hxxps://na4[.]docusign[.]net/Signing/EmailStart[.]aspx?a=558c4fef-bf9a-4ff8-974d-6ec8ac2c977f&acct=ccd38c76-14d5-4dca-b6c5-f0116d3eb8f5&er=558bf40f-9a62-467c-8e76-aee3b9faa6ab

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://na4.docusign.net/Signing/EmailStart.aspx?a=558c4fef-bf9a-4ff8-974d-6ec8ac2c977f&acct=ccd38c76-14d5-4dca-b6c5-f0116d3eb8f5&er=558bf40f-9a62-467c-8e76-aee3b9faa6ab

Score

5^/10

docusign phishing

Malware Config

Signatures

Detected potential entity reuse from brand docusign.
phishing docusign

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3796	msedge.exe
3796	msedge.exe
1192	msedge.exe
1192	msedge.exe
1924	identity_helper.exe
1924	identity_helper.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1192 msedge.exe
1192 msedge.exe
1192 msedge.exe
1192 msedge.exe
1192 msedge.exe
1192 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1192 wrote to memory of 1848	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 1848	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 2428	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 3796	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 3796	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe
PID 1192 wrote to memory of 4084	1192	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=558c4fef-bf9a-4ff8-974d-6ec8ac2c977f&acct=ccd38c76-14d5-4dca-b6c5-f0116d3eb8f5&er=558bf40f-9a62-467c-8e76-aee3b9faa6ab
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8edba46f8,0x7ff8edba4708,0x7ff8edba4718
2⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
2⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
2⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
2⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
45a8cbf616e253c5a5d95e6c03104c1e

SHA1
c4916e9d45553c179f464930384956bb14f16ed6

SHA256
6fef945a343e334e708276fab0e4ccf701c2ad3d345265de1263c4fe8ad6a624

SHA512
58291db4611bac0dc0d5fd03a2944b5257cfc1b8b6748ea1a5a9edfa9e2d5a08a7a577696c8daf629904d6d7bd296a44a943a0f4587a50aa5f1f5ab3c7134a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
412B

MD5
a02e7e96239ec00b405096af6359eaec

SHA1
1c6ee63d62a015a92e3d6442cbb3d8a33c0711de

SHA256
789f9925f702339f5b7e2882518a4be877d6697ac662ff8b16e73dbb58705283

SHA512
66b50764f0a0ca9d7afa5c39a4e334919022ee62b50d0c98649c8ead09e8175fe7ca8f5ee3388e028f824f8c6c5c49f73adddc5f08529a11ac61dc7ca4fea216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f361d1feed0bbce5ebaf7dec9f1750b7

SHA1
0ffb690dc65e5ec2445a8031c232e2fa74a83a09

SHA256
95daa71b8883faf46d0b8e29b6d7a2188a8864034c19929106e94c61c1aae22d

SHA512
f38044aaf3b0b16db4e3a8db9a09b5c6fe2ea926c049512f3d5ff928b93732b670497d1322d019a7dc8e73ed296d6af63a3e73568c49a058fe2444b54149d53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ffa71bd359e16f01caa9a37f600bdf31

SHA1
107f72d3b87927cd9ea398dfa9cd56829f8eede5

SHA256
922a891718c200012f97e0684f7b819b8b25643ebe6f97dfb8f5438394ae1f6e

SHA512
f8d951beb8d01e3a84900142f23bd6cb9de9c1900caabcda62e1d2badf1c57e241d1865fcfe6d8b7d8591ca42ba88364394f85b008a512225b2b99f6ffa45579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
7201304cd5b558a7d88a8ecdfb7279b3

SHA1
982ab3e8a34044b9e26a0b7aac5e25345d59830b

SHA256
39fc40f80334484603fc0ab0ef8d452b662e52ac0126c46936f2f039fc46142f

SHA512
b1c3c68ab44cc41dac40d301ddb7e2f909baa4dedd4b3d82c58f8b30b5d5c9658abc85cbd1ce55937a3a05c9cbcc739e05e5352e8425eb442b3a9c9281b7df36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
eb576daa4b1a341ce7d520cf84beefb9

SHA1
d58b52bd766e190384e2f42f4286597bf2921313

SHA256
e7d02f1673d079699ee76c2d871e5f8799829e85e880203940d294f19600299d

SHA512
7215c275ee498d59cfb3809907a790d2aaad97f3b7de5eb9c46f077e381cb4d7509ea75f16e4b7dd94048179688836febef5c8134cd919410449eca2bb7bff76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
1d97e1da7962d4c126145862244ca8a6

SHA1
0b538f40d218c3b4f68379bf5255b3795b9f7544

SHA256
864380ae868bd77b51ccdb779995beb4db6dc82d6430d9e0691a38235dac4f77

SHA512
d8dd5e125ebb883e549bb82ac714b723ff4c90d223662e596863de2ad927d8d553f407bebd11cfc22c6d71217dcb8e6c05c6fd9332f8f42ea6a62245bfb55fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
7c4b87cf3514be93ad21856c01380a71

SHA1
382653faa8b3ea20800aa0801097e64cd5af5cb6

SHA256
868382d27fbcad84573bd651e1c049aeb04ae2293ff4cd76f33e7c5e9d794ca4

SHA512
d57141cada4b41afef6d64f83fd19e06821c6e9554ca1953a3591de60a1aa87d3e4a4fb1ac312a90def6df61a293df74b586d0c8498d0945f1d772b8a60cd318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
8002d06395ca2b1a313f2767d6f70cea

SHA1
ea468b63080fe8c7b1eaa01441d5a5a124c3c0fb

SHA256
6ef107abd0f19b8eca51a26879324afa441636925e241ee5914befa133c93221

SHA512
42e76ccb966002cc4affec5e4b27eceb390e4afba3f0824966fd4d451d64639004d59f306f225cad1f0d622aa81c4da86991ac67df302bdfea8520381f0e38fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
7eed5e319ee636bff1ce723db3c2ea5c

SHA1
3caf03bbd4ebf357944c6fbd4a3824689b1b0d5a

SHA256
dc4caede0160e47b469e577e13c76965006a0b71d8395bff3f3e402e0c35414d

SHA512
5b0acb26f83e74bcc548b7ec09190879f8b45a106d7c865ab64850f0132ac2ad75c1aaa6bec6920ce1556bfe047344e5ada05ebb30547bb76e1583757b5e7f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579318.TMP
Filesize
538B

MD5
903be482be7df1e8f6afb6d1acf393f0

SHA1
60845f3b5fe8b4fc2d902fecaa923610142c00fe

SHA256
021a4eefb3fbf076358ecdfd82cd9d13cc7f53f7ca1755b84ca816a031c9cc95

SHA512
1da5694877943d469ba2edd7eb18fafb4283640f50623bffbfb25ee4c131365ba72cd7d6e0249457efec744f0b96ef6b15b702c6a32567b9cdb79929fe337b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2b2b5ec28903b41963f85d6e618f4aaf

SHA1
8cfdb2d5cac15461f9b264159e678a68aa049fa5

SHA256
9038aeb18b0d80ebac72acc65ba65ea61ccd379a363ade9afcc52af82b881c86

SHA512
fe1eff1966b46b6bc3b2e383ff599cbf3996434a0f6fe51cca51a90c53ebd614e2cf0599092c00234254883960b1f700574240e6c810672ebedbb4a9cdaea92c

Download Submit
\??\pipe\LOCAL\crashpad_1192_OHUFKVZCGSRMCCIO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit