hxxp://celsiusnetwork[.]government-stretto[.]com/claims/?client=30798

Resubmissions

22-04-2024 13:51

240422-q6bqzscd2v 10

22-04-2024 13:36

240422-qwfbescc4t 10

Analysis

max time kernel
885s
max time network
848s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://celsiusnetwork.government-stretto.com/claims/?client=30798

Score

6^/10

motw phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

48 raw.githubusercontent.com
51 raw.githubusercontent.com
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

12 https://case.stretto.com/voyager/file-a-claim

flow	ioc
48	raw.githubusercontent.com
51	raw.githubusercontent.com

flow	ioc
12	https://case.stretto.com/voyager/file-a-claim

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3216	msedge.exe
3216	msedge.exe
2424	msedge.exe
2424	msedge.exe
3256	identity_helper.exe
3256	identity_helper.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2424 wrote to memory of 3632	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3632	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1496	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3216	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3216	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3744	2424	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://celsiusnetwork.government-stretto.com/claims/?client=30798
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956e046f8,0x7ff956e04708,0x7ff956e04718
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
2⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
2⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14939998570784854872,2744410161522043454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
64836d9ed0fa36504e81806dfddba79d

SHA1
ce09ebf37aebaf90664fcf7f20d9361c7473a372

SHA256
ca4ff89e62d8fa19b959aee20a3eb90a032317329e392dc4e455dc7720651cb3

SHA512
99debdc52571e358b1da6c4086d085f818d5a27b8cddecf68aeff0aa4600d9952277d4578c5d411d4cc4024c54704f5f4583d2b8d2146aef00c031b1ebad412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f89eacc173016441580a1298f148d46e

SHA1
7e27c79728f54be41984235f7bfdd8a0bdcd3a54

SHA256
68bc2993e25bb9f44bdd514acb1ad122806ffba33f21730a201ccc347f496625

SHA512
8c966c08f3decb560b58816dcc8115f927eb58b96e3acfc2b7cc512654479fda45a3de77f9d4639713c8bbce65f202696613bdc66bb33444e9b5451f6cd7481b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
19KB

MD5
5974ce596939c0ee29b3cbad26bc8da2

SHA1
9ed6cb9db60458ea7a67277dcf7cd0943dc5f327

SHA256
3d8dac4b302cd860046957381c0882173da51e1f9d488da104f41863949115a2

SHA512
0c08872d5889e9e747e1f61928be47f31e02a39d768fbf2e384bfd09ea8e349b098e918d684862125574e0f18c4fbfa5451296748e9ce2141fcdc95e5f9b3e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
18KB

MD5
7ab5e9c19f73e14448c98924fe71db17

SHA1
88bfb176f554d79c3f75ca919b6d1030afb9bd92

SHA256
b53dda33ea87719bcfab155014144c3662d5a0f3d86fa097e4d4676009038140

SHA512
ba706665d4eaea34d963d488f72cd3b7ad38ceb0771bd6736784585ac230392d094245edbcd391bdf68bfda7bf0252c506901eeaa31315419730bd97019e2bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
19KB

MD5
d38d006fbd9d17641c5b667b93790904

SHA1
d0a0ab3e13363b81bc0cbcb84849692f1c6c5aa9

SHA256
7f506250a2a72081a6a792235cf3cd4e1c081a3887aa652057246b52386aa5b2

SHA512
5561b77f78ac66c6c5d4f27682e80e5f03c86395e0fc81560db8eb6f7e1a38b2471836a7af349dcfdccf6fe1b752fd85d1013f652f12d5862aaf2503e4511e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
184KB

MD5
bd4f44ecdf3077d46735f018f1eff599

SHA1
f49029dccc95aab9a2f874342ca23f34dad67814

SHA256
c3d134313ae6f18c2915b87042a81b03a8866d733ef83d61fce81bde7fa5fa10

SHA512
da4dedb5a98055ab2e8ce66313cccc771b75d8711a590e056a3bc2d015df67d2c4f1f93b8937ab660ba93e0b59811f5b3d6347a628cd33b36d475d88c5f2e815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
223KB

MD5
c5daf6448934dddabd84cc608cc8105c

SHA1
b7b036badf9572cd0ce4e6bf391bbaec8667b9d8

SHA256
613bc12aa7f33d10086042031dc51dc19d9bb0b60f11dc11d79bd346174ebceb

SHA512
ce88f69897adaee90a5e5ade09488dcd38cef7a3483fde785f2adf78e8b00cb860e974c094c69b06c5f3b41c40c15cca889076dd4c4b27b9776a84b06f0db5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
19KB

MD5
d6d6b15e2b971b3f41c58a4f59796157

SHA1
10d8a245d1a357bb7fbbacfb09f217f89df1ae27

SHA256
8999143a48fce9c288a129889ab58072c2aafa4819f2c7f018c807fcb4073a0b

SHA512
8288b6074721322c23d09914f23d8eb5be37d76afffd60dcf5a92ffe36c433833ec5b7c88e1898cf99453aa99c6372e07e841bee8fe9fee69238a0e7a0b72335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
87KB

MD5
edb9f9f7f271e8587fa9a491f85f7f74

SHA1
a369d979ab547541460389dc131011241269652a

SHA256
d663aa9aa8c783d77e8e4d8bc05d69c9544841565776ee6df973e54a706d60f0

SHA512
f4fc203012cae474f29e9da2c19527aa145af2efcd4f364a4640544322c7cb15dbd0a7141ffd794ac5b77d5ea54447107f7dd422da39d0b785ca89ff7550ba6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
122KB

MD5
c59f0b7fcf744186a5233bb98deec477

SHA1
23e7c30522f4708e085fcb9e6529f1b82fd64985

SHA256
5187db9e8335370f69f482ad00b4773e6b9530659ae18725f60e8ac7578def72

SHA512
d79a9b38a75433e5e9aa925e22f1a160b6c958c66216aac7a9c058af44d8afd97f9f95432f8c0e74ddd5485c99bba33b2b7214b56e9c87a085a2fa984b6d611b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
458KB

MD5
6efdecbf46bf6e1fabac7793a2238597

SHA1
44f414f032dcc5d61baee923a41529fcfe67dd27

SHA256
80afff38d83cab3db917b13713139568ecfce54e41cd12ecaa40b832354cd7a5

SHA512
c6311135d747f4fb97c2d381990498009455c088a66eec9a4111b3c7593bcfde0cb1bef902d90f0d8b5dcec83619eda64bb08b0297b5724dff3601d0998aa250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
50KB

MD5
fe78c91f90aaff11489988ef57b20aff

SHA1
cc7b9ed7b652300d03ef2eeb9d9663dc0664c892

SHA256
8862a5bb68737f4aca58b5743c1414e6dd850132d34b34cf3d73c1057f60ab98

SHA512
3b91ef2533257e309ad093ba905e393953e91d17c99d74799c7ee06819f6382de03c8fcfac7758b986f57c3656e3ffc414c38af9f8c7dcb83bc096b46a8bc397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
28KB

MD5
371e87f4fedab7b5eccb441b745610e0

SHA1
428407c7454c73199f538faabd8a391e9605aa03

SHA256
6e01af55aac12890bf6f61fb0a2f9f6d2c15454dae1709e5b7a5ad25288dadda

SHA512
0e1fbaa41f6cbfbcf5e8d2d6071d9598f0c46b7d8cedf9c3cc238da2f0f9c3b39e3dc143366d209cf3be270b737f92ec839f0a9f1f781a33a6e381680ac53640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
27KB

MD5
effdfd228f0bab7b8a7e04c3445b2f87

SHA1
1953fee9ab7d46a1f343e3796776c86e6307906d

SHA256
d9740434f788822c5c304f3c56d78da458e9f61df78f33eabd622ddf8c733f2e

SHA512
d5cb8b13337abda2938784ea516c4c75277478532d8709a25ef2e1720b50da1961ac520a37c89813291b237f1d6aedef76c3cb331eb0b7d1c920762885c2965e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
47KB

MD5
7c0eb691304bef6d50cb13dbb6cb0113

SHA1
6fcad50c8a8b93714893f9dea5371a9396f2f995

SHA256
dfa603a08211a1de27dcb9da317aac81eee5123e713e33937bf71822f2d31e18

SHA512
87e5a99d64ac5f03eab796258de7eaab4ef3a43b8fd598d502ec39f490ad409e50e92904fdc08a41ca6c6db9f6428a94e57ecf79168c1c43dcc7ee9ef057d586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
18KB

MD5
47f8176134d7bfa8fccfc296828698bf

SHA1
5f2a904030590fb9b8e570c71ee27a4d993ed7bf

SHA256
6a577f064df308bb7b4f9e862ae5325825d5336a08ec2db58c558214151aaffd

SHA512
e3cad9156cc6f3859f230f04efeb0e99ff4c97004a9ac6ead3743e7310ecbd7d7ef2fc89f423704c5908812f8d5d556bc9167c98381301316dc8687ae98d0331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
235KB

MD5
2d64661de6e5a6b1c2c6d43163789d73

SHA1
cdb8c8367986810644393ef404596b666940ff29

SHA256
f8263df2d1bb138b4ba6259a1627c7390cfead69029d772713f2b932ccc928c4

SHA512
0ba2d31f5ac564ea63dbfbd2277d310aac547531418dc31137c1744dbbcf1b94f23ca524a013cf808b4daed1f8129c2b139d07090585aab2ee7f2fffa0c8e95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
55bb43163378510013a0ae3c70bb5d0b

SHA1
1f776595676cd8f4d6acfbed12733633c0058f77

SHA256
9f05359ec6cd48e0a6dd0dacccc326310d14ad0c4a690e21658df99da02e0d95

SHA512
6ef6056b2fe69383fae252bd3e937718f954a3c45b8eabf84e9b9e3d9e1f948b198190f43baa2dad2c7ada4113ef7a6156e305c6800aa8f48558f8452dcd3b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
e073462d4c8f2683ed77e26bdd4d93a1

SHA1
00f066114278cfaf0f37b4df532c888ef8592c91

SHA256
1aef22ede772029e367deb9e93b775701eb20a6913caa22917dfbaef621c38fd

SHA512
fa7ac036ebbd23f1718b5f9f149835cccb54a8b1ce554e48e7b96b37b3911c954913f84d0f737ec5d05c1745771eab3edf43365ed2e8e4d991b8111be620d0d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
cac5c6b943f599baa8184b08d8d81d78

SHA1
5ba153d3b7e85b0a6a2c8317d054ec08c67ebb56

SHA256
0286a96ac90243622fb8c453b4881b4268574d7424b91290d26db27bfff7464a

SHA512
ac39698e0e8632d21853ecae44f07f11742e1ed692ce499f5ca25a3af1323fb4b4445e13d537c19d8b4ef016f15219413ef4faa24a28116e5b77a7083dd124c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
9600ebd9f552b5c052ead2c2cbaa16a5

SHA1
9dd36b82c1e33e706295c213a418aa810b716884

SHA256
f628abec4ef16be7c5adfd3da6e57810be4a63cb75f44f5881c9d654e4ed7c10

SHA512
2ff65355b386f0f4c0a8929b1cde8362978f7d6203a6963506096dc676c3e4094675062d0e20c668775ffe57c26b3282b3e78cd6b78621f0fd798de58ef2d637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
94c131a5012e204a41f4f9d521ef0d41

SHA1
972fe2cbab3b7416e25d8b04338ef8bc59503d2b

SHA256
d6a98c6b1ef015fbb56cc9bd77098b194b308f27fda0234407e96ceb8d510612

SHA512
74fff4f43e416f780da3afb07c8205736a360c208ba347000934d3a4a1b31c15f5805092e913433e538cfbaf9c5cdedd47a545214c4827d1cdf5d1b2634408bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b9ca3d5cf69dba535f88929302c15535

SHA1
01c7d5b0795989e2d5ef9a9ed1c96ac798ae4ea0

SHA256
b7b5ce8271a40144063ed56d2286b40588b42bad5a79d9d4ddc3bf6ff4c9f82b

SHA512
472dd0505471faa962472c76573b48ff1d0fe0773389ef1b2565426ce3791c20145f0fd3768960996b03f7ff57353efc8ab74c194646b3f98c8dfdc18f042838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
23bc063ced90baf449d5984fe3a8d587

SHA1
a2548dd1100037eae8e5d33faf7a67eb2053013a

SHA256
29a9c36349b8fec44a4351218b1f68a11b10fd850e57ff15465f1f8c5cf751a0

SHA512
634a64149328106ae6751103e4d60a79a7d0ff2e90b295683e463e871801e52bdb63af1f3c541109b820a96f69f672db11ba7e47f6061fa047db86973d63ddfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d4c21e54ba80769af2267607bc547aa7

SHA1
ba5170bda8201389ff34937ad275199c646e3978

SHA256
7ea17ee57e783f8a794b4ab642d34b6ba39a5ec05bfd4e41b59ee79917015f3a

SHA512
81e632a23945b652e3e3036a90246cd8f862b711605a9941087d3724d8c25d0ea594b773527ab2b52fb8c559dc4d54425610131d8c84d51aa22bbc0be27750f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3833ec15201f9b7c76cf676e7576f782

SHA1
14b93ee822681ba000f27297f108a769c0f0538b

SHA256
7b9c54e0f8329dda113ac4966ece0ab71ef8921bc11ce180193861c9be8a9ad9

SHA512
56906516e883b966c882a5cbb7a1070f4a1c3155799970c5e7facefe072839ee4b174cc6e4d1b60262d74a3c17bca6b9470e438218179ad2f5715d36a6ec8d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
66185f1a726e7e0290e5834ee105daca

SHA1
9e207d7922835570928c7a7bb0df6da62bd03b1d

SHA256
5f03449c1d187d60932025291d35c989bf0db0c6cb0d088e4aa9d08c9656b708

SHA512
765ee469ee2cf0809606a43632f25156bfee0176320123522d8394197f72ed1d5102549bdd195ac28d8c7818beb061edde608e58d372d0138276fb104c1d628a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8f7112b3f93b0552aa7997efb4c91cb1

SHA1
ef780f9e7c3637ba13676073f34cad1c4e45010c

SHA256
b8fc305735b0cea5f2be738fa4f5dd42aa20a9ada6a03c62f8cceff1c3afa8c6

SHA512
839f03796142def0e0b5658323de18b223957fb51bf7a2d81195e3a9fd04060511e0e7c65021dfb84470cb57392dcc32abf6892cc80a086f31be3cab6b0ee2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5b52c4c4aae34939b0f6701bc3e2a886

SHA1
9b57df0e009467166ebd7927b81ebd556a4b39d1

SHA256
6a83a4974299aa04bf18928898bec8404cc56efc10fe90dee7703789d60a6a25

SHA512
19ff28ee12db964a99182698c76fd3597f76b51be3ab1efb8777aea100ac1d728a60513b1e32b6d4557a07e9cdf3770f740bdff85d0bccebf02441c67e702b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
29b1ca277ba4504f16d189b500d1d1a6

SHA1
471210ed47a2a472cbd164d1aee9fdbb74b94995

SHA256
844514f38162386128f7e23e8afa906ffbb50534f9aa8e1d5f787d87cdd65238

SHA512
dcb608fec26b4e2383f3016d22b0df7014eb6b90fcaad3463514f979297168327d6361a823ff90a39e1bd206de07f2b27e5e3deaf9d712a387e89ccf424c8e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
63af3e2cfddfc6211e3c93f41c467922

SHA1
7b84a701b4e6d21b854388b89b92b22548569035

SHA256
a70abc27ef21f67d5be7e0c41e5687a3031567830ad7bab3c1f0cab2dd191209

SHA512
1813c9b5142ee5a57d8c6142accc7afb8ce0b21c44db620ac1325e67adc172223c485babd97de239aaec44cc3c303bc00e7580d255b6791bd668f22f7b11be9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
926ecad145c1ee0a5ed1f3e2d5444b40

SHA1
5d413ced3bd71b94f3c2e06feecad034fedee003

SHA256
ff0e4c4c4d87ef5d2a47909a1f2dbc4f02f860845e2f8610408bb013164ac705

SHA512
40a817899b7425b31ab69a34f01c4dad2ef2b145059f57af3231a59a34f9a8ff122ba47499586e90773e24f7b4d52128c6ab86bfab7d4a758ad40eb5c1e5207d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
21646f21eaed8fee8ed352879a63d971

SHA1
13cfc23ae4f2d0201bf4f63c02c187b212ed7d3f

SHA256
c762902c8ee8917e2f2f494439323ecaa390e9ad0b0ce4dc9d40539fc8a06f58

SHA512
922119c7a56a4d77fc685a09d44663380e8beb003368ec92c366b6846718e469e23acf05ce1d8b1183667ce66e12a89503cbbad869d3aeec73f28a41b4031797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4f74af3108aa45bd8bc705c6bca8801c

SHA1
c9bfa5eb2cd7bfaf676e57f845258e4f2e9d9bd0

SHA256
0b715e64d8d4237eff7a6dbd954db0c21465a0bdceb1b1b297f07c1ca975b220

SHA512
3bd22528bf417c6ca307dfa40fde9c5b3262db224d2f47be8d438a2bc6bfae907620d456ea26e7c09fa3d333ef035281aaa6094480c7a60809749e62006ade37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5e5f9bd32aae6854212a031b6e300523

SHA1
cc8669258e1434751286afd57da411a05c9998db

SHA256
25750dcc8a27581ee9b900318146ab470cc1b7c57fb483eba9133cf44de6414d

SHA512
c32061bf863417242b480540c28fcda97cca5cc0d16d72d2d1523a35a087a7479d74ef9f871ae0e328c378af07e58eb1a6d17aa3cd1c41d426a61bb6a02b27a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
252cbf115c2ca771336881bf56383329

SHA1
3361e861297777db7b5577855e6658c8d3260293

SHA256
b5689063ceaa6bab640153a9f48125dad68f608d4d66b225def6e46a4252680f

SHA512
08d38b6a3dcff19d9e736d8c99d53dacba21b8c854c1dce9bbf33d0a736d1b8dbb6bbd5f18a0b29b81b0f4d26b72e73deecde36f91283934ec36a054c6f05a0c

Download Submit
\??\pipe\LOCAL\crashpad_2424_DDRZZRTDGRIUOGFP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit