kinsing | hxxps://mcas-proxyweb[.]mcas[.]ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Furldefense[.]com[.]mcas[.]ms%2Fv3%2F__https%3A%2F1filesharingxls[.]com__%3B!!JkUDQA!OG4OKdsLCaVRSkhZ0C0ZYoQxDPpWtyVk1l1ybpM863zA4nyulnidoOcqX3cPpNuumqtyzwemoWAfYAIf1BpJias%24%3FMcasTsid%3D20893&McasCSRF=6fec532f0fdb2182b24c12148de033845d39190ccf7e0f9dfc8d712a58971e90

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Furldefense.com.mcas.ms%2Fv3%2F__https%3A%2F1filesharingxls.com__%3B!!JkUDQA!OG4OKdsLCaVRSkhZ0C0ZYoQxDPpWtyVk1l1ybpM863zA4nyulnidoOcqX3cPpNuumqtyzwemoWAfYAIf1BpJias%24%3FMcasTsid%3D20893&McasCSRF=6fec532f0fdb2182b24c12148de033845d39190ccf7e0f9dfc8d712a58971e90

Score

10^/10

kinsing microsoft loader phishing

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4060	msedge.exe
4060	msedge.exe
3592	msedge.exe
3592	msedge.exe
916	identity_helper.exe
916	identity_helper.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3592 wrote to memory of 4724	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4724	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2076	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4060	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4060	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4912	3592	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Furldefense.com.mcas.ms%2Fv3%2F__https%3A%2F1filesharingxls.com__%3B!!JkUDQA!OG4OKdsLCaVRSkhZ0C0ZYoQxDPpWtyVk1l1ybpM863zA4nyulnidoOcqX3cPpNuumqtyzwemoWAfYAIf1BpJias%24%3FMcasTsid%3D20893&McasCSRF=6fec532f0fdb2182b24c12148de033845d39190ccf7e0f9dfc8d712a58971e90
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd092746f8,0x7ffd09274708,0x7ffd09274718
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
2⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1693847286279029112,11570924632183521902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
a732554bfa3ddf2ae39fa78f1fa5f7c0

SHA1
45d7788a2e497499b1ac25b09ec0aa56d4591e6d

SHA256
a5fabdd3d93998e1f5fb1338aa56188b06d087ab55813764a1736ac02ee44389

SHA512
9e9bc9d7ab2304425aab9dbc105f793ec8f454018b445ef6457961af146d0a51744d524d7ca32ed3dec6226803d52f300753ff2d84892b22bd7de16e3cd6a50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
343B

MD5
5082ed7eefcf781d664296903c780300

SHA1
847576ac061ec8a08621e77d658df3dab1d3ef26

SHA256
daa3e33e6e37402cb4775b6b40f6148a7373108a89ae5b2b21ee711e4dc93a8c

SHA512
f00b6a50bf10358672e22133bdc902ac6aef6e28a2a101dce9c0f61f3b672443b2bc077701f9966cebe2a71175116794939347ac32ade7aa2862415b35bb0e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7a70f29e8ef34ffbbfd3e2bf59c457be

SHA1
55ee4c21f0f5a6e23c4b48bb57e82d1ef19e7771

SHA256
5c3e1d8edbe9aa4f6ecb2ade4ee264f7b19c66eefa7e4f0dc35f9577e612c7fc

SHA512
6fdf9ce10d4599b71e8f07bbad68909398e1f84d1425119b6a99ebad130683644b9e4297d767155da0b5babf06a5d6b2cbac6fb9b57ba29a77ec2bf3295f31a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
51cfe76257380021ca159406a8bb0e35

SHA1
488cba76b859dcee5ba7e86c97fc83725bfdb604

SHA256
af380ec119b1bd872db2dd4cc9cbfb52420347b19340529c22179f831beb5f65

SHA512
a56148b55e8f102bdf9edced4282c3c359a4205a6984d3b2518cb4a0c09eb5353b70ae20ec1c6176fe749e13a9321896ba05b8421c444e23f37ff61aaa823ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d42898c2bec088502f8ec23c14bc3b0b

SHA1
7cf8efa1538c025135a066c7a1a92b7781ead34a

SHA256
de39bbe6540822fd0cd75974840403a0a88b036cb13bea0be9651b0959e6890a

SHA512
a38094aef3b40b66a19bc7d6c4d9e407f7e8c1ca0ff2c9efca4b506a2642e3e05b7d26d408ebf606df2cd43f364641623e2f573922f5028b2850e53ada2be157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
74eebbacd686c44e68a2c0ac6df5069a

SHA1
327cd3ffaa10c629af971d6976e4027baab16e13

SHA256
ddf529db1d84a0d1c83b1916fee5b4277dcc1d2cfda830e371b275edfe875bc0

SHA512
709b4759819774a1f9bd76024d04c4d60ce80c0be0a99414e0581a640f0c5a47fbfc3358692e7a1bb9b2a3de17fd94753f55726e71488b5ec956ca37f2e1a9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
2c289d9c367ae091a0f2aaabf8c5cc68

SHA1
72b04e51f827d50ecccb5748c8336253601b42cc

SHA256
89ef7bdfe4b4e5fa3909d53eb324cb2188dad27301d64f981a736d57e8a8f550

SHA512
e5331b8b3758d5ccb1211e5afb14160279318236d9afc713cf91b97f087554441f34e7edeeec1c4e0fd8c16a1a3e199f14551843d14bf50f29cc8c39c8710db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594ced.TMP
Filesize
204B

MD5
9b51e4c9fd2efffeda75efb20464b8bc

SHA1
427224a3af113c11882bfbe860428437553751b7

SHA256
417f9fe8a91bb464aa46625fd23ee625af2b1fd0c19cb1f2cac70e3aafaef453

SHA512
54e864d9bb3ac642d4281c0e81cef9fb08f266afe8c12bc5fbf3bd1dd3cfed591d164601671bfd0e728270fd2d2761532ae5584a331fa7a34fdf26bb9bd40790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
9fee39383585ff2cfbe5efdc84cefda9

SHA1
a0975578094735a31be9bb2c52115a7a4c2e6244

SHA256
7e6028d2dc108ed2befd86397ace9e7da11bb291c33ca32903acf2a55bd4dc36

SHA512
bce25fc2acc5876b1846569d01da83e4cde836843a08ab527869dc9cd938f793a9f2fb4b521f01dab3cf207fe542f8f9cece56e62253285961fd9f815447f5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7ac8f32034f0b2d138f5187d9ebe79fb

SHA1
eabc098be31b545c0973efba00260679013a2bd2

SHA256
d9badb8a6d133576945310dddecc0945249d4ca126e8c21e21f3f6b6ae3fe373

SHA512
d12df8a224d3b50a88d5b789123707ba3c30f6fd8a725df9a5677303171f362f1959ae5f33a68407d81274b07a0f3cd2ec20155f378a91a21441a0ffbf3947bf

Download Submit
\??\pipe\LOCAL\crashpad_3592_UUZGGVLLTJZOPNKM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit