hxxps://na4[.]docusign[.]net/Signing/EmailStart[.]aspx?a=127caf74-c61b-49e9-b03a-1bd8a0825f8f&acct=8b0e3537-f232-4293-9c3e-2ff242051720&er=dc4330fc-5f4e-4848-904b-09179c31960e

Analysis

max time kernel
270s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://na4.docusign.net/Signing/EmailStart.aspx?a=127caf74-c61b-49e9-b03a-1bd8a0825f8f&acct=8b0e3537-f232-4293-9c3e-2ff242051720&er=dc4330fc-5f4e-4848-904b-09179c31960e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
1828	msedge.exe
1828	msedge.exe
1248	identity_helper.exe
1248	identity_helper.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 468	1828	msedge.exe	83
PID 1828 wrote to memory of 468	1828	msedge.exe	83
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 1064	1828	msedge.exe	84
PID 1828 wrote to memory of 4604	1828	msedge.exe	85
PID 1828 wrote to memory of 4604	1828	msedge.exe	85
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86
PID 1828 wrote to memory of 420	1828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=127caf74-c61b-49e9-b03a-1bd8a0825f8f&acct=8b0e3537-f232-4293-9c3e-2ff242051720&er=dc4330fc-5f4e-4848-904b-09179c31960e
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7863427796632212925,18391866698785964646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
aa6f0aca227ad5bd8b018a2a1109bc8c

SHA1
15def297752abb843efda82616d6e36ed31c6ee0

SHA256
89c5ca885ab6e55badcf9f4df93d35deec0ad0eaf5e22d4ae64947b12bfcfc29

SHA512
30cb9a2a7156efd1b744dda2f12b3187b0d7ef8cba36f18366565e71a778088b47d8ea93693ac10e22a7c158f8ed06896dd1b4f226c4d77fb1a22a68f4080979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
412B

MD5
a02e7e96239ec00b405096af6359eaec

SHA1
1c6ee63d62a015a92e3d6442cbb3d8a33c0711de

SHA256
789f9925f702339f5b7e2882518a4be877d6697ac662ff8b16e73dbb58705283

SHA512
66b50764f0a0ca9d7afa5c39a4e334919022ee62b50d0c98649c8ead09e8175fe7ca8f5ee3388e028f824f8c6c5c49f73adddc5f08529a11ac61dc7ca4fea216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eff05a05b08e054e92a6ffe58b51477c

SHA1
c6fbbab9e73e4d42c5c157fd2713f919969223fc

SHA256
f540de899d66aa6a598fbef7f54428d4b2c0873aa618ff6cdc1d31af463cd76c

SHA512
ff86ae001c1087327fdd620043c6fb4f5373000db27c230e8d592fbcd3065ebc77b989cd22aa2cce8f54ec552e280d311ef419585dbc2a69bd4f7469cabdb130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f807c4dfa9a11dfa06d1f06b7feb5e26

SHA1
edea94bb9a0840d67199b94e6e7371f124004d95

SHA256
b75d794d17dc18e1fa82e806165ce9a2c22f24235775f078d30d7268619bd1d3

SHA512
556a5b4e62af884e2401d3288c3761ef9544103a5fcd5b3863a1b493a99ea20ffedc92df3ca3fdbb56f27725f2a106789ca1972cdbc5eb971410cc3270313b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ee07ac490ad14317b0811b8c979598d2

SHA1
0e3a0fcf922688cfa21591d70550bf665e5b15b2

SHA256
f31fec022bf007e52932309924ae455c9e54d47d0ac72524b45b2f6bdcc4a1da

SHA512
4b3eee9460755a57674980e337991198990dddbe08806249266a4f1c2668fc1b97cf9b694661459f44c80f6005e2b61342f2be32883f47e2e78a0608425648a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
803173d9af737968471dd88cb71f3a8f

SHA1
ad2a371744aa903e656d69d1bc0f04f532117944

SHA256
a7528d9e7360fdf498f4a916fec44eb8e2cb2384580de2031dafa9b36918495c

SHA512
10e00bd953b1b2d991ef01dc9f4e0100245707dabb1c22d194b13c531f5113eecdb388d4ea6a48abad9c7ad8effb86ac8342c1ab888e47a3c832726e5f62fb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
30b0ecaadb72ffe3ae3a60c020563aac

SHA1
b67b4bb82ce204e0ae34d370bbbebe9fb022c9df

SHA256
f35c6ae45ab2e359cabd22c83189f214610e2cb8f58dcee12f7ab8169a1a131a

SHA512
b5985e0caa542e51dcae439ec9883f81229b9def49d16d52050c7a935c26944685ff5ae057afd910170e8827c36edf1ae66b7b421cbf4e18bd32e9e5efe79a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
81ac511114162be8c4c0ea12b809ee29

SHA1
bb69d1b634aa193b336d0cedcc34a7598c02eb5c

SHA256
00b466bcb0f48ac018fad02817f76c5f8fa16dd7456b1763770211b0b5b7c493

SHA512
3eae795d869ff25e6d2a90fc0376c390169b10ea7b2f5fc52d4ef4071b30d3ac6b6b2f175d1e6ceab6415284508ef1a1a75b4ebca17475311f850f5ba3238e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
14b833095ec292cdf8b3aa699c42ac74

SHA1
8d130978ceee8ea01b30c9b07f4a1ab766ff6f71

SHA256
f0b653d11c6de0904d728cc1f001d8952d27c149e7b97c023f69eea172b8b4aa

SHA512
2bd0187332a62ec9579f0c75e2b644c9675bce29fea013d3d13830566d3a44f35784851facbb40343bf1f582c181bbc6e94ef9d89f9980d376236daa2e3bfd9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
fca0ead61ddae864aeea642d18e6d44a

SHA1
1a6cac98b0181ad76b47cad2a8728eb919c9f204

SHA256
496c4cb9df1969198fe39c1da8caef0db0fe47ac445ab64220985e815257a141

SHA512
41284cf8248b05dcbbbab4a320b132cd1214b7efa05435d981289012a3da22e5a7f8771e451d03f8da4981ef75094a907fe6977bce8384c6ed398d11052db593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5db28fe034706c89b2a3973782c1a9ef

SHA1
e1d746bcf87d75e8678628d63dfb4701901fba83

SHA256
9cf8cf54b1dc9e260af8eba28752361ed04b64ec8a959f683c36ab164f8b6b06

SHA512
2dcfa7ab9d422cbc3f78146a3a53a2afdd73b0af0da54e1b432204f7e9846cb8bf3d86030358fe9aec80782d901070f649940745aa3b6a816ef99db78e53caaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
7b7d932a3115e2a271bc47cbe79faf06

SHA1
fd0597bf232f4221776d18d00e2c273ad1f38a3e

SHA256
67a1ef25911189e423f702ae1076214742370745929b8fba2775501d70eb53ad

SHA512
d78b41d403139fdb3ae33dd45b8b25b23abd482110bb67068a703ab50b7dab5bf46cd79581841134416cc8b0fa7ebe01f12a7a2e4a2d67e389fa63366d626c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b2e5.TMP

Filesize
538B

MD5
89ca10eab9d0d08fdb3c1aa6a764dfdf

SHA1
46c42f7f0fe9e0bb7515f73de52b9e833df10c06

SHA256
a1d4d34606b47ce109694637bf2101c72ce0a23fc773fd645d802338fbc5262e

SHA512
0950d044e916138bf9650ca1ea4bd69f1e2e1d3f2d649dd3479bc3e0ea95d67c39b7dea58fe90e888be629422d0d639ddba07e69840d358458b6d2774b47cf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b5dfc4a49671b64bb9a17f8dc064e00

SHA1
a98d9c80f7bb3f2d8769ea6c7a801b80bb3a1de6

SHA256
343f2120b361cbc54ea0374f0c48e651aacec326620c713b1c5cc771e044f68f

SHA512
d5d8c5f5cfb231a734b3331eb2de8068900ea996ae85ee534ef916af21d8f3972ffcc3f9737adaabc872a9e639084fd2bd4719101c2c021f451988a4daba7fc2

Download Submit