hxxps://dsucustomers[.]docusign[.]com/path/get-started-with-docusign-esignature-essentials

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2023 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dsucustomers.docusign.com/path/get-started-with-docusign-esignature-essentials

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5032	msedge.exe
5032	msedge.exe
3056	msedge.exe
3056	msedge.exe
2556	identity_helper.exe
2556	identity_helper.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3056 msedge.exe
3056 msedge.exe
3056 msedge.exe
3056 msedge.exe
3056 msedge.exe
3056 msedge.exe
3056 msedge.exe
3056 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 2628 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2628 AUDIODG.EXE

description	pid	process
Token: 33	2628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2628	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3056 wrote to memory of 3800	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3800	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 732	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 5032	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 5032	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe
PID 3056 wrote to memory of 3680	3056	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dsucustomers.docusign.com/path/get-started-with-docusign-esignature-essentials
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3f6946f8,0x7ffe3f694708,0x7ffe3f694718
2⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
2⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
2⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16831433013199465318,14833436511610433419,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
330c53ed8d8829bd4caf2c392a894f6b

SHA1
dc4f3eea00d78949be4aded712fcbfe85e6b06a5

SHA256
bbca8b0343812fb9db9b3c59655a18772c7c40bc77f497b89067a82d5e4ce8a5

SHA512
37674d84e4ea2079e8fe9bc45b0ea8fd93ffc8d206547835e4211046ad310ba3e5a397cf444b17a4322f9513cbd91bd92c0b106776b879cb0388ca9386ebd44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
8ee42081aacf0167e37593faa78b12ae

SHA1
4da9254084936d4998fa571dd6100dd87bd046e9

SHA256
0bf1052531adfe5be54bdaf5b2ff22a01d771ea925f92d1261a70c383ac4b91d

SHA512
912e98cdafd54e55b5d2b63ce42f07801b0df167e20094773580764dd63356aa32a3d06c4e7999a3f24385fe8da553fd0015c4bd4fbbb39d0a91b74a990b06ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
328ca64c0c49e7884e0b299c823bb378

SHA1
e416abcbe5e6dd4d1011867cbd6981940d291afb

SHA256
cb9f23340451bb7e68c578eb2444f1b7d13c386fb66b670170732e95fdbdef07

SHA512
5370dd0f6c2770a8284812601bcbc4d5ec3ca1101c422954142bb6d4605673d050289cd131a5ad39e8d20951754f406e7ec5eef07e1c6e5f12e46d145109e75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d5a80c4606513c6c29d0db264d4c584e

SHA1
f3ab5250f07535c586ec14d6b49854ddf6fb89e0

SHA256
5488586c84f29ff439809dcf1f3740d55621eed038507e1b758db9deac22640f

SHA512
cdd59c24fbfed216daa59854be478239cbf48efd32717991d7b455c86faa9ae6b36369810af35e83c518e4348ee7ecfc286d65e853d1b62960585dbd7f4e838f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f8250f18d27f771acff428d6e18d58e4

SHA1
08d1c773f37c786c876fd46a5b9eb31c7dd4bb91

SHA256
c6f482f370fe9bed76a62b2e83a579755941c7127cb5eaa3e2c4d4db8ae543cc

SHA512
938c584c87db6ad6c640bc79d5715b8bf31539b2ac8d65f7a7e0d61b43ee9bb25342652aa7b6054207603baa0d97c992d61a7a20c87258e589ef4af892f206bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06e8197684f2e060679ae0a883334b56

SHA1
053752d7d5843c478ffd13013f2aced49655a178

SHA256
1d4ecf391d3965d472675cb2f2812ddd9bc65c051e2ff7cb49f648171231096e

SHA512
8eb98980f2f359934f08a6ef0480400c706f484c52759ace3cbeecace245be672759e5ddee6205a68adfc0ab01c004204176bcedcafbbfd617410032721eb60e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbe196f59b515afe8b18506a2ecb8489

SHA1
659b3f8923ad0bc3342797baa20a19251274b6b1

SHA256
3fd20abc5214eb2008f037db20388d1a149dad55a0d149a74a5e8e892c4a7871

SHA512
ee9609565775c381f4e54b1d01c1f5afcbc060528b3c3091af40b6060a8fc25259c782c25ebd97d8da02ced619c48be252c2c93545a17e1bcb84fbd0ec56eca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
202d99e156739773ac99231dd515378f

SHA1
a690f2f36fa634b9166d77b7775dd6df3291592f

SHA256
518af4a603de270d698f5f754079e6e39be977b3c921ef0be5eb6edaffe5e8ec

SHA512
1317bdd383464a943b83fa3ce97fe04c18ffa152456bac310cb166951715fe701d304ea082c57d4fa1cadf43f7a282a806bf314f162c5b65a878f5406fbbd2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
642c1320fd78c859c77e459a2ce6b373

SHA1
9381494b4b82068a5ee6d144f93874c3c2e7a2ad

SHA256
a83b29b24ebf01b390239fc578d820ff596c2be395f86bb6f1b0868fca3dbef9

SHA512
891913c52311da6946a48c3034730b9e7c4c9ca1541fa477dadf8203b85ea4c8b7dd60b7c63eeea8b19716d71fc11777020a77a45270f2ab1e0109e2bc7ea083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b6a7752fc4c9aaa40938882f5e7528b

SHA1
54c6a0a2773748ef67e93bd31eb47f232d5451de

SHA256
61bf663bcbb4aab43e928276e5291a5a231067361221e04e88bc99ef1ec0dd0a

SHA512
f00f5f011251a050473c323811a7278f9f6e4145609157ff0571e74250141cfa1080bfdca7f5f64c961dc00610eb4f49e604e8ebe9499804e909a4f194745880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf08.TMP

Filesize
1KB

MD5
11e02f9d862de2a1c542a92bd7fac7e2

SHA1
f0c9861a0f13ce3f8a874e2fa99b93bd182e0fa3

SHA256
c541cbb577c9f9e62fa8ec18583c83ec1a5a38bb2e52b74e886d75e21bac53d4

SHA512
19cef95e628b55810e5bcfd902c9469a859df8207259c84dfe1fd5ad431e07cf4d4412ef09008916268771dcb2a0dbf2818cd7d8b36aa6338d808275b395fcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0c3ecee8d02fdc6f47cf61183dcc690

SHA1
1af279b21dff0048eb7d80406bb5f6971fa3158a

SHA256
7d05bbe2898bfda0eafd62f49646b998c99362c5d9137f47b5d61b6ccbea24f8

SHA512
bae250a363593c16f35f9255d48b52bc55e740f18b0e067f2abf9c6eb203382f42eff18e99e7b8606f19503949f2b4b202d803caf65a6ffe0ec95a059137c97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1aa233a27eafcc4fd29bc574da5673c6

SHA1
dcd5917c05f329e97458cb0b696f8e3740699582

SHA256
d19445d03887fe3b72cc017e640c7b19b313c2687e0a28a7cb8b64a35a0549ef

SHA512
0e2e63a1d5d51a55f25ac683604824b004307b6110a7986aab60f17936ef37a91c77c5796101acfa50658332f934a0d07d63c5f576e41792a5bf9896b48c66c2

Download Submit
\??\pipe\LOCAL\crashpad_3056_SGYZZZUBXEOQUJPL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit