kinsing | hxxps://ad[.]doubleclick[.]net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?[//]shakesbeerbrewing[.]org/html/xtml/GEMD2L7PN28JWXTKQP10L2SX31_=/[.]filepage/vivi[//]john[.]leos@tdlr[.]texas[.]gov

Analysis

max time kernel
80s
max time network
81s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
25-01-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//shakesbeerbrewing.org/html/xtml/GEMD2L7PN28JWXTKQP10L2SX31_=/.filepage/vivi//[email protected]

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506706846949986"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

888 chrome.exe
888 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

888 chrome.exe
888 chrome.exe
888 chrome.exe
888 chrome.exe
888 chrome.exe
888 chrome.exe
888 chrome.exe
888 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 888 wrote to memory of 1216	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 1216	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2932	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3188	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3188	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 2844	888	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc31689758,0x7ffc31689768,0x7ffc31689778
1⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//shakesbeerbrewing.org/html/xtml/GEMD2L7PN28JWXTKQP10L2SX31_=/.filepage/vivi//[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:2
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4784 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4660 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5096 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5028 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3684 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:8
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:8
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,176603668056265359,984703275936015515,131072 /prefetch:1
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
2e5a821351428519009d25df9be62d59

SHA1
35eb35fdbae78e52b28ceff6e54aebaa4cd8cf4d

SHA256
ccab0dbac9cde211241ad50928b01e93b78c48ec54050ab9ac3acf52e531b44c

SHA512
bcdd1dc828778898da80ebd4a279d0e205312ee7da59e33b7b5290b3279f4c817f632cacef0588b33e92390fbe542e7bee398ee920ff816672a089367efd8a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
dd949296d857636f55ce93351080d268

SHA1
9b87ba2b6340223e349b7c2ed388c01428a15f2b

SHA256
4234171eddadffd95f0779f63dafabc3f20e7b8c65a4aec98bc942b23ef60aaa

SHA512
d68686d09fa7d8b12bef73a4ee0ad3d7c69b85b89dc54f4c19ffc13902714f6549dad423022ea187c32cb73b6c95731252422ace785080d08dd5862aefb6e0de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
9495d8fedae292131054ea199b010df0

SHA1
97902197e3e403147bdb473eb47cec416fc53cd7

SHA256
a5e9d43278862257fe48878532a9c70b779c257c4a989e2e737e1e7dce174b12

SHA512
0cde30837067cc0620685822ed9907f01dcc1d658551b0ddd45681e61def19c2a26903d3783f5efa2dfa35963e20b7c11e8929f9fc731b08899dfca89888fe26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
89c71829485af7221995defad192d012

SHA1
58b883c4872fd93e29990eb7cb59df04e4da2842

SHA256
98d87b387bb6a065d2513990280c89caf1ae8b6a678bfd485aa726072923a52a

SHA512
7e6a7e767ec505e97cd69bc4aa84ca72e009b4944bab21802e3987186bf80720b21d4866b8182cc1e40117cadc5930e78c9afb9e3e8e18ae2b60e69d4269bb98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
eab7849d57110fa7f543d97520046fa9

SHA1
2916d88d68b9baf4abdc25bd9e23d9aac759908a

SHA256
d1642594c4b8f793cb57934248e3ea880fa76754c169d881b6c928bb10dc5718

SHA512
7663493c237ca64bc07e0b997f0bede7492a3539ab9e238578ecab04b65ff1fa659cf0a10ca175707994cb73d5f7204a61243f31c763a6d4146491c736c9e6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
727e8bc0b54ce99da925a08febf67f6d

SHA1
f7396d8c6642b86db6ab5c119368949dd09ed436

SHA256
bc04084d6cca0db88d5e6204db7eda47d5fec50fdbf1ec1f054d260bdb76e121

SHA512
f49265f25401bae133435296ec591377f82661565ab180fc7643a54411c34d44537e5ba607dc7721961d3021512ce7a8354ff335e42ff0c109572dd57316cc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3b064e4ae68bdcd4ca35bb17c9f0755f

SHA1
9f4902fb35217fd080996c5175b05eff0ce94d3c

SHA256
a1ed4513ae84582e49ec4a3424b6ca0110ecfeff3604acd7bbb0cbdbc614b2f5

SHA512
33c2cacd213e38140912a0387382576a6f812a2a883d6bddb210df389b436445cbbf2e0a875e41a0a0ec7f083cf0e5d8b9c1a07424bc45352693d3bf64c93289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
244e4e522bcaefd079bbeca94a61ea36

SHA1
ddbbf2e2dce94043de291a95df99d9c7050f5b97

SHA256
ce608f07615ddde70d331a3e1cff0cb851c6e43a30e160c3b739b975552d3bd7

SHA512
0e266d066f0419a1482445513e19c52fbd76627a0d0f9ed4cb0b0eb8a9060676edbb6bb25802c654e3216d218623d5946667ca0320d6d0abb0adc6af9bc35399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_888_RYOGZDNTLPGXNJPQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit