kinsing | hxxps://www[.]syntax[.]eco/games

Resubmissions

25-01-2024 15:59

240125-te8hesabf2 10

25-01-2024 15:49

240125-s9jxwaahgn 10

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.syntax.eco/games

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506723702301274"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1096 chrome.exe
1096 chrome.exe
1096 chrome.exe
1096 chrome.exe
4008 chrome.exe
4008 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

1096 chrome.exe
1096 chrome.exe
1096 chrome.exe
1096 chrome.exe
1096 chrome.exe
1096 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1096 wrote to memory of 4864	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 4864	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 3268	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1120	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1120	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe
PID 1096 wrote to memory of 1604	1096	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.syntax.eco/games
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x44,0x108,0x7ffceed09758,0x7ffceed09768,0x7ffceed09778
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:2
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4772 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:1
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4108 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:1
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:8
2⤵
PID:888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3752 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:1
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1840 --field-trial-handle=1880,i,17462481411810589912,1474339543379988827,131072 /prefetch:1
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
91KB

MD5
a76bdb70a55b9281fbc55ddbe01f39e6

SHA1
4d2c80c196f32ccd54ee7b4e9df6884de76c9c14

SHA256
ddda085812a53a617e9dc0a2e6a1ff1de397fbf10b7ba6ed7e38361e0fe46f44

SHA512
2a991691e1da276af592acb6e54b5ec833b718f83b87a52c972ec33b936cf804b94b522dd7c41d2950082fa55bcb06ae8074b9005ac7ae1997fa9e47a32a8b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
b89ee84b988e6d86be717c7dad133226

SHA1
5e04e457a74832bba5dfcbccebed23235dcfa1fd

SHA256
203a9e39d5ddb973dac01c179ff39ab3e2ee278588b321e7625ae0441d6d3555

SHA512
40795847bfa8db9d3dad606cd31ba5f6b1994968801a9a86b6214ded210ec22135a695f3782d7eb00e199a6ebf8853795b0a47affc8606b617bac2d613d419f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
28193febaa22973787c56e184ab16f2e

SHA1
387b1b51f065c6c59fb34ebccc5895b2ff1fc4bd

SHA256
5e2b7520fa0dee81d267f59612cb318c314e6492bd557a308033c5f41d0d3f84

SHA512
b4b6ecc05d682393bfa6d950feef5a2c2067deee5db3db555751961c819917a52ff14e918c82e4553f1f130d5e43f0b39cd3a284838560ce83d29764f31e5f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
a1b6991d461758640aa1209ed2c27e0a

SHA1
17f10ec9dd4a7876648118dc3d8ca7507bfab88c

SHA256
0b86cba7fc92d6091ab290092f67f4697c37b38ca069268139a949a203a238f3

SHA512
fdf48e79bdb5369aadf0eb777efd5c6c4aa1d572de966feaedc63e5ac47c1b929431cd51da9ffa12d9378102245cd77e59d8ffa7633ff3f7e56c9eb1417e2b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
669c59dc30e2d58305c4c34c29f87887

SHA1
07e57a42fbc846401b709b7f25b09f2cb006880c

SHA256
e01cc325dc9d0a53444830eafa3323f9ecdb594f4822c05dbceccedb66c7c5e8

SHA512
dad8b219e981a32b5581272721202994fbe93cd5c052bbd9d5e088bd9a4b91aacf76a043daecfa1a1a5152d2774a99f99d989e6a92698928f3b83218cc80a3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
9f89027b6de703a3a31c9b635fe976e7

SHA1
d395bde18fc9b6486d51e22aeccbceed4645be24

SHA256
e21253bb3ce62dce63ebc2cb19b36ce1fb6051ad696bdc7a446fcbfdeab716dd

SHA512
a8a102736de24fdb4272994b486c370cd40007764f5888a482d57630f3c4a698b652350602bcd4f3474862e4e2273f858a2da73ca68e1752b574f388e4ddb7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
703B

MD5
a06adc3b1f4aae36745e53d073dfd8c7

SHA1
13fd05201056c431a22e9d85112b25b47f483676

SHA256
6ed4a1eae9530398589ee58c02b45330cd2bbbe7e0d70c0168e9469b166e5019

SHA512
2f92dd387a9181cdf123f575bc59d8369510ffdee89113d85de94eb33e50a18be43607003e9a49c0cb7fb4ad61e505be45bd2dd636d5440a72c10a5cde4ae8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
280d2b921c707c1bef9b67eaffc95857

SHA1
bd5bc4af123729fa379e2e5269574741f0134d56

SHA256
f02cb6062782bab83253047bc397fe1c5fb053527aa730ff00b2f2eb8e3ad5c6

SHA512
a652ec0c9316158c000020624d06fd9c0cefd0a01e8b59cc37ca30a11080057468439a6bc477bc715f7938135d2341bb4f61a1164615866f9a7c6cf595d39e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3499be8ce95e3034c7cb59f763d38881

SHA1
6907a8cb204a9ef5799043e5388942f56fe6275f

SHA256
818ba0104dd0ca5be61f40e0edced8da6cc50610498069f5c8c7d25f82d94a1d

SHA512
c4701393a2e04ac73f5a1f3a0152434a53dc48c4f977d2fc8f2ab883641e08a48b679c9f05b15f78cd7b2381c624fab6340400e715eb4c5fd93b13ae6e95ac02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
39cdc64d5167c468238b4ab5a8de3c75

SHA1
94ebe0d036ae32dfb90e88abb2a4f88f8b92635c

SHA256
dc573ec8648f8ec5c25bdf6afdedd217e5db71792583cc27f21bbc054a266dcf

SHA512
8d62cde464340d456b191014282e4058f7a0b51cccb1a1df8d273c4b0a7010804e11ab0df97daf324fe9d10b74d3986fd4bf719ca94249994b46b4e60bb0d8a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
115KB

MD5
bff90694e4563d01ee0e553a7f892eda

SHA1
1f6c418d76154118cac22a4bd81d9739a2d8ed75

SHA256
eb1aab73adf60fbe37211c467f2c8ac9b9e7267e1e67a45063fbbb810a0fdf2c

SHA512
c59830873d839b0fd316201bdc8169d312eb14d47799d3792d18fc36d8ede924af8cd97d09c90acc5c41ab7f0fdb593eccd0d2ca8391bb3f61cafc0dff52ae41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
115KB

MD5
a29e843c3436d010938f9489129063a0

SHA1
a1a010b4d2fe623304f94df1ff27aa852cb645fa

SHA256
f6a5dc4bfcd1ca53df84ba3ce5960ba3d1e6943ee8c9ca0d6ccb1e4a49949151

SHA512
0f3a6d5004afd7ace234efd90dc76e3001b7993d79fd76f1ae91b229c91c9c546f641b24762253c94273a036f8a761aaf1002393ad0b086075e22e1dec7e9815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
116KB

MD5
ec6b9607469a0bcae542aa4b4ecb51bd

SHA1
51286165cca58ab202e3394387fc4816f97f13bf

SHA256
2cab6a673df573dc2a046001cd2a777b87144ffcd0d1aef236a6b812a4efb5f0

SHA512
bdf083cd79d7a83a8ecb93bf2a0d4bf2498febf2c45e078b94105e5675cbba269638c49ef11d3daa1b1dd87761f2b815936f7f199b41c47382053c6a18dc21a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
135KB

MD5
5cab77ab995a64dfcad6810a11fe665b

SHA1
b6c099b05457604a219c711af11f64dc71e0ae6a

SHA256
8b26c17ae26cc8ef7d180c713aaece287506b84bd1106ec35dd90243412a02b7

SHA512
104bbe7f5bfe7fe89a949ab51b7a19aa3830dad1f4e89782ca731c6bc8375fe180bc5f37582a875beb99d385ca433d8597f6b3a491d5c73913f9549e917db01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
0ebb15cd4ab8b7b0a822947a91f11c4a

SHA1
0bb75ca631af34f8ea84ae4acf78bb2161c6e5c7

SHA256
eabad42e22e577d37ad0d4e96d7088d519b3edde64cdb7c8a67b1571ad725f37

SHA512
0f7ae68976908210eedd7a3a5ba2ef0ffb44ed30d72aa484a2072597c2de1aebb1e9fdcf65cdbd19c2bfeda593136ad78e490904997bcf90984526c90d305498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5f1d93.TMP
Filesize
101KB

MD5
9521e827a6e23bf8e7848a7807186423

SHA1
4f519e876299dc649ef72dc40ca27bcf34237731

SHA256
099c65e1cc7bf7346607a584b826582259ffeefd367fd840438fd3f471964f71

SHA512
9e09c2f1eb4dae4b1bb4f705e696262ebfb49411f6574c351f1f0e999fc66db25c89002d25390f27f25b7acf08f9050c0781dbc0c1710dcd07d5a8042a2a9694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1096_PNFKPUAIYETMMIWV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit