kinsing | 636ee30a359c26e082c2418b22220ee358efe404db799e27d981bea2b19837bf

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PE.dll
Size

1.2MB
MD5

355ed7b82bc753a4e0325451108b3ac7
SHA1

5fbf27267ccd8f1a4bb10a233daf8173a9f8c50e
SHA256

636ee30a359c26e082c2418b22220ee358efe404db799e27d981bea2b19837bf
SHA512

de153c490cefcb1347985a6a7e7a2f4e374562203e1ec15f4ed728fd106a9fb8c5d979b320949a3669546d834db83f031e54083ea6e6ba9ba3ced632f652f870
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAH1ftxmbfYQJZKaz+:7I99DEWVtQAHZmn0U

Score

10^/10

kinsing loader spyware stealer

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4072 msedge.exe
4072 msedge.exe
1484 msedge.exe
1484 msedge.exe
3924 identity_helper.exe
3924 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1484 msedge.exe
1484 msedge.exe
1484 msedge.exe
1484 msedge.exe
1484 msedge.exe
1484 msedge.exe
1484 msedge.exe
1484 msedge.exe
1484 msedge.exe

pid	process
4072	msedge.exe
4072	msedge.exe
1484	msedge.exe
1484	msedge.exe
3924	identity_helper.exe
3924	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1484 wrote to memory of 1520	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1520	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 1060	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4072	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4072	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe
PID 1484 wrote to memory of 4420	1484	msedge.exe	msedge.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PE.dll,#1
1⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90ead46f8,0x7ff90ead4708,0x7ff90ead4718
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
2⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
2⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
2⤵
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7193048067828915175,605138083934146117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
ce1288106888638d66d367806f8b702b

SHA1
d01e94cd10ca248341e8d0c52cd620c2ec430094

SHA256
faf42701f9f4cc44141f3579f48e3b9c0f9039f87ba266b0b924894469a7cb31

SHA512
7b9ee1fef74280f4d510c5a454c3d762757fe52f608dc7fef1aa7f49960f3a3902dfcf0ae2ad4a023c2d00bc2b461eecc9c24667c1dc5c449e690a267c100361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
398B

MD5
cb0c7383674974b85f5941c7df6b328e

SHA1
758872abcaf2e1d4619ec371fc8b66484b15b253

SHA256
e53de4269917e54971c4c914bd5911a6371eba46cccc8c6cdbbb890348148c9b

SHA512
0c08c41079575357a2a7d66fafd7792d4398e84080c80afcd48e10f3d47822e1ed9f943ed33bbb5acf327bba5c5ad9c4a3151fb85774948e47f41a8aa48d0195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
07330dddefe51158c5d786189325f852

SHA1
de52812dedcdd86da806cbb16e26ab0bdfea3671

SHA256
6ecf91d2ce985766e5bd007cab73177799191f71d83a6fd492163e935ca78115

SHA512
6789869a35a8b3a405da49ff23367af2cdf4130889e4f4ebcdc640e651a7adc1ec138fdbcd71199751a9844a5a9588caf8692db3e3b4b5ad3cccd31675165d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cedc833c8efcb621be5e7985ca265598

SHA1
79a4ca13938e366520f261d007e85e2eaf210597

SHA256
94ac3cc07a5d1e0ab520051d4753ed7f1d43a58d5a805d739abd96a5fafdd5f1

SHA512
5e67393119f32b98b7fccc3d8117440c981777c727e7c3e4a503fea66cf4ea23442ce1eb14b5df417e72de53c37181341bf6f85858f59d5f914c50a6156dd48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c2accab6cf9198ff18554fefc4fd73a9

SHA1
701de7d101152351701bed2d34c2ce6b818de89c

SHA256
199df1831c278c5a4a3d984ecfd4b88ea6630ebd54941913dcd3075cba3f5a2d

SHA512
c0595f0a353be0c73a5dcd3602bc4719d661738d0914d80a313ed9c695a310153f5b65b764a4088bbd09b710dc905a71c76fda7a1c5822b3b108336eb13727b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
b50f8487187e9f98ec14a6e8afbb4214

SHA1
834a31fd38c7f1f0e0f4f0b6ef51f4b670d8d7d2

SHA256
112e45659269a85da975854bee62f94864927be9e3be2229b40816144836b417

SHA512
fa670d495baf65061be74cb73081021c51a081e349bd952a0d8e20e8cc9f2df18198dab7cb19d242ecdfcfcbbe242e6c1cfc714abe5c3713233bdf536a04bb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
5fb03ad24191343878b0dd665c91be48

SHA1
d16f4516b846da8680cf6ecc4c0be32d73d1b29b

SHA256
62b742cd5893ece8ae433c5ef320ccd6ec7bb6d56f5203fc1905742910edd551

SHA512
28d1df34db8fac4f53b3a335173e8f543788322b100679634c32e1566cc6d9a3b7b99bffc14a080b9de10410386e600470d0b9a97341fe9363138c65ac05e7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c03e.TMP
Filesize
705B

MD5
9d27d2346e65196a9f72884e5a8a81ca

SHA1
5bcd07001605bcbd0746cf897db6337364648aa1

SHA256
f267f5b2b495fd15f586f8771b0463525a0a6a8ccabb75fdf6a7611d6b5e2372

SHA512
277c8f52b6f0c34fba3a63057f266493cb92a09e5bbf0858e33fa703a3931475b7e4ce6b795ae3e8ac84692473b4e0d3a06b5db0365b820da803ec4ba5207902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
d2303cc5df4996bcb9bcafa9d060aa5d

SHA1
173afa2647a57577323d51fddd3abcdebf735b27

SHA256
e998cfdd8608c5c53d0986d63ac82fa66572e5a4000a9789683ed16ca5c6f09b

SHA512
9b5a8585db23c3a6b9c4f5a5aa4ce2aaf639a9bf0baf4bc0cc98d96605cc828077f82403f707a8c15dad4824d97480a732483f27ffadeee44baf13bd558cb56d

Download Submit
\??\pipe\LOCAL\crashpad_1484_YFUESUXRZMJEFCWG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit