kinsing | hxxp://lockbaudcom9197[.]t[.]honeycrmapp[.]net/ls/click?upn=M2XeYEfkXRWw8oJRd8TIW-2B34hFb5-2FOyDNMVcx4GVhZ14IcVkkrs1DB6CbXf7ODyzB53-2BYEJWhuR9bPVxNnPddP0aYsywfLMMYYDHddubCDXtau1qJtyjTgtZLWC3GNhGrsURCTyRoGe6s1iP-2BFoP8CJuzG7pNR1xVxXbDk66ANg-3DEZ6X_hrZsr5X79KPP0jiPCcbxnrNQQTtp15e6D7CgQLrW7IGP-2FSTc5JREgvZ-2BeoO0iI-2F0A9ttK3d-2Bely-2FwkX0r9dV0c1mJ-2Fs8faWsVJeKWxSxO3Dj-2Bh-2BB8vXJ0dRYgNuqy6l-2BGpG9E5JybDmO-2Fyc1-2F2wJP4ESppj-2BjEjDg9c6NFx3xeI3W1XSdlv-2Fxu-2F7SoWMy2-2Bts2EqDpq1XPY0-2FcKZaSqJwhF02fCnHR0vunGtTGY8ZOJ-2F1m4Ubay1URlF4-2BmMh-2FsJYmq1D7BeFRwrYOZAzgyTPT0dCdGApg9tUndNYaTuWMU-3D

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lockbaudcom9197.t.honeycrmapp.net/ls/click?upn=M2XeYEfkXRWw8oJRd8TIW-2B34hFb5-2FOyDNMVcx4GVhZ14IcVkkrs1DB6CbXf7ODyzB53-2BYEJWhuR9bPVxNnPddP0aYsywfLMMYYDHddubCDXtau1qJtyjTgtZLWC3GNhGrsURCTyRoGe6s1iP-2BFoP8CJuzG7pNR1xVxXbDk66ANg-3DEZ6X_hrZsr5X79KPP0jiPCcbxnrNQQTtp15e6D7CgQLrW7IGP-2FSTc5JREgvZ-2BeoO0iI-2F0A9ttK3d-2Bely-2FwkX0r9dV0c1mJ-2Fs8faWsVJeKWxSxO3Dj-2Bh-2BB8vXJ0dRYgNuqy6l-2BGpG9E5JybDmO-2Fyc1-2F2wJP4ESppj-2BjEjDg9c6NFx3xeI3W1XSdlv-2Fxu-2F7SoWMy2-2Bts2EqDpq1XPY0-2FcKZaSqJwhF02fCnHR0vunGtTGY8ZOJ-2F1m4Ubay1URlF4-2BmMh-2FsJYmq1D7BeFRwrYOZAzgyTPT0dCdGApg9tUndNYaTuWMU-3D

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1680	msedge.exe
1680	msedge.exe
1896	msedge.exe
1896	msedge.exe
960	identity_helper.exe
960	identity_helper.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1896 wrote to memory of 3912	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3912	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2064	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 1680	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 1680	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2900	1896	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lockbaudcom9197.t.honeycrmapp.net/ls/click?upn=M2XeYEfkXRWw8oJRd8TIW-2B34hFb5-2FOyDNMVcx4GVhZ14IcVkkrs1DB6CbXf7ODyzB53-2BYEJWhuR9bPVxNnPddP0aYsywfLMMYYDHddubCDXtau1qJtyjTgtZLWC3GNhGrsURCTyRoGe6s1iP-2BFoP8CJuzG7pNR1xVxXbDk66ANg-3DEZ6X_hrZsr5X79KPP0jiPCcbxnrNQQTtp15e6D7CgQLrW7IGP-2FSTc5JREgvZ-2BeoO0iI-2F0A9ttK3d-2Bely-2FwkX0r9dV0c1mJ-2Fs8faWsVJeKWxSxO3Dj-2Bh-2BB8vXJ0dRYgNuqy6l-2BGpG9E5JybDmO-2Fyc1-2F2wJP4ESppj-2BjEjDg9c6NFx3xeI3W1XSdlv-2Fxu-2F7SoWMy2-2Bts2EqDpq1XPY0-2FcKZaSqJwhF02fCnHR0vunGtTGY8ZOJ-2F1m4Ubay1URlF4-2BmMh-2FsJYmq1D7BeFRwrYOZAzgyTPT0dCdGApg9tUndNYaTuWMU-3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfbb346f8,0x7ffcfbb34708,0x7ffcfbb34718
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
2⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8948946840716012574,18353554687126787566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
2ca374ee9feb50bee255c1fa0ce93591

SHA1
c0d9a9f07ca8bbcb34ca7c49d4329df76b07dc43

SHA256
b07f49dd3ae8af6397f0ec3839815b36c492f15e287e940ba66b128a6d60adb7

SHA512
b79584a13eb4c113fcabc8537c38f38f06bd1c220c9aed3cbe4feb58ebe98863439fbb09c10fb6d93106e9cf11d55b2fd368e11640444a142ff8f305e3160de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
cce74c25dc02aa8f7bd261e9d9630a85

SHA1
77c13879692073645df869d844f817884d801a3f

SHA256
e96eb1fd6c35ea7dc05084875964494a45fc121939e6f77be4c779e1333f9f8e

SHA512
8ca1cbc03d9d52cc1f98fd90e1b1e57af99464af6a20649d2f5fce96a58834832713fa381f22e5382ed84de42ece4e871bb42c3ffa0fa09b70dacdfcdb88224e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
718cffbc125d76f6ee51d802bcbf53a2

SHA1
e4a0ccf5e90a7306badb3dab7a7349aa779931a9

SHA256
3d81e2a3c3f99fe2fc5d58110d090621d0efe0127f571466b560342e3c7620c1

SHA512
bfbac79ce4ed95032a7b7ea0441cfc0e0fbc8f58b01ecc0c96572f8733d191e7991ba084ec34c974f3f5ff49b2f2081380179770d40bfa7acc0cc4bdc47cf1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
acacc6fd0c20b722a0758124bd0ffab2

SHA1
7b4833e5fd696377cce167d10022b127cd60c9d2

SHA256
feaa70812bc8555a3667f7a6ee5a710bfebaa2e96e59df8579d45ff6ac56cfff

SHA512
c8630059377f2f4a12272b17418ba4b9383ff108a579c7f312f110db4d37089ae0a6ba3e10d10a788ffad8ba7119a29c224f57e3e88acdc6a24bd5097e66a7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0978dc1f10a5c5b7d305cbe86501a0b6

SHA1
ce31ad856234f4ee91dc4950f4a0c9fcafcb6baf

SHA256
fef9aab1f8211e80e4742355882bc1b32f95937816772b7e396e4c87e7ab4917

SHA512
a0de6c6776cd35cede36a1ec85bfa7730dfc9adc38ffbef7ea0e269a0170cd44260ee035dd0447438cddc29a5d9d08c654ee7dd69f43804e96f019df18f99795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
3a2e6e3301212e25f744374eef932e1c

SHA1
b248f9d9e72eb6b15985794692dbdd8090e6355a

SHA256
40020ea5faa5091eec49aa2ad4e940da782cbbef738eaab7e0fcb466bf148dfd

SHA512
b528498d23c15ac2aa02ce6fd7e45b27e2b189f8c80c8a07681af228e1ebba19232e6d81f08a9b10f273be08ce5948517efb05c681a5aaca21512ad65d36635b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fbd5.TMP
Filesize
1KB

MD5
f306910b62c6d52d74c3859c0dc013c8

SHA1
36d3b21bfdfcd5bccbaa6503d09eeade75209308

SHA256
22d4cf9addaeb58053d94f027fc6d83ef4d3b902bc965c6b1b8ae2bb85d0c1e2

SHA512
419294f3a7a00e998fee611f556c14955596484fe1ee96de6c4b12f28f433d2c50098f6731c2d303291e7d22d0bc9f1891620bf292de2d0a4bb3516143a91796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
e1f61d3bbcff7cf5ef4d7f924e329e01

SHA1
b3a932c9f435d8fc3f35b5c30342586dbb16ff30

SHA256
6ef43070db085e477522ead8070f0613c3156ce6fbbe0259572d7d26ee7da165

SHA512
a2531c70a1772b4d6e390df06a88c52e892c1329914a6a5d51616714f1a004bbe32419e8e0aeb3600bbd93bf3020581b89707c5c23831185350c69bc84ac0b07

Download Submit
\??\pipe\LOCAL\crashpad_1896_NGYSPCPCWECUGAHF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit