hxxps://app[.]getbeamer[.]com/7132428100/en

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.getbeamer.com/7132428100/en

Score

5^/10

amazon phishing

Malware Config

Signatures

Detected potential entity reuse from brand amazon.
phishing amazon

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4456	msedge.exe
4456	msedge.exe
2640	identity_helper.exe
2640	identity_helper.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 2280	4456	msedge.exe	87
PID 4456 wrote to memory of 2280	4456	msedge.exe	87
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 3556	4456	msedge.exe	88
PID 4456 wrote to memory of 4840	4456	msedge.exe	89
PID 4456 wrote to memory of 4840	4456	msedge.exe	89
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90
PID 4456 wrote to memory of 4548	4456	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.getbeamer.com/7132428100/en
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9436246f8,0x7ff943624708,0x7ff943624718
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10945017255142602852,7089968224611874399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
98b9f4abd5ee2179f9ceff57dcc21154

SHA1
1e8d991fea75e2088d363e8993154b2023ec2700

SHA256
1912494ad7bd42ee01125054e4c52726e163a1bae49e2759f199ce8ff3294985

SHA512
c8e6f035d614fb261d3aa05ef5a3675f5179d21cada797c95e1b086f3ee357f70c3375fd5f6dd7e6ed77887292d8d95c8bd503c3185318953c983cc420dee8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e50dd430b5e0ef33cf1f84f30135dd09

SHA1
40e10e317a095603d833e041ce4e47a1fc6f154e

SHA256
8b688d15ba00401169dfcca175c39f1f297b550d354c5db7e9b206a3e22e6dbe

SHA512
702de7f9d319fa9025e544156b58dce99c6542ba64116bb8104bf400d8ad118998eb1a5461ae1372575a7b8152de3d53a3bc27d1011b9ab742da437a84c956ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63b6b833efaa83133a99136474b0f0e8

SHA1
05b04e0f5afd7830b29ba031ad3f3cabd896cd9b

SHA256
6c6b80e268b89368ff7550275b74ac7753efad72e5ca9cc26ead3122b0ca31ed

SHA512
5a9da944a159e17491eefc2e1a828b4e9e62a2bf313fdec94a463169b9cbb75fda835572f0d8b948171776374085298b0417773be4a22ec9d4c11bff5f5c7c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cc2043625d7f813faafddb80a46781e

SHA1
fd4741d7197004e8d910f210a88804830ea1b7bf

SHA256
33d2deb1ae18f14e9edfdf5281ca381b543b663b7eb3abcc9207380d098898de

SHA512
eb2348e2f6e28af04dfca41e6dce55982cb1c63b52ca650bd389bdf1ef0394e7b22422ebdc3cfbfca7ddc19147e7039dda00ff59734a70a00a809bc7ab397388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a24b9d2e59d2e1068e4b84e0cc472a6f

SHA1
b217846d0f852a93d0adf6223c7a7a7396ec2f06

SHA256
6c2ec7c38a148730b63334d05e1f86777d703b900b0ef3595e50bf56595f0484

SHA512
f908d5b92af4a4d72e2db758ad269894a1669c3bdd42dc5a917b1bd0af207f814b86663d2a4c5c18868cc50ff655a86a1465d98c0256c7eb499324fd439bb0bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cec434f4789e94a99d565d1c0d98f942

SHA1
48170d32b4eaba928ff0845f0a3f907f4378e7f4

SHA256
a54b8bcf1325123b0137ea6d344dea4d278feb39d623b552ef30b254b40c4e92

SHA512
476f1c05457f03e229700208c402cd89f9e871541388203c1d1d21055d3b8d847cfac06df8ec5a752c0a00782bfcfc0c13bea9a1fc45bc7ee2ad3fbb01a2be5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6c0079b4d6b88ad01c04369a7feb61c0

SHA1
0c9f537ab6a09846e433f3e80a2ff45bdcc4b11b

SHA256
f4d7ac7826ac9cea0b3d36ef5cd6758fa75ae65cdc343c39299aab0ac0edc78f

SHA512
2c3575d8b31de180034f1a631cb83de91ef16e7f8df243c70c461cd9ba03e5c48ca12568013e585135bdd46382ed2970528b3195a7f83f7c5294968d49404ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584e0b.TMP

Filesize
48B

MD5
04cf743dad70974f82843d93dd414336

SHA1
d69dbf89924a9e5c4ad42b8e4829db1adceb7b5f

SHA256
1516ae16a37069e6f8ce2ff1ac115f382b62680c9a85756ebff9e94372dbb23c

SHA512
faaca617f471fa805f498557857fff2d3d2d8a4e021183d06456429a96d1dbed3ba0a4837939da7fffbecfcbad3d714670b7f13d973fb450a5d575a8eb5d589a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
711bfc08171be156b955805bded71332

SHA1
430008ff0770d22b6e5cda66b8244ef70cc66186

SHA256
cf4bb8e00816b69716b7c570bccf0e5a75382d6862f5aaaaff260593639e4d2c

SHA512
16077fd37dc91efb320cc0277c0ae40643538dca5670b45fe4c52d818cae9598c02edc0ab24344f46643d6d10c9b4a1dd6364e22f6e1951d3577457d2c95135b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f32a29a4654a65c9908338d9c6e7de3

SHA1
d52d6cb030f2a2db3a7883ef970471ad601d1085

SHA256
764cde9be3b0cbd836bcbb5a89f4cb7474b058ce7900285a194149180a6c0758

SHA512
52353740519743c5c0fb6125b8697b386342a2f14b5cd60b3d7c5df8633e56b1568fa75196c21b67574772a4ca93c2fe011ed724821be6ed6fe7b9b1b514213b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
578374a2321f316030b26a0a29641b49

SHA1
cf165d73c282360a82c58a9ce566ed9507f5e211

SHA256
7659a44e162b02f9961654d3c0f266655d16202070a5561e6591fd3a6b850f17

SHA512
3802ee96122dec4845c9da0359a29521eeaa08d6043f2bb607136eeb1dd87855606c11c3230606280955bbd578ea751498b53a29fa718f8ee424cc072528569c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c186dd56c6ceb686b35750d93a1a9ee2

SHA1
eac2a6afeb8950aba85def4ae75e81dc869c2a91

SHA256
8da5e47ddd683265a5462e0561cced68681bb99635ffde04a44c075302f60b7f

SHA512
a3bfc182c073c60b528f785715a88136a2a10e2191add00cdf60fed2d13c74d0684cdb8dfed2b9bd9e33459a79ed580742f40115c7889d4ba23dd0c7d46ba5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68c2e157ed045fdb94b51249e4e66296

SHA1
70c5d19d7f6638b844125ab5e4b6d8d163039011

SHA256
2c83ebd4e7231ba552e24618c4684819a070849ae63632a27ed02c51e7f2ef4a

SHA512
b5953dc204754737c7eab82e6ecbcbce5226fccbab0cd9967c93cf8eba9bb5dcae0e13330dccde4844b1d64b5c5d28aba3922e7a6999cf6373012c7023fd0649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46272aa5e5dc0af74f0a39c352237417

SHA1
7e8398ada119d07e2b58c09b8e15d19ebd271f5e

SHA256
9e82f2bc445899f169647b5661940d593e61157e79d30cf0eb7affbbaab95b14

SHA512
36edc27f53e7e506e4bce41e9a66be00e480d95434a4ab38a92e25a702e732d5dc86f317251b8dff4c6b0a4097cd72441c81f62d9703df157c9f35f32b3c2671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36cc04951a97c130f7ceca1c50520bc4

SHA1
f9d43c5d32c37dd8bb726a80c5b616efc76b3d03

SHA256
562c2b800c587e479a090af4d883c68ff541f6c74c29b2d36613db48dc0cefb3

SHA512
e4de1b5692a4241f1ae38540d73dc51070be7672c8a296845a736346d6b79fc66781294273ed4daaf4e1f55d1439f73448b88bccc9ea9909d5e82ab80c16da0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b106a4d6320eb77e699b45262f100bab

SHA1
d83eddbe1ab9053a7668d7e9bb9b0c4f804a466f

SHA256
c902290c3aed3743c3997b300fbd5551a3d045730d7037acaacf79a39f3d1ad6

SHA512
2ebedcf67585cfa7382a13e1eb118a1a64e5d0a49bf5852f0796972ccc8f53c29e084c462ac675c0b27449ee00c5a00f28c50897757bd4752ca8ade2551f628c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fe47c8eadd6b2be9272d581582a8dae

SHA1
3729b77549d076b62b0561407a0df71629c2c257

SHA256
6459b4bc6612b359e07be4c1fb899bef1df82dd69f0b42ae98e12b94e9f302a6

SHA512
d1c247b038670f10e66867d49a7a09ff6299d4504b9f2ff0b6506bdfbe0e3d44c9fbf3c239072ab4da8b9a84273c2dde8e985aea2ac5ac2b134caa32a906d26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe84.TMP

Filesize
203B

MD5
be329c87fd4b6ca31b5f8207d0756c64

SHA1
d02788a06e161942e536e07795e8a2bc953a7cda

SHA256
7df71ccc7751da14dbe008aa6df2a4b8a0d01cf0736c81b85616d32ec69460e3

SHA512
25d03413504eec8f99ebc44c209852dc4f5d4f16afc57c38a3b6ffd926fe2effdff7481b84e31006be520fed606a826a4928378111426d6a044c9d687e47fa57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
18b24e82989f9ffce27413d60fe41e4d

SHA1
7345c224a674cb060556a62206843ae226bf54f8

SHA256
9ea21c243d91ee58f0e08566c12a5d8d8273288432b0838bd9ad82a7c5adf555

SHA512
668465f9be493fd27866931e389272bb8d151ab831f825af848cd9d72cf79aef434ac977e70df95b78ef2c85c0ea1c637970ab91744fa291dc10eaed90c40393

Download Submit