hxxps://venmo[.]com/signup/start?nr=1&invite_id=662698b8929bb5b37934dcce&email=noreply13%40dsadsa664[.]onmicrosoft[.]com&utm_medium=email&utm_source=pnu

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://venmo.com/signup/start?nr=1&invite_id=662698b8929bb5b37934dcce&email=noreply13%40dsadsa664.onmicrosoft.com&utm_medium=email&utm_source=pnu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4512	msedge.exe
4512	msedge.exe
4712	msedge.exe
4712	msedge.exe
5092	identity_helper.exe
5092	identity_helper.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4712 msedge.exe
4712 msedge.exe
4712 msedge.exe
4712 msedge.exe
4712 msedge.exe
4712 msedge.exe
4712 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4712 wrote to memory of 4500	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 4500	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 2140	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 4512	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 4512	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3280	4712	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://venmo.com/signup/start?nr=1&invite_id=662698b8929bb5b37934dcce&email=noreply13%40dsadsa664.onmicrosoft.com&utm_medium=email&utm_source=pnu
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
2⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17375994284475618007,18267282724072597967,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3040 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
655f98b215fe3c2f54430dcf5971e5dc

SHA1
9d1b61658ee8c6bdd21b5351d504f247bb220e35

SHA256
db225bb35dbec3b716de2bd741e5dccdcde4d901818bcc3035d711873b369960

SHA512
723a7b3d92f8965d586d14342dfaa0b493af126d2f252dcccc2e2cce1f44c3894d0c3607dc1c3bee036ebda071dbfd622478ed12f8214926d3fbf432d1cac07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b1f7c80bd73d89b9b9553fc21cc00b07

SHA1
eaf5fc200d12be2a7c2f42a58d8f404690267b40

SHA256
944822c192730bd20639d260fd41168d9925f7964254df1eee34f78e0b0d7fa5

SHA512
ae02c8b4c4cf82cd67192e3a090f0021837a44a8a04e728a6365ee3b4d4a738a677d59712ba401c8c9dd8dc4d19d07e14a02d9afdf30d6042ea9337a3cace6d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b79f79f12a7b013249fa73d8d008d51c

SHA1
79d06c1d1d1baeb18e1bf72f817b914f87067408

SHA256
14d93423208494164c37d6e6026f2acd155d79c586c4f2f06f3a4041e7f44e65

SHA512
330dc0ff5d7b277d8642ca610ba7a564791da1e5c8328964b2af500c004ad50b74b89c93240ec245464332c0ceee3f15d58317c9929226b044ba13e16417dfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c5b56cb9a0af2b8823e4b95376bfd2ae

SHA1
29418abb81bd54ecffc65f9b97bea7e59dd9fe0f

SHA256
6f09d6feda178140074db59cd362bcbf6460a96c8c417132cfeeb554244b747e

SHA512
b02db0860b19f0d4a9757983fd888f4437919a1aa28d6f8989d68dd957c4f7668bf0c1d2c5735d3b575a135405a12aa926a8742503dbc48deb0d2c875417103b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4224d7125b0394efd4db9c3b3620e246

SHA1
a131f3035ff65dc14b5226b5ee7a322d8b150c10

SHA256
f2130e618134777788c94675ee6e6a289bee260fc79f499d376a83e9995dc74f

SHA512
155500cf47dc0676053fa352df1d87334420f1c7778cfe85831f8f2dcaf3068a25f969a24633fd00bb0d510ddefa1e367ebfed0ff6350495762ffe1e94922c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e6d4cf01d645dac9681a49cc55c1dfed

SHA1
a61966db5f07e3a6532321d61dad8096d0e35cea

SHA256
043e6e776a0c960498d8bc246767650778af1303bcc1c28acb62e66be3461645

SHA512
24a6b2372fb378a1aeda3f4e3ce8fedf826a11ec0f213f5a24c5e8d4a3a82a92c20d74e6bd3a250906f8d81eb1ea5a26c8c151c202ce2eed813725fed64f1062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
fe41bf7224ff7392532af8c9be42658d

SHA1
c4c96de9785569c97ebbebf294d837b895a4c69e

SHA256
39a6f7e6dec6d9283fe3cd5c88c55a1718d2444972605000245e854ff7d015ca

SHA512
a42d88029f50216bed07e0434cd9d9b3cc5fca6e7746a7f7056497f02a0daec9defe8fc946b94c40d702bb3ec589df26b55a44d5173e671ab1ee2e9d35bfad88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0d5c9a63d28ae931314b9d70f3441834

SHA1
a394afcc6b9f625719c27519e816a2b55ba65ad5

SHA256
dd80ac5998671833609bd96a377fcef7919c6ca58fe928fd0e3c310ef8b3bef2

SHA512
ce30948c2c4631eb2816e00b00f43c8bad4133ff99c07bfa7a5ca0a9562097daad6ab25d10cb7b2a62937a1a2765813c15725b3245c5e31f24288b1655e23b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a901.TMP
Filesize
1KB

MD5
a85d2b6e3b5da2a933fda60edcee651d

SHA1
2ff76eea8a659ca7ba52e80ce212980c0e2d5544

SHA256
a4715545ca77aaf748f037b4f009cd8cb232e12f615f994d459d3a5cbe32b9f2

SHA512
db9b8a6c2ff796d2d2c5b2c19ef3c6f896d3c77917fbf6fbb5fb6926a441f858d7f9b98f99aafa01854431adfc97a343ca1a2ff83156c23e61c0e68ea5db5e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
664beb63f3c52fbe22e4493e21eb7563

SHA1
414fc86a5cb562e09c555c1c9609b0dcc467df3b

SHA256
a40c51f48af00718b5075a3819035aaa556c4fd297a50b40cf0592c3828113cf

SHA512
63d65bf6e8539690803c2ab0a54ed423dc303b9652c8be59f4b08e6838f68c69a364efc9c3a8c133f8c6fed6835cd1745aaa999f887537642fde4a5847efdd77

Download Submit
\??\pipe\LOCAL\crashpad_4712_OLYBFZLVYBAPDTHP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit