hxxps://na4[.]docusign[.]net/Signing/EmailStart[.]aspx?a=ea0a421c-29f3-4e66-ba7a-638789441004&acct=c841a70a-f1be-4fd0-a2b5-321724700bb1&er=b08e8879-8695-40f6-8ae6-3910bb13a71d

Analysis

max time kernel
148s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
08-04-2024 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://na4.docusign.net/Signing/EmailStart.aspx?a=ea0a421c-29f3-4e66-ba7a-638789441004&acct=c841a70a-f1be-4fd0-a2b5-321724700bb1&er=b08e8879-8695-40f6-8ae6-3910bb13a71d

Score

5^/10

docusign phishing

Malware Config

Signatures

Detected potential entity reuse from brand docusign.
phishing docusign

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3628	msedge.exe
3628	msedge.exe
1268	msedge.exe
1268	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
3044	msedge.exe
3044	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1268 msedge.exe
1268 msedge.exe
1268 msedge.exe
1268 msedge.exe
1268 msedge.exe
1268 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1268 wrote to memory of 3652	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 3652	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 5072	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 3628	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 3628	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe
PID 1268 wrote to memory of 1600	1268	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=ea0a421c-29f3-4e66-ba7a-638789441004&acct=c841a70a-f1be-4fd0-a2b5-321724700bb1&er=b08e8879-8695-40f6-8ae6-3910bb13a71d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff8688e3cb8,0x7ff8688e3cc8,0x7ff8688e3cd8
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
2⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15531509619156615062,13961115604477085265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3652 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d4604cbec2768d84c36d8ab35dfed413

SHA1
a5b3db6d2a1fa5a8de9999966172239a9b1340c2

SHA256
4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2

SHA512
c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
577e1c0c1d7ab0053d280fcc67377478

SHA1
60032085bb950466bba9185ba965e228ec8915e5

SHA256
1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158

SHA512
39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7cb0dede-f27f-48c9-9763-b2fcb342a71e.tmp
Filesize
538B

MD5
078e5bc44f2a4dde05e3336eee980d9b

SHA1
586354c6acbf4237639e43be4023c50579fa4b4d

SHA256
c98293c793da4b91f9901363cfae072ee68ced023da4d8fac91437d1ecfafff3

SHA512
fdfe83e23f77e8d4b8d6ec2993e65a3d3474f60795c485048227c4b3647655b9fb939000deef08236704d6e8d9087c652e125b88813e157d775748296542a4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
bf4e23356061318916a232367f379667

SHA1
2c5fb8a69eedd82b590715661380892a6a787c36

SHA256
6fc86739d9bd6f25311463192c14753856eb672f002722751243197d959e3c01

SHA512
9a5843137b4a7ccdf8d2460c082474b7b225137d55691fca8df764f48af532f3620ed417e4a0cbb0e58651175f08716bc4bc188f064b2f6177be2a4afdefcb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
412B

MD5
f1ca108a0e77a0ca3b610b009986ea41

SHA1
df6672c48f343671f72fe9d848534c7f2287f431

SHA256
92af072d30215b50190e6fc58c9a33e7df308fae451dd96ca2676830a5319f8c

SHA512
958f3b687c3c7db0f5fa782141d63726d384f95d74c7b1078bfba6883627682499cdb66380cb7829e5c7bd6711ea559baa73049a268f022976304f15cac84de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
097ea5915c2c7428eacf4b8cb7365c5e

SHA1
3d93987b2065f6d72a3f3876785b74aaf480daf7

SHA256
938084ce55f1aa495c4d2287c19f5b0ef79dffd0b1e290368fc50679f407793c

SHA512
65d4be5cc917d94d66e53c6c1ff90822c01e3e75e2be420f0c3e78df8c2bb487196f38393c3801bd048ed0f56231268acc7862e6e8993e9caabc065526b038ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d9d6320f03c4d7430cefdc09e1da76c6

SHA1
5de591fc91829c9695ea42ee8e19d0c75c8416d9

SHA256
84c9bf78aabe6a31892270a79b67017796f575ab9082f025f7e45a339a98c905

SHA512
56b581f6cbda8024d623fd84151521c401f6702275673364dd8d0cdbb14d3f6fa2b6782f5359832b5ac017df41b5c90a1c0845eccf342eea83db460d9d405b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5eebc32f75ef7ac2c0bbff907701a401

SHA1
0bbce235194154b16b3ad38e56e20b4b732e66fc

SHA256
019518fa53919607c34b6f242f992980753e0328ac74b40dc7b5bb665d7c1fb4

SHA512
79e239723cbfabedeb3a01465a8354e4901fab18d2c19594f20945d42714ec9741b7264ecd6b31002b9a8f499163ae59fd2aaad652224ce1690b0c7a17ec74e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
e06b63762e7c7b2d3ba3d056bf88804a

SHA1
bae08e7a826ac20977af0481383df18f2d725b0f

SHA256
37b52a2d01ec41c4567ca29d9704461bba45a82076af4a03d0e1bf59e95928f5

SHA512
5a5526c0989ddfa943064613a71855133beb836011dc61c53912cc6cf3e503a7e108854b03aa29214dd09b27a869d5d2060e66f36caaa5aebb3beb911992c37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
6e751d2b48390aece7d33824d40aa464

SHA1
de32a7404c940065b8bc07f26768eedcc4a5b6ec

SHA256
47e263e234fb1df0e2a42acd848d3e4e57a5a11f6da6465db6e286486e0de5f4

SHA512
d3eec25b150b30327223c916a61e66ac33e65197b908e776affd3269e22648904e44c3fc0139f44caa591feee0e3dce3893f3229eaba2c82348cdaba9a69307c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
a4f0526de61a97fa2649b35ba4d415e5

SHA1
77c6bb1665138a41120b9309399710b746c6e36d

SHA256
15b7d886bb8d004e208be58c10aa916d5febc24a9b1800fd9baba92c33988022

SHA512
b0f6b08100d40ca8be602d54058224506425d9af315872538e64f086d75972293a7b2bb9d03220a910a7e601f1c80e71527fdd1c67c84eca189526079fbe43ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
072ee64da7e3455799b15c33da4282d0

SHA1
614c19f08720ad2c077fe5faed99c122df5c6fa4

SHA256
dea9d3637e0eeb00c9eb612e31d3255abaf68a76319995478b07e33d8e43a8d4

SHA512
e4f11922930747051beef92b9c0854faab900aaa464ad6ed72fd80ba63c5dcd899e9d1de15eda0bef977cff92cff2420af60323e4a2e08427f3e8235684c1a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
ad073140acdfe5203d9447fb2cdb4e5c

SHA1
6f9877edf66a0e95be5d7dc584ef71acee69f174

SHA256
f4945475f00548e04b788e34f95e55ef8a7215e3d718dd4fc5cd268abbc86058

SHA512
aab4f72a91f922e42477404e1c54ab6bf2d9a2e4023d6606715a1aec5335c3bd9e13be1d954f458e40ffba011c2537dbb63a001be263035d1384b08a164e69d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f220.TMP
Filesize
538B

MD5
b84be3975530b856c6be86a3858d94ee

SHA1
c14cca2106b2880426ffff914c76ac62a2dc1cd6

SHA256
9a512dbaa3c80ca8fb5d9bff8f956ed6c38b5494b090151453a56333372dcf90

SHA512
7b64d9b63045f0ec567b389901a63eef5e597df5611b0fea880fbbbe46d18ecde859aa695c405c7fa1b7a19e80b7bf81ab900f2d1a7da3ce75a0915af959d48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ed5277f1ab1393e8c46bf61add3f21d8

SHA1
a43843fa8ee492509399647453c6af6e65904d93

SHA256
1109fbb1cec9df15a391b613684328fd1ed020049aa50c238dc3ad628b479fa4

SHA512
c73e669a575d3f246dc0817eecdbaff593e6df3b40f6aabbba250f175a0f9157efd85c856403a531cea86122d51dd8b6faf6c1060b905e4ae29d70a6de60339e

Download Submit
\??\pipe\LOCAL\crashpad_1268_QCGFFSJYXXZQKHAR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit