kinsing | hxxps://notifications[.]google[.]com/g/p/ANiao5o9MV5kZkNEgw12IoLfP85HvXVDENCIFOP8MaFjyh5ioJX7x1PPGhHwzGw4KOCRW-L2fso_8cqk9KR1Na07dYb6MKFu8bxXJRY7qCxklcQyVamCnxlwBzlIK6NqjSEsCh9Qb3dQDDfGoen093nTBM6nh_6JrsEcs-SyvbrNDS4DBMQlKsJODitKenysMvge98WUrXA0E_g8407ifEGplRNmQ4vjCk4kCLAf3btPIsrQ6JUOoutvhkg0C7vTLTF-3LffJu7HYk06E_A6JN5qhiP9xOSv1OtZDCvpy_-XAi0lY5iiKopDJhT0cb7qghRJOkzm9Xcb7qo-oI42aNCh_03hrp8IzqDZlLDjR4k

Resubmissions

25-01-2024 15:35

240125-s1dz9sagcl 10

25-01-2024 15:23

240125-sskg3safcn 1

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://notifications.google.com/g/p/ANiao5o9MV5kZkNEgw12IoLfP85HvXVDENCIFOP8MaFjyh5ioJX7x1PPGhHwzGw4KOCRW-L2fso_8cqk9KR1Na07dYb6MKFu8bxXJRY7qCxklcQyVamCnxlwBzlIK6NqjSEsCh9Qb3dQDDfGoen093nTBM6nh_6JrsEcs-SyvbrNDS4DBMQlKsJODitKenysMvge98WUrXA0E_g8407ifEGplRNmQ4vjCk4kCLAf3btPIsrQ6JUOoutvhkg0C7vTLTF-3LffJu7HYk06E_A6JN5qhiP9xOSv1OtZDCvpy_-XAi0lY5iiKopDJhT0cb7qghRJOkzm9Xcb7qo-oI42aNCh_03hrp8IzqDZlLDjR4k

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2692	msedge.exe
2692	msedge.exe
2364	msedge.exe
2364	msedge.exe
3356	identity_helper.exe
3356	identity_helper.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2364 msedge.exe
2364 msedge.exe
2364 msedge.exe
2364 msedge.exe
2364 msedge.exe
2364 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2364 wrote to memory of 4508	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4508	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 4972	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 2692	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 2692	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe
PID 2364 wrote to memory of 3776	2364	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://notifications.google.com/g/p/ANiao5o9MV5kZkNEgw12IoLfP85HvXVDENCIFOP8MaFjyh5ioJX7x1PPGhHwzGw4KOCRW-L2fso_8cqk9KR1Na07dYb6MKFu8bxXJRY7qCxklcQyVamCnxlwBzlIK6NqjSEsCh9Qb3dQDDfGoen093nTBM6nh_6JrsEcs-SyvbrNDS4DBMQlKsJODitKenysMvge98WUrXA0E_g8407ifEGplRNmQ4vjCk4kCLAf3btPIsrQ6JUOoutvhkg0C7vTLTF-3LffJu7HYk06E_A6JN5qhiP9xOSv1OtZDCvpy_-XAi0lY5iiKopDJhT0cb7qghRJOkzm9Xcb7qo-oI42aNCh_03hrp8IzqDZlLDjR4k
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa98a146f8,0x7ffa98a14708,0x7ffa98a14718
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15008058305923805468,17776316984495586962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
9f5f94f0a19a4781767419848b949fb6

SHA1
66f5a06bca02a1d33f2612c9c81ceedfbd99cda2

SHA256
c3db1c21d478764d3ba1f2e4b4905a5528b46618064366ed0efedbd5475aaea7

SHA512
399e0c90d507548e0fe147bdb363a985d1d9157bc43d009713ffd11a65eb8fb086de565937441e6e08f68617143f8bd821c688f21a5bf00e9f4b8167d8e54430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
2d0a4598e6cae2474d1960af6e8faebd

SHA1
f00574b0e538503645736521ddbc8d68bc68a202

SHA256
d3800c899caf7c89c77484eea6f40c85f9142a21f7948da107dc61328226207f

SHA512
2c8cba1c080eae82e4d55ddaa50ff4880cea035df54e099f77087ec93c1c565c9f90fcc1851a52cedf5121be1e08cc3fc9c4965ef548d42d25cd011c78ec4005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
41876e7f879a0e8b1b63c39cae343db0

SHA1
77405751a941bbec7f62a1d75007b3c89bdae741

SHA256
51993a49e6d49ed0ed2532096564cdee558f72d80602184f181530c1074a4a68

SHA512
e559b300b86e11a51c12d4d29cc3e07deb20773d97bb6b1504c4f91ef7cd3d7d94a68e2ed8fa7c44c53c76d664317187d82367afdf4b988eb2b0daca3eeabe15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4813c115c7f794187a50d13400096c16

SHA1
a0f8e24ac20506c227669e6b343e732bf8067093

SHA256
4efc0e06462b8456d80fe75bacf573eee8a489200c5a981e2048286ab4e4d271

SHA512
53d83324ea2e8b046410698fb38d2f3640aa6d46280b2c5e2f2035052c2d7afd684b57ef7389432d644e1041d2f6cf5b195d9af9782f6b74f3e52bbee43cdbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d669cbe343f0d35505440c7bfcedcd01

SHA1
1ea6dd5f982e5a9fd7c53e72a3575df0056e0481

SHA256
db953e7677b40884ca12bf944d2dc44da3563105b77934805e3992666f053566

SHA512
e1f2ed3f7d2cb456bd35a2a56662eb7e5f10df5f0327e017b3fcb648973e5c0ee8329fa4da2a9052a5ab58d6989e52aade913048d4dfbecda05c8d2ac2b024fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
f55398be504399dbee58fa556ad62552

SHA1
1958e2ec485a1d0e178cdac812873c0f30974956

SHA256
6aef99d1baad075918edfc0e0f028520591d0f5938f833ff3e649cb3fb799659

SHA512
9bba4e48a97fe65c38bbd58d11f4fcb920b029bf80140312f2872920796a92b283d528cec973d75e519531c6b66915634a99871ac0096635424c355af8716d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5895c3.TMP
Filesize
203B

MD5
9b8ef25b366d52e5a0f1d0650a8d53de

SHA1
0372204e273ee1b4d317c8b27dffb872e1607447

SHA256
ad73767f0171f98d9d9f8746f416212dc621bda3fc9bf8c29c87ac3b23ceb458

SHA512
7b2f12b38b1e0101b4dbaf7ab6e5e7dcfa29cf2cf389f331fa3b79b3fba4d21ce9ea55639f7c0f64cb42a56d6f230f1c750a039317e6284e6aec66c69460b926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8a666ee5c4b3537422aa80e5fef5021c

SHA1
1e64860092aece3ecd3512825735e9119fa401b0

SHA256
92a33c4ccfd25143f55e5a0c5d96cdf0208e1c7ad3d425c04bb1852b0b232fb1

SHA512
e11e7594be576c283d6b8e5d541f7f3e89eca695e2659d169706fd9724d3c77c1ba63416d6078a9d73243f3ec77dd5c438a81f3840c342e015f85b7ceac51a00

Download Submit
\??\pipe\LOCAL\crashpad_2364_JDVOSMFHTHUBKNAJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit