA1 | a2c8aeb0a78908f260fe36e23f4eb45e33cf2dba |
| SHA256 | 2afcfbb3ab6b1911485268d01956d27d9b631644cf766b6adb203aa817c4e3fe |
| SHA512 | ed9c895fd355e1196bdf92742858589609e9aafbb21de1613662f554212d18ee1f42e9e7c8a6c2ac9c6ac3261ec044467cc03cca146c98a69e59845d4532d2d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 96f19adaa9a86738d859492620a01fde |
| SHA1 | 64e7100b4a653d4193d992edcefe04e1ab44ab19 |
| SHA256 | ea39488a9a656346407560db9db93ef9d79077538db1a7a1e3be60b464f86a11 |
| SHA512 | b5ade779bc599756676cefc4325c5372bd59fa7c74d2d01abde047e69eb7c77a47d2a064a648f6a5bd4843ca64c5acabcf1917cca5a751bd6180ee77ac4cd076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | b943c86bd0c9ac6860a18f03345a9336 |
| SHA1 | 664e61c71d7e2563d453c0b0486fe551438d3bd4 |
| SHA256 | c061f575950bdaff83391ac11d6b3ad7e20dacfc85259fd4dd0fae1285beddcb |
| SHA512 | a3ade25576174cf65cbf3b748f024fb78d431dbc719a48d2aa5242bff176e9b0991594787d9f1b5fd50a3ad75670e64c44c8941178ca16a0fc13ae1ede5527f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 343859b4ad03856a60d076c8cd8f22c3 |
| SHA1 | 7954a27de3329b4c5eefd4bdcb8450823881aad6 |
| SHA256 | 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f |
| SHA512 | 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 656d35aa85a877b6ae71d8760136c692 |
| SHA1 | a5d21e70f0651a651f167fb4f4bb08e09fa59191 |
| SHA256 | a3db05dfd43b4ac77c93c1d10ddc7972a0fcb5a1eda285d09744bcd763d9a814 |
| SHA512 | a19fe93e466a34b6f73f3209000747ccbae70616823b0f2386bdb1cd8ddb9f026c7daac9ca7a7ce60b38e8c978e33d2124fa152171f004868da6e58bcdb4a2d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3df79964518ea3541aa5ff998fc8b141 |
| SHA1 | b7aa7c2a4339336d7f19975c19872f3ca665f58c |
| SHA256 | c4134b1527388a32973727e686c38b097d67a4fde5605150cade9b69be1f8035 |
| SHA512 | 4731117c96fbbd17883ff16417b0e2137bf0b92efe67d3690f8ba0c581fa4ca5aa0ce3b4afc479408486283d7243df64009f5a9ce768f1a4cda2b4d713512cde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b08aec5c05f673cb9ce76a026c84d2e |
| SHA1 | 9dd61c160b1c132adae07749f941535265ff3651 |
| SHA256 | bffa15531ef1cb41672c01407300a99528bd9e9376ec671ca37c149d6445bc0f |
| SHA512 | 4ea369186ccb4dfda12662b6571487d6c73a0bd50ebcaa86d1db484af8aebdbb6bd368f54c1c07d2529851ca9a11f1a5d39d2206bd8f29a0071fb636ee25f9a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c701a66cb084c64abda89af61b4210e9 |
| SHA1 | 4fc6b968617440f3b95ef6dd332a8a4177159ebf |
| SHA256 | ea28af50d30f99782374392af093b4519ef471d953c0127162049c955571d297 |
| SHA512 | c40d1b9ea45ec0fd83d32d7f1c63ca42ab6fbb695e3348ed78d89744035f12cf193bd8dca0d4be78ccc1b7411c78fa2651277ce13d049922bf3de52e881c8ef1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 5ad67628093b90d7b09f19fea57ebe1d |
| SHA1 | c983290e8692fe0d4a5a6f7354c27ad4c61a0221 |
| SHA256 | 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c |
| SHA512 | 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa9cb08a8c2889a9aae4a957892e9a09 |
| SHA1 | 4fa5c614b14130757e78169e0df5112909777995 |
| SHA256 | 1aa7a189a22ff1f53c33c64a3c9905e1deca87fc688cf45d3a0da2b44eae02e5 |
| SHA512 | 3ffc3e913302b5cb5aac9c2bac935ce181b576019371575306eab0bd241b14c57c8ff1c70ca86d669a22d9fe9bb2decf3431e5967068d4bec0ed687cd1f930ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4fe38bcfa514a98800b96ee14077a550 |
| SHA1 | dc6f3df73b84c372dd2b52e095349e1b4c622f1a |
| SHA256 | 63176e3fa77b1fc2eac271ad93c1e7a7417d456364815763b577604063c2ce75 |
| SHA512 | 74ac4a29773bb91b2d65dc8ff27be18e8dcb3f34d487d8715d53ad2820e357bdb8fc18439550e28c6e25dba915618ad3cff03dc178effd75fa6eb88e18ccbc50 |
C:\Windows\Temp\{BF6E1B65-826A-497B-88A5-AE20175B5658}\.cr\windowsdesktop-runtime-7.0.20-win-x86.exe
| MD5 | 0eec93b126a1fc4d0cf2057739cdc8cf |
| SHA1 | ee44dcc42877467fcfd5f44c8c9ced0b4d0ea16a |
| SHA256 | db5d6170b7e5711ceb937acb22b36082bde624559219bc976330928d817dc1ea |
| SHA512 | 6a1b715127ff33198533191bd7c6ea54b9c635d5550a1f1e8027ff045b2e416accf91594b791ec86256a931ae067095c477ffad23d6c34b103760b9fbd221e02 |
C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.ba\wixstdba.dll
| MD5 | f68f43f809840328f4e993a54b0d5e62 |
| SHA1 | 01da48ce6c81df4835b4c2eca7e1d447be893d39 |
| SHA256 | e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e |
| SHA512 | a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1 |
C:\Windows\Temp\{C226D36E-CF86-44DF-A381-814FF0EC850F}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4c9e478a422baecdffdcf12bc81006c7 |
| SHA1 | a5b8ce054be1efc5a580c476efb02f87df84f475 |
| SHA256 | a882e6de97039f221dc851d07af45e82ababeb5bc53f8a46216b8dac9c3896ba |
| SHA512 | c66c8ac14b7b1bc374d7c684ad67f7b0883ff1c9fa048932b0c47c6654e4ebeb7833620e0b13f036dd791083b0c6680e363bf71c5b83a49b450737c9781557cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2706b2ce048b44038eddd3e1209ddd3 |
| SHA1 | 0eec77131770c2cda31061379094899e15a76b19 |
| SHA256 | abc966d45f3471ee05f9e7ebefaa3e522b34c98e3e6d247e6e1380fee81908b5 |
| SHA512 | 025ab0a884a9941daa3d6ae1c0213362788f53332c0c5b00f4f85ed2ed5299b37b4ef668f690a573de73ca13084b6a18963eb14ea266768e388e26b45aff8780 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1bff62e11797f81aa52ee33235c0e3e2 |
| SHA1 | 24281526c15ba983005e23b9821f47c655380530 |
| SHA256 | 31967048a059113e9ff5426457fbd8165d7a61219f9987b635573ae33b61bd36 |
| SHA512 | b22feedde7598b5037eb5f33c4833dda63539d3ba2522783c500ff7bff8905b3541c2e65a109f897729fd95a6c510ea8159dab7008e3c286275e11cd88e52978 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd2272f823fc4b0f636730bcbd2f027b |
| SHA1 | b3ea8290fbbeae3aae47e3aa3ae096adc67cda2b |
| SHA256 | f199875922ca442a962b11c9bad8179a7de638d4754c186145a79f5e558e0350 |
| SHA512 | ebcf10cf2c9c346bb94ad332ab26bfa4ff460e004659f86c40097b1b5eba157ee20a18260be627be830753245122228b413871f15793a7a6f2f97b45cf68c7d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ef1a288776a6580eb711f5382f89d01e |
| SHA1 | dab4802fa30d19fa95199569ceaf782f6917e7db |
| SHA256 | 188594f8599f78d013ee56ec8cbeba3d72679301e3b37b007d4106963d543f16 |
| SHA512 | ebe13f020079a8b01cd37335dba508df21939e7e9e58ea91b5408b5385fdb4b748e9b2a4fd106d66f195266b6325d6241efdb47044bde37ab3f8c8a7ee14086a |
C:\Windows\Installer\e5acd77.msi
| MD5 | 6a8d5e6e3c3aec0b5453a5de3947bef8 |
| SHA1 | e26d391ffab397e07d1ebe248d1158a11aa635b7 |
| SHA256 | de4e331d7013bdc18dc9e348965ef6d10994cbd6c28a1ef41e148d5b573f1da4 |
| SHA512 | f5d199a29070f3dade465cca7ab713b7a571636e8df6b97e0c719022bd6713d0fbeef8a7cce5467a97ac3b4d7262115113d27f7f4951756810f250b799d024d4 |
C:\Config.Msi\e5acd76.rbs
| MD5 | 7e802b7fbd8040a5ac94498d59427370 |
| SHA1 | af9c500190b0ac6f96da46dd5d2e892840df2bb8 |
| SHA256 | f6b3d21818367df5888baa078bee6417029ac0dd0fec5f5d41b8ece3590aa392 |
| SHA512 | 618993b285573191f7f1ade3b12feef2f330d0fe39119322f3db81770f6a2cf214279139999a8563bd674d4498f5c69dda43d64e4e26dbd9421126057ebfe519 |
C:\Windows\Installer\e5acd78.msi
| MD5 | 5209dec4ea72996c3219915d73714897 |
| SHA1 | 578946b6d2115a988cfcd75d1c74fbf667dcce2c |
| SHA256 | e53f90f780c779620a0fcf399953faba63a986e45399b28a5123620ee6113d7a |
| SHA512 | 2877ddec80173ed9b2420b520167afb2cf1c1d204204b2bc9554e8bb6f7090f150bc90143819aba2edf5ffbcfe04d0f1d63b45ab2a3ec5125c4f66ea2ec896e3 |
C:\Config.Msi\e5acd7b.rbs
| MD5 | 8342a85fedff20cdf5c4df1f9af9a6b1 |
| SHA1 | 7e2b172e3d2402b0b675a6f0c3e40d01ef248316 |
| SHA256 | f35ff842ae3878797db4466350b307d466437413a88999bccc3d2aec60a6fefc |
| SHA512 | 545e9eff7443312f46d3640ef4ad772a08b2317ccb0254a84849e17561f9ba124ba9721f7a4a7f578b8f5eae607461543955b8b2339e99810a838ac1b904cfb2 |
C:\Program Files (x86)\dotnet\LICENSE.txt
| MD5 | 31c5a77b3c57c8c2e82b9541b00bcd5a |
| SHA1 | 153d4bc14e3a2c1485006f1752e797ca8684d06d |
| SHA256 | 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d |
| SHA512 | ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6 |
C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt
| MD5 | 5c13a5ea8c8cc3474240981d0ffa88ff |
| SHA1 | 1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80 |
| SHA256 | 4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da |
| SHA512 | 32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88 |
C:\Config.Msi\e5acd80.rbs
| MD5 | 77acd285bae051e0daa2ef850cc47064 |
| SHA1 | 3b9c675a9cf64486504025d4703404dfe39f8e70 |
| SHA256 | c1e78696179a1dfbba9f8961d135f1d07e23e9c72dfbf3c5d0c6b2d1b4f759a2 |
| SHA512 | 8a92d5aa2a724a1ad3dcff74d7e6831e8116b1a7d8fc5709532b125e769fca8a91ed5bc5786fda68a4897e828b2bcc1d9bdfbaf9d32b759440842f6e5988f01a |
C:\Windows\Installer\MSID9EB.tmp
| MD5 | 60e8c139e673b9eb49dc83718278bc88 |
| SHA1 | 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56 |
| SHA256 | b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb |
| SHA512 | ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103 |
C:\Windows\Installer\e5acd86.msi
| MD5 | d5c40c17b97e6dfc20a7f8828681b3cd |
| SHA1 | 8ac74c1a1405cc56b82b109ca9d85d8f230fe336 |
| SHA256 | 14e4abcad35205399f4a0346d55e044037bca4cceb29677bc1937e3487268bed |
| SHA512 | e28c82eb508a21be156b13b9d6abef7c5fb240d0502fdeed413702162e75c7f258dfe18d5a0ddd15e760245ff502f114a2c5f15d157d3990e349873df763216f |
C:\Config.Msi\e5acd85.rbs
| MD5 | 92464ed917ca98057c54c28ca6324efe |
| SHA1 | c897f6a281dce334d9525f6f328d3dfd8586c9ba |
| SHA256 | 995d6ec8ff4c8157d70bdeba8985e8c6f997b8223321e495c88944da4e9f0c75 |
| SHA512 | d6676b4e96c46478c3ec6cce32cc30808185432ab87d3f33ee30b4c4f35dde59f590ad542d7440ffc08fa0eb842b36693e47902af321481a52a819caa7dc7f9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 26fb9988bfc4a323a338a3cc5040e713 |
| SHA1 | d9648c8a19e82d0bd8af8cdb93adbdbc7b92dbb1 |
| SHA256 | f04fa0af0c44964099128af02e023b57d0e07e8ac5176ff6b896bb16c6809932 |
| SHA512 | a6d9014105d826db76a79ec91396a7335252ffe1fd53dc843e971ae0bb33f57bb36b65fe338a86b51bb4834e1c397e88492df98e77ab9ebc7e34135c2acefaa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\067e6f43-ae89-4412-9b02-c967d848478b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a1b41aff677ea662e9f1365e621aa6b3 |
| SHA1 | cb9d069c5d9592c409d961bcf077f76fdf0a9832 |
| SHA256 | e7f058ee26cebc510d3991a9e4b23ee44f0a8700b32481cd347deaaf026e7d91 |
| SHA512 | 78dbb52715af20345d3f7a934d1480a00d3523a9c95cef150d185d86ceeae3c651d3aca949d524a8980bf9881110142b5f750204acc4bd151442212b4b7cdf8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 730528434831bdb99bfea1f0ab2418a3 |
| SHA1 | 07b343e4b8b6ea69c63426b4a5620aef14d5dcd1 |
| SHA256 | 30e84f82349458b5ed0280763a126eb0a9c7efe7cdf59a85f6f419e1272feeaa |
| SHA512 | 9f8e5e09ec2f1a6922968792d9d40bf990e6c9fe5251ebf6e7f6849e8bab1fa21f4226e741c868994a0aebc6f888fde7dd070c176bc03fca154b33deece4924d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8254b1a6c76d39177a049880254d437 |
| SHA1 | 761d266c7915928165893b0dab7660efe28f3f1d |
| SHA256 | 614a031c2d32af1e9f82d6e6f9c9553895e075f2f99c2f63a56598288d27c46b |
| SHA512 | 2d2bbb888456096ec839bc6f82cc06cc87aaebdf6250dcf2edb73e5e3b9b24185aee0191734004d52f92864542a8eec7d9d3c9ab403a740e6e86671b6c4cbbb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ad963350afab1444c3c4f81eed4190a |
| SHA1 | 6016bb0116514132ad29c2c7b32455d52e284c0a |
| SHA256 | 7c6d25e66556f69067b19c32d842ca841e49b9a3443aa79905eb354a13f08456 |
| SHA512 | 1c012ad7e67f2788b6d3fe6f9130ca8dbf886f13a1932d2e2e75f1e0c283141ee2492adedaa5654163a1f570706e6973f64bf0cfe60245a039e0a4ce147933e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fabeb309e544a3ddc430e3d4fc0ad9b2 |
| SHA1 | f40c0e7b1bbf0a408bd078e3fd3f4713cf2ae370 |
| SHA256 | 8a8ec2e2cab19bf33f8ba30f61abbe9f19c23d7ea8c5ecba3ae72c9e06078743 |
| SHA512 | 1e2124b4c1505aa8af28dc79deb702c39d0dfc0306c125082b8640354701c55f83e05b155236d075ca58fb40bc972d41b5b88ed524e6abbaa98c856617867fec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 68ff62955189882618deb36b3a0fb60f |
| SHA1 | a450eec4be368b973c4a72946ae14e008fa9bc61 |
| SHA256 | c4adb8780b03535012cbfee09056e1b5f596f1a66115d79185cec3690eb3c922 |
| SHA512 | c8133d969ff0df9d3e09c43066334b33b799600a554857617da150397acc13dd10e18c470f32bb21666508c93873653f2173f2beb9494960ac3f47e9d45070e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ffa47c0e739c238387ac765b2ab25522 |
| SHA1 | 4ccf686cf64f06680bb6ebc0d947c010e64664c9 |
| SHA256 | 7ee2058e12d0d36263b38c38da3c9691a023812e18352409052926e5ac4693f9 |
| SHA512 | 1e26ad175c2d2acc1472fac3fa211c15dedaaecbba820aad4cd27c1b13da75a4292ad7e02b0e1b56083e58c580178d191f6ed129f75f5f030ef0e195d09df177 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | d6d3499e5dfe058db4af5745e6885661 |
| SHA1 | ef47b148302484d5ab98320962d62565f88fcc18 |
| SHA256 | 7ec1b67f891fb646b49853d91170fafc67ff2918befd877dcc8515212be560f6 |
| SHA512 | ad1646c13f98e6915e51bfba9207b81f6d1d174a1437f9c1e1c935b7676451ff73a694323ff61fa72ec87b7824ce9380423533599e30d889b689e2e13887045f |
C:\Users\Admin\Desktop\Nezur_Loader\Logs\Crashlog-10-10-29 PM.txt
| MD5 | c22bea9633b5b0b7d16bd8f6abd87f86 |
| SHA1 | 3221650a3be6895282e931bc1bdab7e7e3376bcc |
| SHA256 | 8921d89405527edf3ae47f4f2ec65d32f3d4dd71cf566e178215a71d9c783e44 |
| SHA512 | 9e23e5174fd0a7212c36c44757e670a3562e326845b35c1749017dc16045e9a6549d89570747fcab74f655e766ecfe47e149c7b47ccf3751859348773dd1a157 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 89abea911b087774904546f59fed1e12 |
| SHA1 | f78f30a0a8910862004d56e5cd06806419e218ef |
| SHA256 | 5e26115e2840ade4503cf0b791eb454d67e0c7f6cec2e7b08fcc95643d90a505 |
| SHA512 | 3bf5522bce7617c59c32d2aba1b9f7bf19227d5a56daeeb457e8f564d14f41a226c44838d12e66a2790d4260c82982b9ec24146c4ab5d05d1582a4a07ac90319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 726a99cf12a2369323da8e9c0c3e0788 |
| SHA1 | 5fce70859f18a2b7c66b8fec7fb461255345854a |
| SHA256 | dfa5902deece55f81a87d44e11f20cd266cf8724a547110910f72aeee957379e |
| SHA512 | 9a6a4216da1e9746987c66628974fc926c3341428a2eda5a857d52b509b3060e92af5a39f275f451920f083aa4065888a187a2343e79525ca6e9d4d1e171f06d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8eeee99f407d602bd4f5438c37eb9bf |
| SHA1 | 98800ad102d908f273c1984e3b2639e9fe197955 |
| SHA256 | 50c6087c857de84a5dd052e38f06a092e92165df933c3e86be8e0b1f008833ff |
| SHA512 | f570b6f74c0c6f90ec343aed1a0a9f038ce8fcf71d7bc96cd17d38e1d89a8c0eeede2c36cee854110552dcb7894a60b61543d76c50314a25ecc1348e01ed2a17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt
| MD5 | 0fc22cb43381f6996f224ae18ba6d10c |
| SHA1 | c17abe63de8570d05315a8b4a54ab82727d5bac4 |
| SHA256 | fe7c7604c0059ddb0269a103217261e40a86917c92bb1aca5f69d045ab1dc347 |
| SHA512 | be2a1d75622c3d019d9f43ee2ac4bfc8c0a7c67104f52c5bbf251a8f9f427cc5ce3603eb65de50d288251450e2057dbaef88af03ee4d8ef3fc3dff113366b6ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3e16fc541e13a6afd128aff1cd693bf |
| SHA1 | c881a6c15a8691f47caa3fb4b17c395888d3e6c4 |
| SHA256 | 51436d967e7a5bb5644d66318ee551f163412ecba6129ffaa839d8d32b162d44 |
| SHA512 | bd7b7c660ba5a8d99a83b953c8d613eb26a240fe9095533a7355b2c80b21f04aa5aef3de56d49b23f712585de64d326368c6ae35fe8007076038fa70ba6d3798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b2430e514b93bcf8338932f131f2931 |
| SHA1 | c431c1204d6c892b7983ef018065f335a047ba8d |
| SHA256 | 37888dc4abbf7498e4ce08f7f25e64950f6fe748d8cb3399d2229f9af8f9d829 |
| SHA512 | ebb9d83937584ec76f0281a429d766dc5e01acf2225de35985757ca7c425d965eb5c7bb6ede914b85632bd71fff0ef78f151bcf729de6e09a5e9232668a0b3ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27714613ce7ca067657042ac6ba166ea |
| SHA1 | b6a838f8cd11846e38261919ad20fcce8e4854c4 |
| SHA256 | 758ca1c631bf895d16db11abdc01b5788fbbd62a0672c0e81b6c1f564a38818c |
| SHA512 | b7b42d24d44153b946e259469f0eb7638ec80b2f4439ec0bfe52ec60b7702b5ae6857b03ca474fed472b11c654785113bbefb49636a502135ead3857e8ce1a6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 17155fbe510a5eb3dca0c64c3db817ca |
| SHA1 | f9fbd9591e7569d73c489867dd48850425827360 |
| SHA256 | 81a02aa37e94595e30a282ff0a9a05f3739317cfb669518ba4f0c928e6ee8cd1 |
| SHA512 | 43a4f31be237736c4dd061b835cbdfd613e707f8296ee6ebe341d5ada3b569e1c30ae0856137b119d35fef206fe7b21f24d461a8a5ba8a5e4760f377db946dbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ba40c.TMP
| MD5 | cc8d9248605c1408b9817a2539641fa8 |
| SHA1 | 6712e2275bcef13e3b95e97ceee245de827c3a95 |
| SHA256 | ac78069185ddab807d1bd4890bb52c408e3b4242e4d6b743d230e80db825d852 |
| SHA512 | 861b9b2cc607dc138e79c2e523aacdddbbb220e48dd337bc9571c9c4cb33e1ce5d30823dc5acdf3bb9bab466f171ecac59bac969b615d5f4f6ea3fa78e5017d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\48e9d3bd-b4c0-4215-a830-a9e5d010e0c7\index-dir\the-real-index~RFe5ba489.TMP
| MD5 | 77dab0c69ba92eb6996b433393aef69a |
| SHA1 | 5f9f4a4fbae3e0a2010d19ec26435ea4c816eb4d |
| SHA256 | e964c83624687881482ee4345897e07c1bf426b0009be8c0324ce4f4fee4e6bc |
| SHA512 | 2246ba215600e9e21fb495cd7e1ec6879a939b5b05419becd1656a31d333d7dc4fc5f665ddc4dcd71cc0031ff6ed2fae9130d3a0c7c70e9412b3bb2f6c65a819 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\48e9d3bd-b4c0-4215-a830-a9e5d010e0c7\index-dir\the-real-index
| MD5 | d0be5ea9d1e689c1c59a308552525a66 |
| SHA1 | fd9775065a8a18f69fc60be7e7d01eba9214ff17 |
| SHA256 | c5753a38cd4be374ba745b96d9604c20677388045c28595e97c0f9e8c5322300 |
| SHA512 | 1f9499d63025f6f34eb36b486c9501700156c389bc6cb57341239c849c9395f53a65f56198cfdb6f8a79449a667bb264c1d0dc1f5f9ca47128b14ac7dc9971da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt
| MD5 | 5220783a16a0f7c648db260f05bdefd4 |
| SHA1 | 77464c89a70cdc0eb61cbc9f2c53aeeca6384cd5 |
| SHA256 | ca87f36a700dce5fd3062c3a0d0d6037cf2b0d09b21ff730f1cab297538fce18 |
| SHA512 | 9eb8b4ca65395b6c97d7ef514c1e43988ba440aed3433f96b81e54c1ed50b43dd840ae60dafe9ae22e2142cfda823f78ab8ec0d20346c6077421e4332a6f1c97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24152317b03642a79fa1bed4b32e0fa7 |
| SHA1 | d9dbc740dc5cb1dc1ddb99827c383954fcfd17e9 |
| SHA256 | 2e6c8e7190d29157b689db109cff2cc1cf2e93cb72eec464561a0a79d573c383 |
| SHA512 | 1800e2da6333eaed98d939bafc6b7e285eb2118ec031978d6b92c97be0d44b0efef8fcf5a21736145be62004902efb868b2f04f04416fc8eadfcc1214b097da3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5afbb0bc4e713ff157537f3369fb180d |
| SHA1 | ff89ccf104793f5241aed0df13c1977d67c28faf |
| SHA256 | 695953f08ca5d2135da4438956e1764d5ccedca17c382fe77ef6d942cf11c186 |
| SHA512 | 54c4996b35ce2ca6173f20d5d9a39d24e65d40e07878afbf2ce89d5558afddac01eceab5bad31f483e3cc28ee33fb884cf39fa6fe6d43f542b636035b12633f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12fdee43d329791c7b17e4cb6321883b |
| SHA1 | 4e3e5e20117b2185e66ac5cfddbeecbb1fd231d5 |
| SHA256 | d99328f4536e0e2ce2673edf17ab5a195e67ed6333288c1fe34c8ded8a0952db |
| SHA512 | 2bad318b93f5ded8ef750b0ec9e6f9d71d1bda5b826ecbd822dcef781bc90e01f5e760b0b4bfc7c40dab28a61839ea5778637b10c576b91ee17511efb38cc4a3 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | fbbd10b5151e4365bceb3190d826c524 |
| SHA1 | 45a77c1d88151d54383047d84019bc9e84cfa0c8 |
| SHA256 | 4400d61bcd5543a3123ae53baff8863336555d96350ec33ce9a3f8242917cbb3 |
| SHA512 | 32404e11daf2116efd194a65a96c24d83c8b0f1eed80ae63d6077d26e8b51f636db993e98474257fb2aa262d87b6ce6219fdf8f2162b4fd179a3e95c9dbee7f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b0afef81ff0561e4c5af7d5cfef338b6 |
| SHA1 | 4d2b9c2580766f1b18eafe6be3161cafeb8af87e |
| SHA256 | 0c947bdc79367b8767d8b56cdb63b1081d535d5b3c69e884462e10cae77e5ebb |
| SHA512 | 6adedb8296f2a995ff42f4791063f879936adaca226d322987e7ad539fd13b5ada19a466662bc8d04a41a5771277fbf8a221ae03e56e396d697ab3098521b0ac |