hxxps://rcnw190[.]sharefile[.]com/public/share/web-sb6b13673b8ef4d58bee29087dbc44d6a

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rcnw190.sharefile.com/public/share/web-sb6b13673b8ef4d58bee29087dbc44d6a

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate website abused for phishing 1 TTPs 14 IoCs

phishing

Phishing

T1566

Processes:

flow	ioc
2	rcnw190.sharefile.com
11	piletfeed-cdn.sharefile.io
22	piletfeed-cdn.sharefile.io
27	piletfeed-cdn.sharefile.io
3	sf-renderx-us-east-1.sharefile.com
11	sf-cv.sharefile.com
23	piletfeed-cdn.sharefile.io
28	piletfeed-cdn.sharefile.io
36	rcnw190.sharefile.com
7	rcnw190.sharefile.com
44	sf-renderx-us-east-1.sharefile.com
24	piletfeed-cdn.sharefile.io
25	piletfeed-cdn.sharefile.io
26	piletfeed-cdn.sharefile.io

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1 api.ipify.org
45 api.ipify.org
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
1	api.ipify.org
45	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2584	msedge.exe
2584	msedge.exe
2908	msedge.exe
2908	msedge.exe
2940	msedge.exe
2940	msedge.exe
1684	identity_helper.exe
1684	identity_helper.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

msedge.exe

pid	process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exe

pid	process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

msedge.exe

pid process

2908 msedge.exe
2908 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2908 wrote to memory of 3092	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 3092	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2828	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2584	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2584	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe
PID 2908 wrote to memory of 2660	2908	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://rcnw190.sharefile.com/public/share/web-sb6b13673b8ef4d58bee29087dbc44d6a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffa09d83cb8,0x7ffa09d83cc8,0x7ffa09d83cd8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1752,2808480648919006621,4928133378157390731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
781206c21ee2ba7fffa463ae8c5d3fc1

SHA1
db8eaf8694861bb07ca6ea526a529e5a0cac77ec

SHA256
29fb2e3e922896d1dc3e060aab1f01c8cb3c334cac3a62d1708f1a55ba8bd1ff

SHA512
f73610516df68e007baa983fc9995da9dfe025b00b84639a49534452f1b64b8ee200ee434d05f26e0c9973c72722734dfb853026ff0568f7968e968bdcc4843f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dffbc77cee6665368f28abc093c39944

SHA1
5ff508ed2d18a0a86dfbde3c89c5c44f35290dbd

SHA256
4a1d424510b91dc6d95fcc2a517b34f1925f40762792fbbda60fee4962e43b5d

SHA512
54bb7e2a89fb80690e4689571e0c105278226315f345b94830dbd13a375ef2ada7b8c927f41604a3f2644a293e1fc87430fcbe57d091f4c07b82a2b11b3f53e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7e0b26e8255aa31e853b77e30bc8f91

SHA1
b5c8fa70af4f6812ffb585b129df95b206789de4

SHA256
25d725d81f9340b4b9eff9ce6aa74c9e831eb6a13ea987445cc2fcf753389d05

SHA512
3eeee1d532369b7f3b7da8b97b56d9f89184700ba07039633ecb118e0c2b4f0a2f909b13149d3179dafa0cf69cd037eb662f51eb4727f17a24967fbca116a2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c4f678f3e34916362b782e28df41b3b

SHA1
c5ae6951fa05629cb06cc992ede9c1c07c197e80

SHA256
176a7380ea65b24fe7f376846b814099c5d5e92854ecc143734c75c4e4dd91d9

SHA512
16b53f9e9b6e12fb483f7c91d9c8d6af2f590825a45cea88854fcf07c492f20bd8751fbda8873a9603420a1c3ecaaad0235669846cd45f205490b85d10b3e525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8226a518cb0d769d73c2dc7ff15c40b

SHA1
3fa859c62407abe4f7ce29e6a88955679af37b9b

SHA256
bad68b22a20043bd71b71ea95188c75ea09afeb64579794dbdba6ed58be5386e

SHA512
434d67eba468bafa00ecec189d3d477486017f461b3f909f0e302c8a20f01b6c1559b320c6ed3fb3ed49a3bdb784355ae1c524e274ec5972ca1f5388933f3bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
532e4833fb3a829ce3fc15aabb148020

SHA1
afbfb5799452667f058818e6d20bb5c365ee9bff

SHA256
a14cd0d34b0a1d47f7f44cee06eaa8f4bb10c450a9dad184ca1aa244f74fa9d6

SHA512
c7a2aaeb57eeafe9619f95d6ef26537975bdb355c182eef70b8c7bfb27df4ad7490944e2b477caa0a3b3d7ef2db0e9d6093fb7a99d438e4346f7288d9e9c6b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
225554f25ab720548c374e93519285a9

SHA1
0b9375c17e32e5916c6a9acd421060fa22a1c491

SHA256
fd56e14b02492be79b5890545a4f8f280208bee970998ac4d44940b0e5cfb843

SHA512
d4e5851d91953003ae8cda5cbfada279ded6ff7c44fc1539504e2a53585ee26962cee568d5597a195034e3d58c46c87cdcb702b44cf003d88f3fd5f775efd9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f48dfad0b870d5ec6ed5e5ab2a8f7338

SHA1
e927600a997ff80e180a25890209a02b40259906

SHA256
8c024b8960764bad8f14f744964050fb69c8bac55388a5adf47c1079b97fa85a

SHA512
b23175e24111d4bf2b713fb3e0efb2419525348dc7dec7b8a6a43639b8a4e3f27e1c8cc7eaf081499bfda41238287f1ccf1e8c4d414587c0ce6f490091b28b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f937591d07f44b6f6a0da4e39c94e48

SHA1
b4e89511350d489b65fbd49621c7d27bb1cc1106

SHA256
beebd3916100901d697bda73558daaabe3174bf7c6e243e8b5a36d9c5b41d200

SHA512
83264ec3479c4d19bf7b16c65dd7faf82c891acb5f61e7da059e8922105bbb31c58100c356a4009bd9c82630930aead93481df37af502c4cac645f95d25770b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbc9.TMP

Filesize
1KB

MD5
822f4ad0c1aed44b113a9f0db8967447

SHA1
e3208e453848425dc77a052c48977a75180af3f2

SHA256
e462a6cc5617d0fcaebe5eef6739ea50ea591116fa27d72b2e54e882b5f05b70

SHA512
a76c30b7a470aef3b3004211d3af25b81c0902af27c1330f87d5c415c2ce2b2e3ffe2a57b545d82ead53fc4fda822d22f06e02cc869d43133527d84ac4d2343a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d17f7a36ff482464cbc0f7e009613b85

SHA1
5d0c0448aa585d02830b58dee87a517904d84289

SHA256
37075490d28c8f2e24884ccad9348390dc01178dd1512e73f9a97774cddb89e0

SHA512
c4e6d6a572e87eeedbc98f29fce43014d8b2aa2aaaf83080a44a29ae95befefc6947c83e55cd9cc8e79b844776776be38281d80269fffb7ff3b819d84ea6b602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2ecff896b2c5249e4c112860889ec447

SHA1
341f18dcfa4baa579501d6eb5d0036b5520151bc

SHA256
a662983be02727b49785d7720b3a8add9dd7aa3252443599af83fce22975baad

SHA512
174ba79f332c8e209b75b3f9dd2bb7f0c68c5feb678c777136a2c5ad5fcab8fa93c9395404b76d904ebbda35b16462c407e59a8ce9458f418e75705dafdfe455

Download Submit
\??\pipe\LOCAL\crashpad_2908_JAOFNPQUUBBDNNJE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit