kinsing | hxxps://go[.]dalton-education[.]com/e/837113/daltoneducation-/5vxd7q/1877599094/h/ytHbZUmmv99IAThqeKTBJJ9HZ-fXu7-WLctkJhVQcls

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.dalton-education.com/e/837113/daltoneducation-/5vxd7q/1877599094/h/ytHbZUmmv99IAThqeKTBJJ9HZ-fXu7-WLctkJhVQcls

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1364	msedge.exe
1364	msedge.exe
3016	msedge.exe
3016	msedge.exe
1288	identity_helper.exe
1288	identity_helper.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3016 wrote to memory of 3208	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 3208	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4404	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 1364	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 1364	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4316	3016	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.dalton-education.com/e/837113/daltoneducation-/5vxd7q/1877599094/h/ytHbZUmmv99IAThqeKTBJJ9HZ-fXu7-WLctkJhVQcls
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcffeb46f8,0x7ffcffeb4708,0x7ffcffeb4718
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
2⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
2⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\614bb7a3-9dcb-41fa-a40f-b17d28298dae.tmp
Filesize
372B

MD5
914bb98463b678419a44c709528a9601

SHA1
11d480cbdc390e7ec7c6df0f2152179c9e777001

SHA256
9074a001ffbae4772cbf1ea99aead6762e446b9dd687be7a92bcc3ae5b6d7128

SHA512
8443f3857ec33ac8a9b87d63af64e90b59ae1c22832200b04de178e27a9cf8605ec4d94ff4e8a28b447e2806eadb164b6930f6128f2e7d1b9d22de8cda7845fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
f1e7bd121f8f34477a89ec93f9c5b786

SHA1
ee82bd05c52f1ea3888c47338740c63b6c0f902e

SHA256
a2e5a8231a51c35f17873c30165058ecdffd60aa9bb8977c6ef96d6a510b3386

SHA512
0f55961d4d9d6578fb30c226fb066a5190e5f1188b6ae8b57c945bc98c195489df5ecd78ab2de242cf15012f0075aa59e24731a15b44acd6dc3b817fbf0347d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
340B

MD5
c32f166681915b30f1b1d518bbdbba25

SHA1
aa5c4573ef1cb73c22c79d341eae6bb1384312e1

SHA256
2ec2a8444c50ccc54454d9216d6bc20259eded16f17bc789b8a12c7f1538fa61

SHA512
762a5d9776a4e7f08356eff9ca74ebfd2b3499438766c58fe9f9c85fa77a6159c81e96164590c608b71b7f694a93dadb844adf8ebd7eacbde1c44fd0b2383b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2ec57756ad2fb7b0fe3d189d138cf0f4

SHA1
c5aa011515e15833608bfa0af0cdd3b15c6cb598

SHA256
c62ee85434eb91c88a77ba0a9e24953e896a4fee123a6f2e4c119ddf90756c8e

SHA512
93bd60252d3a970853a1243e710bbe4ef3f6c3e916ac393b1b1d156d01333987bd9f377c55b9ba047ca9d42bfc48d48b7d65f3574980444d5d0ba99f571b6460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
19219c79923b8bef1298d80c71d3800d

SHA1
98a9e05a148567ae024450cbb0a702d30f0016fb

SHA256
d08bbe43c882679f5a21e70688519a16d5861811b9ac2b7d69e0185796855659

SHA512
10bde1b712f29d619da9096a13bb03dd9934fb7a0ae2080140df69e03b11618abda8a4718ecb25993d0e1ea7bca41441924835f3075463189c56ea9e9c824865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
e6918c06b2014025476a69f497b5bbc1

SHA1
a219220bc6ea55be7d3e56d43f92699c02443727

SHA256
7e8ae2713c61db369aa91bc1f9ec07ec91bd4d2fa9749b3d2e910335ca306885

SHA512
d628036cf1899bd6a62634eb96cc5cfa4fa339ae31e8a3db6fe7e6ca42bd73f9bf4d09ee4336b31b23e14682b1799f5a3bf6c7ab2e5ff0947a063ef2aa5f7120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f964.TMP
Filesize
372B

MD5
e614bae32970cf1ea6ad64f796ed3c83

SHA1
92ebb1a4c6adb50ae94effad4be07100679fb668

SHA256
b2714eaeb69d1d47b22ae750ca984148833c8db3e3e84fe637d32acebca5481d

SHA512
e56a433f5a7e21434ea5b7daa54aa1db58aea059126b9586335b2d5a323b6b0ebb7432b57df76224fe5b5a566824516376ecee7486381adb6b0fb1fa9c0f71f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
b69c7094dfe46601bc636de2f1b53821

SHA1
15b610bef53423c0944a65fb94c8d1100dba8a3c

SHA256
85a2bffa114827efef8b4418714c5fef981e946d11b692c1328db6c0397458f8

SHA512
1adc1af8a197d898936366a1921bf8ed9ab5aa23ee15646b333aefa4c5fb240f97826c5c97e2430a44b00f02a95974055c3fc820a59c72c5853e9087ba9946a2

Download Submit
\??\pipe\LOCAL\crashpad_3016_AXYNHJHWOMMZVKCZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit