hxxps://na4[.]docusign[.]net/Signing/EmailStart[.]aspx?a=0a43ccaa-e086-4ead-ad2a-8b5814f5ff3c&acct=166865c4-9a5a-46be-b7f6-ce34f648fbff&er=805bb361-99f4-4bf0-9134-70a7abf15be8

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://na4.docusign.net/Signing/EmailStart.aspx?a=0a43ccaa-e086-4ead-ad2a-8b5814f5ff3c&acct=166865c4-9a5a-46be-b7f6-ce34f648fbff&er=805bb361-99f4-4bf0-9134-70a7abf15be8

Score

5^/10

docusign phishing

Malware Config

Signatures

Detected potential entity reuse from brand docusign.
phishing docusign

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
1868	msedge.exe
1868	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2948	1868	msedge.exe	85
PID 1868 wrote to memory of 2948	1868	msedge.exe	85
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 5016	1868	msedge.exe	87
PID 1868 wrote to memory of 3556	1868	msedge.exe	88
PID 1868 wrote to memory of 3556	1868	msedge.exe	88
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89
PID 1868 wrote to memory of 4740	1868	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=0a43ccaa-e086-4ead-ad2a-8b5814f5ff3c&acct=166865c4-9a5a-46be-b7f6-ce34f648fbff&er=805bb361-99f4-4bf0-9134-70a7abf15be8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4e7546f8,0x7ffd4e754708,0x7ffd4e754718
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11643517916886230423,10884104011056391230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\526af652-5626-4dc5-84e9-7024f9a8c3bd.tmp

Filesize
7KB

MD5
d40a3173e0f865ea107228c9c1e3c2ab

SHA1
83e0233a01a314891161dc188d15ddfc8e914465

SHA256
2aef6fabd3efe5a5da129563cca8012b766024066fb32d156e1363b4d0cfa8df

SHA512
68503db337b679037189a663b89552f851ee4808982ac6f36623538a71f6857e15b5fbfebc7e258f9d4318eeddc9a05a0f5c9dba82a51202c198532cb7055149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
80KB

MD5
8a3d8a370c97e00f51e2e8922db81032

SHA1
fdf3c6b893240e2e9fcf212e98293674d668a3fc

SHA256
3a36a4484297987a9d582aeec7105fd5a723806823111f0c2a8889e05dfbaec7

SHA512
2c570dba33971bb256bb7284c9d6140deef8f106de1d004478b1a13e255769dead5744d7ab092a91677283c4513ab0bdac007b375035f930d2da0c476c336d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
83edc9cd2bacc9e0f16e186673b096ee

SHA1
828ebedc2e08d66b4ed56a2224cb18643336e3e1

SHA256
1f4bc552cb69f494cb35f38f81c88429b73cdb4e20f306383e8d099e5b664b1a

SHA512
3c1f47a9d72941a3f920f598471f36bfe3d121867cd672417d4c4444057d042a06752741b4ec8ef0fc76918a477e2f0adfa636a758d4537dc786a4bd34e96c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
8e0c99876ee77060d9385e1104f8072c

SHA1
0be4d6f32864fc7bd5865cef140040dd39ef0c97

SHA256
9a38cc3789af90500ead3ba9fa1c92bed1a28a793b42a696f6a38f8f83034bf0

SHA512
ded165f94dc41ad92b5e2d34f4834ce4af2c3f5df7cfd4a57991f8a38b22506967fd39cf8a6cc1eb8cb498cc0120f0d340e8b04ebc6e0b910a738c12e6f1ad69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
867B

MD5
2ad6c7275b8214207558e5d6ef27fa7c

SHA1
7426bb7ef84136801881d63be1822318231b6e82

SHA256
f8916694b61460406e773853b44e474a4a277274437702c1580eb110515b909c

SHA512
e5b06528e2c1819450bce4bfba5bb50f605f8fb18bc2f507c2e36c4d0c2434a8b390d20723b7e08780bed7b3534ea50024a22aabbc0da4067c12d4fbb278dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9b909dd89dd6473bcf9f8e6c91730fec

SHA1
3fd335da508910a807a8d79d2a13ce51e4f617a3

SHA256
743c9605540d34f9f5261c62f4cd7551383c15fdbf8f071b1d2e434a74ab2d57

SHA512
24c771b9cc80f6201fe2a10045532ef9a73efb338757011282deb1569bc0261372e28474ec65f38db92a8cced9f02401008cc038e9f7e8b7c07c0b78c7a2f5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
855aa5330fde151b64b7c273cea2c581

SHA1
62fff9029fb2fd30b91cec4099e3fc67310a8b83

SHA256
015d51186ba6d9ac2c183d4dd8b85fed19799d5c879682bad2d5de6606559733

SHA512
b67f1412089a4312a01c955406b6dcf6cb22593226199c2b8a6058521c033ea721d227269d6e5d8ae9003794fe6d0b3bb7f61dc112505eccbc748e2ec68504ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a8065ad530eb2415e9ab1a17c4b2304

SHA1
6957854058137a29db61292f34d0018be3145262

SHA256
11da195d00e611d23c450cec02c68d14c36d7666e874345bcabce6ba57449d35

SHA512
b5cd4791f90610d125454cd00fe6331eec2b01f60795f096b170320eecd43f4cc87327e50b1e84f8e091c24d258b7d10dde0a1ab750ae81a52769e902b8f5ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d57338557576f18fea1f27d4f7b501b4

SHA1
67348ddae2e4058698c27e9347a5e6cc07cb0f58

SHA256
5d5ad776c4fee307588faca0f3dfb4916fc27ca0ddca4eb8237f774ac7fd088a

SHA512
91745770a2fdba54c864e7a376e48440bad8eae95cbdf5c044946b6279afda7ac172e9c93d54a312a1a66353075d049d106fa63f6a81ce2de15b764ec0a42b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fd37f01d78e1b9a84f12a0b5ef2cda6d

SHA1
4cbf136e4c2c6752e9cc6bfdf1154c9fce987718

SHA256
03b8af5ef0853cbe488f030f0d957eddad812e611fc7a3c155f36624e426cf81

SHA512
82383c119c3a40a635e36f7b932f6cf453ad7c39472812a53c54e78b530dbd66945cdb999742d537fb3298f31842d8be7d690dcea73f6cbb02ba74f1c1454b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32db711d300ce7c4f9638abb51fc1381

SHA1
ff477dc8190c4f81301ff700d708bbd933a2c230

SHA256
7aa82118ef474c04416301f90fe9ce6ecbbde68bdf8ee2a5a74d08eb6485c8d6

SHA512
ec15719cde294e6e53caca0febd010a0a20e4bb6084737c7791ee6e7a7076793ef2f98bafe5c8f9f9220e26960793806cff2d3f3fb799397bc3c51b59789dc95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5654a519bdbc41cc39922cb97b7137c9

SHA1
980593142f53db3d884068bb18ef8dfffbe171da

SHA256
47af3289cc2a96d6870a645ea5570e040218f92b2b544c5281342f17fb711aa2

SHA512
1a30505a5a0e7f46f7530d37c770df531f936a532212f111db1cbef848b25d17c42a5aa3df32848e0c7af296650fe95fa7f64d4c63cd064574c799ed8f037f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fe896835fb171171e2f1283b9682fc4f

SHA1
3c6f385143c375f6ba873408886627a73a4c4b19

SHA256
666905004a2dd2e48875c996a98af738cb46c7ad055f3320dd85329458d7f67c

SHA512
9a7de5f64fdc0e68000487030fdfbcda39acd7c80fe71aaba8fcee98c0d737850b7cd131f89ec32579aea91f336009a91e09d97bf5c457cebf50be59641a7c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59a769af31f739314f5ff6bb9ddeb185

SHA1
92d83b94fd16ac9fe65636596ba70f8b4dd3d2f4

SHA256
8bc3b5120b525d4898074b5052cfadc8dfd201d6b4e1846ce0a62a6c922a477f

SHA512
75284d67091ec83570878a5675315d989826d0baaf248c89ea55b7381a3e4c7d646e1941bb79cffae64a197a886fae5e90b4d258ea075a5a8754ac75b09c1430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
3f84b0b1e73bb028c3b34c905de7ac4d

SHA1
cfba4ff76a815e85a5960596cdf50b178d2baa69

SHA256
c9835f553c2272d64e273442e91176e5263c43eaefc16f134fa0c5efb1713ea5

SHA512
b0eab1314101cfce95af41192af1952a007ee437f02b4edb27181f553f991b2fa588234c51ebb2d9a58bd7af9b5b5523f20262859203b6eda2cf744ea019a814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0942b30c0e97e6c5891e7de16f43697

SHA1
e3f04bdc021d007ba642a1cf0fda641a4921b517

SHA256
e96a3ba032b3204c5a3ca7923d801dc17fc59a5ec4b50cef701fd20a4465d39c

SHA512
256f96359162face26c1aee8a32ff91d4f18331a54e89153fa4907c43552279211c926aa261d9aed87833e46c363822d4f80ce066b0b71a54187b3f053e908ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d63f11660d338eb73299a16322443d31

SHA1
be1fd55e4b196b2046678350de3bb95567d1c944

SHA256
a60159554efc61a1c98aa48d1d353781519fde0af7068a2015d383e8970282a9

SHA512
4112e0f2afc9fd4d9eeda7882d44f06c6c7314aa7da9e40e4ec2dc24dcfbf4a207a06c937c306d23388d88acde2dec9028c6c8b4f95951a671db34370e1fbb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e3b9.TMP

Filesize
538B

MD5
2526d042a5d69a60bcd0b6676681e962

SHA1
56f5263e460d2f3b76d8b4cb62943b8897e5f0ce

SHA256
53fdc01b4f7ebc7e204633cfc00ca81d2142bf8d025b6ad1c62fc84a26779907

SHA512
7c4fb4c75f58f1496316fd8b929a790b09be81fc9b8ce88208a6f80dd34e98371b49760d800055371e83677ce8f5c25694e56d1255b1fa7ff3fc2d291c26d772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1193adfe74cfcf978be8828efb03a8d

SHA1
3b0efcde1905217046bb614bc10bfca5a2772aad

SHA256
c4b10c618314db8e89a94caa8339ad32ff361e5b3b95ff13857ea9ef79f3b643

SHA512
369ab95fead0d8228e3a7443295ba5667c4fe3e49d42033f0593a59c9a797f347f064012f2f7560d52b1d14079595ba4049278a37c10f7952852ef528a5baafe

Download Submit