kinsing | hxxps://www[.]imdb[.]com/title/tt11057302/mediaindex/?ref_=tt_mv_sm

Analysis

max time kernel
293s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.imdb.com/title/tt11057302/mediaindex/?ref_=tt_mv_sm

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
1888	msedge.exe
1888	msedge.exe
4732	identity_helper.exe
4732	identity_helper.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 4616	1888	msedge.exe	88
PID 1888 wrote to memory of 4616	1888	msedge.exe	88
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 3768	1888	msedge.exe	90
PID 1888 wrote to memory of 612	1888	msedge.exe	89
PID 1888 wrote to memory of 612	1888	msedge.exe	89
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91
PID 1888 wrote to memory of 2392	1888	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.imdb.com/title/tt11057302/mediaindex/?ref_=tt_mv_sm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe27b146f8,0x7ffe27b14708,0x7ffe27b14718
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3613929516139440653,11043905045338385603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a007f4fcb71b967e42403b08d8356d3d

SHA1
4ef50cc055be3f0d2d886a1b9300fbd6511a854a

SHA256
6977bc860dae77423981dbaa44842843ae83010313410016fb101f85d6ebd02e

SHA512
d3a5a391891c4f961d47c7e535750c2ee000574df83232e8045e687a8e0c7f0311b2cc6176bef7c441609381fd93082ec58523c25ce74ff773dd72a5744044c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
745B

MD5
f1613bac7fec1b23cd5953157098ec14

SHA1
849c701dce25b3978aafcaa53e77b1c4b35e9eac

SHA256
2e1440f8601239cc1dde818d96fe2a90f1bbf555c48c4a3b6875c1ffb7faab8f

SHA512
d8809ad3cd9b05621a1f88e02fbe84f77656d31e1a38425fb14a4046f42e8465b906c76ef8f34dad7016cd5221d755671b2c9075fec70ef5fa2437e22588e57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0031a888563c54845299405b7d6c4c05

SHA1
58f271c4685cb22c23a9a15029d0c7433300c46e

SHA256
0ee29946cdc1ea13c2c7790b2b6ad00a76f4db6f60838f3bff4f66f9e001944b

SHA512
bc889aae4e9b094de372554ae3f6296f9bd5a856c1981432b99f4fa837ae24354633fd8d09fc7aaa558b46822d75334c612f3336af0ef20830c885c0dd778bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
edc1e736414c9509e8744a6ebf711334

SHA1
78ab5632a920ca3df63b2d6955886cf048b5b504

SHA256
ad09778889b1c4f5f4bec02166e4e1fbeb203f6e4706011cb3d9524c5625e8b0

SHA512
24556a032c007e66032a7f131c536163de91618f3d87a99f27da35c4aa7789537ef27150979911f8cc711b9be711f7dca5e7191eff4cb2ca1c8072eb10f1a073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2e4c90e566ef2b7e06a26b910699d2df

SHA1
edd070824d28f30b66db62e33d7479b3d9582c93

SHA256
f0da655cf25b66292bcd92dcc060d81a84cac3a5e1e80e64fa37cefe69245a8b

SHA512
a1e6a820ef77eca5c23d6efc158abb93c1393a29364260ced1c7d0dad9463a0fc7bec7659c981d17981ed070b8512f6320cf2a7e3e156d79c5ffce2c758706ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
05fbfbba9962bfd27881564bbbe264cc

SHA1
c5d514ad16807a2872819af191ae83b2d0f26167

SHA256
253b82c3a93470eaa6ea5150c0ac53dbd1fba0f56898e68016dec83b6b02566c

SHA512
37002329276d71b21dfc8e688d64a3f7f8a2b00bc193441e628f89cba06a339e6e634a6ebee8969fa5e0b0b7bdb2dca9055ea746a4080edaddab1d5dbc7049dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
98b64d53082b218500f8532babb0cc7e

SHA1
d181192049b0558f131e426267589cd934033b0e

SHA256
1aa4e74164bfe733cd3e3ebcc66b95c15bbc1a5f8486ffafdc320f63f8ae8129

SHA512
f4e4890382a1c66c832836acbd06c6a76ef6ad4315e70253fb4fb155e9859a9f48fe373424193335093d72beab56ccab24a5a7ce5450e25672e3d966bd85615f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
71e9c8098cf69b935a3b7062eb4bf161

SHA1
f31f3c904f09e637dddf6a4cb4f343c639eb8eba

SHA256
b4ca8ff01b42bc9e3d81ec83ea4557dd26c2613198c51c14a150f2401a36908f

SHA512
3afd99062fc96d174a2dc9839ef6f07e2e1c0f7a2761bab343fbdcc2598304722f377fb10d9799ca2524af996ec9f4d8ab464dc3a27236bb64cc5f29759e9ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
108ac4d7d3b83b5305fe6fd116b3b775

SHA1
119b89111d755ccae8a13c65e27f0a7830497990

SHA256
bed01ff15f2d5834fbfeb2597768050c4c2d0923654c48f20002e4984fa810e5

SHA512
690e3e1bff39e457d58de827c0e1e9f6e1a34a219e35e2fa6fd2fa6e062cadc3dcef115d53da785597e95e7d0ae64ef15b9767cfabfe458f04897c443a32af78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
489234fea582d5926938e55969a7a3c9

SHA1
aed57d8cb89f67adfdc8104cb5fa2357bbc1cb05

SHA256
80b15540deee2c39789b0f39d5ba8ff3a201aca0874b9c211ba84b99a2cfe511

SHA512
174a08a643a3d0feeb3f3b902faa0ed545632004701d19a13baf9cfc345c3479f1d53c0b99989365e663b0b9e9fd7bf29b9905e2b6fc6c4bad39be9e7067b8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a23b.TMP

Filesize
872B

MD5
92bd435fa520c702264428bea4d49eb8

SHA1
837e99a3a2fe726941f26b697c800322e7a4649e

SHA256
51044f5748b92c0ef68f04154a337bd655762d58800b5019c651c3fa9aa600f0

SHA512
d9d4e8defa4366197b2ce8215e7dbd9908347282e36e0bb7a591129218043df913a18338d0d843ef93ba3534e616861e0ca5259472ea8acd3df0d4e01b256744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4cb064d-4cfa-41e2-83b8-56a4273ee5bb.tmp

Filesize
872B

MD5
4168cab7d21dbe1daff2647062ae264e

SHA1
6badbe3a86d5ebd417e9b61e266fcd5f1fa47fc1

SHA256
98b35577b7dc5de1649d94c83ff99303a1db9249bd391fea27e9d4fb1e5722f7

SHA512
38169e23b1d9711abc8ae87668f54db9c7562076c55ede1387ae80c2c2689385afcab02f30270e1f146cf3dfd9f0ff301ee8f42b261534cbe4f322c53df9e68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
82cc6306c87907639ec7bcf92de43ba0

SHA1
cc8b9eb23659d8f0eb43cb1cc38d2815744e8ffa

SHA256
9fee96c0cb54760109982318297144f0640cf3757be675062225e4439fce240b

SHA512
fed24090b89e3842d669c64bddbe5d729a2f2ab8f01a4c115aa5e796f8b0bed182ea8b34379586f989662b070b66face04aea1bdfcbf6cd9043f4b580956b62d

Download Submit