kinsing | hxxps://onepiecered[.]co/s?ntMF

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onepiecered.co/s?ntMF

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506719559566688"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3544 chrome.exe
3544 chrome.exe
3376 chrome.exe
3376 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3544 chrome.exe
3544 chrome.exe
3544 chrome.exe
3544 chrome.exe
3544 chrome.exe
3544 chrome.exe
3544 chrome.exe
3544 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

chrome.exe

pid	process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3544 wrote to memory of 3992	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3992	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3632	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3996	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 3996	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe
PID 3544 wrote to memory of 736	3544	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://onepiecered.co/s?ntMF
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa5e149758,0x7ffa5e149768,0x7ffa5e149778
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:2
2⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:8
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:8
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3716 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5108 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:8
2⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5364 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=872 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1528 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5092 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:1
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 --field-trial-handle=1880,i,4050984323333649783,5865202341248245773,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
4a66d8fda6d825c0521d53c98dc9c340

SHA1
0b9a06071ee5b9a9b974dfd79bf154cea1929027

SHA256
6cfb9071b4745b2744e673f57a39aaacc9719825c5f6e83dc5ce9b528c7d88ee

SHA512
c8671d2e51d7d992c330a487a1f7159fd55b1d9b18a0844edd1db6b90b69e9006ee1c4452f619b5cc2cb706236c4de0a06034fd4ca008cb379819ba0fa40fb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
ce95052836b060f3d1c21dd974f965ce

SHA1
5bbec28f3626aee3fc68e50db6399347a64c144f

SHA256
67ea6b09f1b7287a738d36003970c65888cd86599d00a970bac787a3e7376d5a

SHA512
05016cf891bd010ae21317d539ee7bcef0d2e06f8d2106ad80e5bc0a64f3065c70efaaed8601d2ec9dc810ba04933628a8ebac6346a60a904b37eadfa13a0089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
762cae775c12782749a0680e2207f381

SHA1
5478996baf5542660ec8cccdfe79f4633d9bc1b5

SHA256
c5782a8e161a18a47ccf0e955560a496afdbcbba34d331a656ffe3ceee21f9f6

SHA512
dd2bc117e1f4db29fe850795a8ec93545c03e4c38047ed09513d10b654df046549e28b1ac7f7b1b3b49a8d81067197239f301714bcaa2ea4b98db29268e86825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
fde69fe57d098aea6c710ff9ffa29a9a

SHA1
a25bfa2b877f15296a63882f48ccc0ec3c52bd14

SHA256
225337521ad8c2e79adccb6a3fd3eddb1dca59d6b572e039ac87f884a83cd5fa

SHA512
05b75838d875f39fc713b796ac7525ffac06bb0bb4f5bd519150b61aa73aea55c5feeb80aea7c78cfe51724c1bcb75ee6bde8942996fecfc368717d30faa14a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
caa0010a62ba0843b6afd22ebceaa1d8

SHA1
e3a1e4cf2d700e8274fb186cb81f7c3d1e701d52

SHA256
d1f3de9afe7d67a34d71af219a5520f8312d9ce0f36c628322635bc28f11c8f7

SHA512
3e4e8b9e5e16d9ca2f117f9907fa6bb18b33eabde67c718769c94ed37b1ba20c86be2e75651ab0f5b67c366a9fbbcc513bd571f76a5cc032d443c5f30319f395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
12678463d00aa4a32fe59db70d7c6702

SHA1
4383d442ab2e674a809d3e3904e25ddd27728229

SHA256
34eb66121a129c96359cb288b43f65b17757517e6738670c9a573c4f3ab99114

SHA512
95712b29055b514cf214f590448f4e9f403df7e520b120ec0f07ca3e2d58b3563d59151b060c926e6d2d11572b376aa4dcfb2c52fe5f4176da2d4aab70185a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7b2e361cd0e79bf4ede304d4e6764bdc

SHA1
6ec19277ec665f4d5ad6980f7dce7f915b04cbc9

SHA256
380c0b575949b01d7441088333fefaa77744d7a58b1b9ea33810cd3c7452ab53

SHA512
d3900d1905e28e539195ce7c116a9aa2cac73adac525326e667e6080c0b8ba1faa3f3377eafc8e3bface91302c482e4f2cf4fbec2a0a0bbdaae3429f881b87b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c3edb73570c374e340112c734850db2a

SHA1
57cb5ad45eb26dee786f9d82a7c51ff51b6e4489

SHA256
8a39428a87b62d664afa43169c55a3934597b15e19ac2a23716f51869f2e79eb

SHA512
6342c2ab173fd64885919773feb76085a210825377afe57dd2be1105480a1fbecd102a59d43c06fa94749a802c0ca8fd4aa3e77d393a907e75fd86173f243469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8f450d44c1175345d4a39d28b3bd3772

SHA1
57580abe179d09401e02f87a64a1b306d0562f66

SHA256
2adc7d502c7e0b1f4a826a3eb3b4b88b3b47a832d5be2d9679b94f1802657037

SHA512
0c08e1f82c36092af41070c526abf18bb7a72653d6a0b0e3376d138c7b2a995aa1996a87fbb75bac4591023fc9db170642158ae12900a98e1796bd792b77e244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
3ed26e25dd734350354a97729c293b67

SHA1
97033422b390a2dfde4637cfb8142633263c31fa

SHA256
77e8b016c09828e11fe05ffe80728ba7b55c0a6ad1399ebfd5daa9bfe7a7ca83

SHA512
83b6d2c0d50ebf33c657767218db2083fd7fb1c923ca53e4d33a9332b37d2c8d7b473e97a22c38182efc6ca4fbd2cb6b00f72645cf7c6cd2285109776ada34ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
89c79d45cfab085612defa8ab301adc6

SHA1
249e6326bcc70fb1b42149cf1ef3a73450159d68

SHA256
0ad984d2a11077cb906046f501011627769f1bdab4b03a0eaa256a6107fcdc79

SHA512
657b07ce57e618d06be0be574412d138e024a4c1e46fdc8859ebb91a72f9a92d2ade0cc9e0d8073323660cfdcfb80069923505add66ed54f9a996b575cabafb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3544_KWOKHIGGJYKNVNYF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit