hxxp://xbaz[.]ru

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xbaz.ru

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
1872	msedge.exe
1872	msedge.exe
3772	identity_helper.exe
3772	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 4748	1872	msedge.exe	81
PID 1872 wrote to memory of 4748	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 4900	1872	msedge.exe	83
PID 1872 wrote to memory of 3128	1872	msedge.exe	82
PID 1872 wrote to memory of 3128	1872	msedge.exe	82
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84
PID 1872 wrote to memory of 2112	1872	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://xbaz.ru
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7bab46f8,0x7ffe7bab4708,0x7ffe7bab4718
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6437506543264532862,14348653542824751937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3726c946-a08e-4939-8c2e-a03ab3b7a25b.tmp

Filesize
6KB

MD5
d283fab7d73673d436e4cdcbf548b048

SHA1
78033061ace845906b05164ba6b557d45f664cfd

SHA256
60f1d8d191d9cf3b47bc7d4fa0d36f7b02464a742c9ae07760f9d9b5add9f606

SHA512
c292b1c564ae90806970df1719bd753a1de573eafca2ebf051a37252ed1b5f8b9261912acf04b84d4c8cfdae45ada15ddcf0de27305081d472acd564b068ff8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
5ca4f90e77cdca03f2ce2f50a8c18df1

SHA1
4766e1be27cfa38270b3b77766d906cbc34629af

SHA256
4563a95fce002b35dd132f500a1c80dbeb8f32abccf020abb29294c6c0fec2ec

SHA512
8b8e7e365d8ce731321f9164f8af173efd6301a30cedfb8e0731ef6743013cf9e1243afd718e3cdba0c4716059717c1373c8038e28d808258c315e5a0cc104e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
847B

MD5
c193b844eaa5ff3bcfbde4eda1be9c13

SHA1
47cf5bca178e04df0b00008d443dee80f7ecd572

SHA256
230ff25ff07473081b9b2d5db3f6044299263f1cd7f0aaecc58a232b70dd61c3

SHA512
9a3f0a545a4d4102a496326ce6ef95f1480b57b6b8bed7f0734e741b1d9d299deceb1e9fe49f2a7e1942cf23ab4497996aa736c6dc9d5dc5d5dbd350bcdb994d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
878B

MD5
abc356199951ff8cace194fb8b8b9149

SHA1
a48d0e75cf0696309bd81d8c933901c69286a99b

SHA256
cb89a6802c0533a9c74943255401f8676098dc4241ce4fe315b6e41a31a8a06e

SHA512
ea96f5e476514c75b4ba0d6083d317da481fdc0e353452aaf07764885bc86115038da9cd5c1abaf008cdfb9bcef89218037b76c6cf2451d999a03948c226669b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c911c206b6f8e49f9a82195e24c316e

SHA1
15d16b93a5f3af87251daee9732de22d177a7ce7

SHA256
a0ac7a2d462bf4cd5785179bbfa3a8d722f9da9f8a57dee68d51649160b2c20c

SHA512
727784345755323ef4a322168b72ead3962fce50048ea8431039602505db6486c44ed091001b20eb7b8eac0de1819c357ad2b42c42d6d76abaf8b1675e86f6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abc181cc6681d0c9f262719feeefacee

SHA1
778623ca040880516761bfd2f96ff37ed3c7ba22

SHA256
2b6e6c805df47836274083860068b74a6827b8afa2c45d69f22df1a5430727df

SHA512
97bad659156ee0cd3ce3f5670667552de13a1b4a37ff2a3fcdeb5929f2e8c221e3ed34feb16dfaf2ba56cc550ba8e0729b75f2f6f154aad9d0f643acf5ce4657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
86887a6880dcf5b15a383e87bac22da8

SHA1
8556485fb8b904ce033946623f1116ba36b9f99b

SHA256
7645aa41a3dbe41f9a1a86ad2986398b2156f66f2ee056c4634a8c2871400aa1

SHA512
4aa8591abd6a3a96a199ee51b4b9959bd017dd6b1d5a1de31696b85709d5a3b49d874c17d3c480e5b0e3187471af86362154ab6c110aa289abe637d430ff90d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
82b168952f2a1d55171945287769cc88

SHA1
e36974e51ee4536eba98904bb64c4ed4f6eb417f

SHA256
a6ae84f4b57074e59ede718930b200b2dfbe2a5384cc856fb727841b25ce2f9f

SHA512
b7498a58bbfbf67b5e163c082f4e24e1c78266fdfbae9c802c64f1bd1e9914099cca9c210f16c6ad44c6960c28f0f1151209c0064566d52f26f9fb644239170a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fa49774aee33a459bdbe549abcc863e5

SHA1
044792edc5fa8d18f8d325b15eab79cd73acd8af

SHA256
b250a4d0725cc275d902d754183c14dfeca2cb5fb199253a01ad84181ff763da

SHA512
67a4867a317ad44a5552b3fd09d27cb20ba53843672fd07ee54738989da41cb9a2f5495134354e7c2decdd9aea86a9bc65983de13852fd5ed89d4b835ed05afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fb5ec3fc4b9245139e783fec3bfeafc9

SHA1
0960889d3e78d904407ab05db77ba49e07c220e1

SHA256
9769a9e9f6646531126ba9f17ec8d0305c0b7ae7d947436f6bdea92e91766d96

SHA512
82e26e32904c499ac0f1cd31c2cfbb1ce1f6960aefecc2303f7f48ed1863475fb434beb93d078589d1b88019654152b9f016b435050f79b543d0ff0018a11686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
db36c6f45dfe768e5b8c079cb3754cd5

SHA1
cb8c1f43ca53c22f32aa6250872e2c9b8b416001

SHA256
b6df80ae57689edccd2764e1c1f7d127b5db5642d6bcd9d7ac7569f5e82fddaf

SHA512
4d1c2ce420bdf11ced86e4a7ab0b41812621f650eaef91591e8e42665270e057c8bfbde1cb7de54774833f8b062f4c970386833ab0bd8ec01db5d7a2bc100370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
15528e4df00fbf762dcbe1129055d5f8

SHA1
5335b8ce50e4a262b2dbc10de6e63c306f88f9b8

SHA256
1ee90d13377a4ae897819df3c7696ee55aa2c2eabfb7ba379a3ba1644d810df9

SHA512
8d7d3438c9992a86dd3b06c11a54e39c9897c9b12245031164b20b88519bc00668c45dbcf96c2bdb76cfe45a3fcc652da168fecc48adb72ce4aff9c89e10f798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a392534d6fee13a95bae7bc0ad8f463b

SHA1
c9537d7078b4f0ea2f4f8ad4f1b598e2e89df275

SHA256
82242601b713d1335c4ddb40e48efea256be072e6bf787066a3c079c46d7b6c0

SHA512
599041275d5b37c098f3cbb45729ee4e6c085a2e1e9e0255dc74f897494a78557c6e32e57d185b28f146383cf0c0df8850115c559ba439fee1400433dbaafad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c64551552088d66a56a4c425cfe57221

SHA1
0f7be8b6d6382e2c6c49357593284c996b526683

SHA256
5585f8e2924d9084465ae47d3c0c5dab17d01d23f6793c1333b0290194ef8972

SHA512
4e867942c761eaa1916182087b6e91bf76194bd8c25afbe94687051987f89f03dcea2c3e92c3c18d167bb4fb2ed04644b05cffc4f27eda3c282a51753dbbdd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2b6b2f283c9f4c114c5db5e8ae99620f

SHA1
824b5743f41b29d7959750487cb2f0a8e75da898

SHA256
cded74417b57fa788045237443a196fc53c46b2066702d4e8b1ac889f56ec09d

SHA512
13aca297c5ddf7a648a80cf3d42c4a4aad1cfdf87ee3791c512264df7a7c505aae8b86ecb642d94668f01ce4c1352f6f4d48a58b879c9b79281c5e95e90716d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
b6aeb9f77aac256cce83fb54bc6abf1f

SHA1
9c97c0c5d00abf32217a4020541406cf4ba60adf

SHA256
cda27d308050252e008f5e0d468c9364cd7613ea4eae5b2511e515594ad0edad

SHA512
bcb28bf30b378e9df4b57f843725b60fa6ee1d9eb86825650db3e45af6ac8d62ef049bcd0eceeb0536c36bb73b672aebf363b1f04f770b4000235bca00aa48ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
8cad19bebc6163c007c09a0486b7366e

SHA1
c17753020655bf6c533dc1cea7ea3de62683d8fd

SHA256
dc571aa61c0564865660792573ca2157a69dd3941ddedff5cfbbb6c136b09be3

SHA512
7f0cefb80cc0e48c68fa6ec0f4fc0db42d0cc01030a1f41dd0526e2731e03da8c973e344c66f05caedcffb7d9516e679146496d45b6ae989d21855632470dc29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
607957d0f6558c1bb8125e498d985d54

SHA1
0975f8a5a405bb09af0bf49b6418b5d1eeacaf01

SHA256
bed04e2d4e5c79033523b4278cdfa2f04fb9e41db8c0d6a6964606a01dda463f

SHA512
82fe5b6df63763c8f930f79d6e6996f97a0bd2c05745caaf69f096f3e04e1011d7bb9ced006b18a8188fcd9dd8ccf3f5b3fe4d2519b8022d5f57584bd2578ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ad4639295cf81be76aeec1f61f6c68d5

SHA1
11d99c243c19a1285bf1a938065d520a870e795b

SHA256
1e5038f9ed37ea0add86ffa39550bdcc71e6e28df9fbd76cf12da1d4dfba0630

SHA512
f86b4556bde4e9e6ebede407878843da08f6c4f9fdba1b2c134b809bd998ce073b1973711cff2501249ec29dc3688af452244411e1d46fe035515c2a581bdea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f18599091a7a56a04858261fb7a73815

SHA1
f2024ceb40620b498dfd01ef464ab789d290a29e

SHA256
61ed88c90ec32820f25d76d524be0c5d9a0ab674a3047cb14f4dcaf98edc3b18

SHA512
b65cb7e9a7e2204b83bb2ea19b2157d566967c4d0370944f179b49af7056a3b52f9179b3f443469dc727a853094eba8ca34e6f2e991f85c64e125b6313448702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6e45b87b640118869eb06044342c1c63

SHA1
22ba560779ca23038fcbd1b4c61171c2b88c9a37

SHA256
811251179316250b0d0bfe36bbe9d48c04320406bbe035d12ee70cebc102e427

SHA512
f26da1b6f89561debf317a275007341d7db7c9a2f4a798c9cf9f1a2f24ac7b9e81804a880aac642bec41239621964db659dadb24dc7b87b825b4f23b01c4e515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6c53e7f99c3f77530adbc8823444d061

SHA1
1308b04e1c7dca15f3cd89737bfaaf41eaf0fa04

SHA256
098224be3658f8eb0ed42c82426c995d9fa87bdcfb64659d5edf077b38d3e4d8

SHA512
3b18e03dc20b5e1d5bdd928969c4d913d02c11672ab547c1cc3312bd9005edec28f338c3a2bb140cef6d0206833f12eed733198f8ffa868bbb7fc1c8b1d0f9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6510ae49bd41331d77b5aa11615a91f5

SHA1
19e952c9a5184d17066d0aabace6d8fef936400a

SHA256
de9e32334f854c9506dd8cbb778a193d61f3d26039ac7999d90e54cfbdc8a5be

SHA512
b07f5eabaf9b3722afc0c861747eb459b9a6550af104d07409c75650b8ccce1b478e4b7a6147a8678e6e561056d3f584d019ebbeb8ef6fbdd870d6f7ddf0fbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5dbda33db7e4987e9388b8f082eeeb92

SHA1
75c209fe1be06be1f19797cdd28581abe1bca267

SHA256
437b38f19e5e534f85dc24307a292336e0c2f8b38e8b674ad1f7b688def3e2cb

SHA512
f0d851fbcc230f3a7ec06cbeb9783d5fff0df07da23211c58b23ad2c0959598b5be6cdb9994d90c5643e0d6990929f88d41514ce558ec2b98c7211426c402606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
4574b8426fae627e9001567a171406a6

SHA1
803e63e73dcbef11d023379a737cc368f1898da8

SHA256
86f9b31da82dca46038541acd2966fc94c1ce798d43b7d5d15ca819e84be8332

SHA512
55b63f628934a0a46cfb4d4a284512fabc4e04ddea1421ac632d008c0ec6297ba39dcc280b1d7e2319cda5f0fac4aabad342fbcb74c70b1aa413aeeb008df257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6a7d2a1b0b893f7b7996c9b2b5401286

SHA1
b43a58a8b6e74ea0e57d374d6dd45be08ed8529c

SHA256
efac0a3edd137a7b77f622fe29f1a9a3bf4ea0798207ea7da3720fe85440c65d

SHA512
2903cd42b2a3cd841102c5c9f4d381378de345d6f15521c6e5339cfadc32c29aeb33ad7d18f924455300fa0d3d446a2a173dd6b67810f0e2bd1534cde55b480d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
396072a6f443c951610be073c545cde8

SHA1
dd6c96d69a4aaeb805c8d7493d6de8908b144804

SHA256
88b7ed4e17a34de5a02d1d5c2d7c45435f57a12a0889b3f32077df2d2a641e82

SHA512
07cb88d2f64464ac784b1adea5f1adab27d4d136d060fe590242d6aac72d2b3e1c0e4ff1f36d4863a440e451f8646e7c1d308fe4d7302363e62740446af9e7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0bf27bd71b4b03004d99f3f5451b1a67

SHA1
52f24401582261ba90ca0f976079e8476ab5b041

SHA256
7b29ffe2620ac08f3863512d376707c33e121adf034175d8123a7acf70feb3ad

SHA512
32cdabbcd9373137e748366c9140eaa25c4031ff8cd488e4f90ba13742e50975a73925f4137e32173258b72aade103dc1ca578d138e06e520c45aa6661442758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d391cdd92527d98e86879ad8b0f82b85

SHA1
ad25d5a9aabb5daa7eb43542ab1c4a959b7a0e38

SHA256
dd530c8debcb4c92a22e8fdf18bd72a2cd8119f8c286b8215921b593c8945d4b

SHA512
53da26b0226ac9dfa25bfda6eb273e1373f86b3ecf6e3eb7b0beb599a02509954322e191859548f98b9480a88fc7920471859f152c9bbd09d4cd1dad9b7f5b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6498fba6632f9d487bfa3829c23e1b46

SHA1
e41ac1460412dddd179fcf3cb6779416120c2df6

SHA256
2e78da4f80f72a196cb655844f7667e3a8305df928472b5944652e2bd3e1e821

SHA512
eca91920381efea37bfcb7e83e8081423ead4452209851df6998449b05de8eebc48601c05894e61188a1305f24a78a098b3873933761b10ba72fd9e1bf6ffb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c1a3df271367ebef682953845ebda9f2

SHA1
83b91b98397cd7f5fddbcaa55613bb782c40836c

SHA256
1738b8d6a6c19b442d17d6c5c7942e524248a28a75401be31c05f4bf944367d3

SHA512
3813e832ecaa2448c81f242e5cc5edf496be6b2b6a1e6e552763cea862b8791d67ec9634a11c552e009ba0c099735f4a846e06ed63d3bfb838183d312fbec674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
dfda154425598867ee4a61cd3d9ef8b0

SHA1
a224230c1266d79278d3bcddea0273af16b44a8f

SHA256
c1d99dc24a3b6b7ee5d15f5767676d0809c2d80774a9396af5f22ab0b9eb6dfb

SHA512
d45d9635f7bb23a9e45d7cfe43832b9d3d7c293a22a6a37f0b36592aa1503a8ec4de229fcc93b5dcc3ade55e8f9950a06ca7b7c8842168a8f28ff6e0e064d30a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
dcb6595bacb5d9d0dbc80a565b74c744

SHA1
ea8cf53329c8a967ba78b47e76d3426bb7d1b596

SHA256
b8ae7e1e8b40b7d6560b614565a8d8bbfb67b9b2c4bd0f4cfa50f06949a207c8

SHA512
8daebbf2717c069251f39790e3af640f694f6a854f6410f27e56a43c59770bc8df593993b52ad48d9d3710929268e3d011cd540704dd22258c0926113ad4a896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb69.TMP

Filesize
706B

MD5
13fc7b5c2e7e85e8baeef50c9728c128

SHA1
0cf3d0bbb2b376e6d31bcf8efc9f6e0fb65e0f8c

SHA256
d0b6ba13a9a6c64966bae5bb7fe1290808ecc86cc77dfa47ae92d7422df76a83

SHA512
d54871456c31511bf4c767b21f7842840fb13b9be05279cc9f59f566c196558ec0ef008256584bd2bcdf66b4f55785f7fafcdb0cf423a94dd3019c67daf66265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
5588afa0b8f7648a513fa33a8d8bde86

SHA1
ea5b3df904745dc0c30da2e9cc6be59820bdb005

SHA256
a6cf685dbd68abcc37d2d1f64491c296c92f96a4014e570dab0561d0cd9b1345

SHA512
02e9619faf98faa1699c15f308d9886e717e7cd0e51d788f7d7e6ea7641925083279e06db53c2e99d79e5d2ff65e9dc8db4d50f9834a0d44f4ff10394e2ba2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
c907425e14f9a25638fef8d38207b677

SHA1
effdb2aa02e4000de3f30353bd665e5027794703

SHA256
68f4c7d461ba73775452eba988ac558ee5a0626746c636cb6b596427bf89dd16

SHA512
5650c8537b38dcceb6e41dcd442e015b6c188c611bf3d3fdd12abc175812698c7b54974112575a651092b1ab25dfadef9a2177c84814058d9a988ea8c326d0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
d6207ff70e0ae302e0215471143605b3

SHA1
bd2119c8b42cee0b46dc6287eb6c0b28fa7c9b3a

SHA256
ce8f7c25c03374bc1b27ed9e060e89c8b60b87fd17218fe0ba65e91938649c6d

SHA512
e583319a3563ee226af01551854e9875a9e171bc39eb28840bc4a587213be51b51c45a16c0fb4ddb2bf80a8c499a0bd1097db22c5fd60c6f5912aeed8b842e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
a630c49edc9839248100edb4b5daab51

SHA1
03ba5d9a0789117e1e11d9ce177b09baf0278c83

SHA256
e339ff7cf57d936ada8894f7daae878ced2d89a22e91c2814b27d46ba9e1ff3f

SHA512
074ef94ee4273741f630f62921f2fa7d57d916f523429952fa80a703a4f229a5ee7ddc742acb305713de2279578edabbe4f04056a67b1194ffbb5769fd811573

Download Submit