kinsing | hxxps://2n8w[.]app[.]link/?%7Echannel=Email&%7Efeature=ConfirmationEmail--AtocETicket&%7Ecampaign=WebToApp&%7Etags=locale%3Den_GB&%7Etags=version%3D1&%7Etags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay[.]google[.]com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom[.]thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes[.]apple[.]com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=thecyberali[.]com[//]nin/7dn3s1l/Y3YyeC5zdW1taXQuZGMuMjAxOS5yc3ZwQHF0aS5xdWFsY29tbS5jb20=/30783

Analysis

max time kernel
81s
max time network
86s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
25-01-2024 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2n8w.app.link/?%7Echannel=Email&%7Efeature=ConfirmationEmail--AtocETicket&%7Ecampaign=WebToApp&%7Etags=locale%3Den_GB&%7Etags=version%3D1&%7Etags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=thecyberali.com//nin/7dn3s1l/Y3YyeC5zdW1taXQuZGMuMjAxOS5yc3ZwQHF0aS5xdWFsY29tbS5jb20=/30783

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506720724628592"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2832 chrome.exe
2832 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

2832 chrome.exe
2832 chrome.exe
2832 chrome.exe
2832 chrome.exe
2832 chrome.exe
2832 chrome.exe
2832 chrome.exe
2832 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2832 wrote to memory of 2076	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 2076	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 4084	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 3164	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 3164	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe
PID 2832 wrote to memory of 1360	2832	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://2n8w.app.link/?%7Echannel=Email&%7Efeature=ConfirmationEmail--AtocETicket&%7Ecampaign=WebToApp&%7Etags=locale%3Den_GB&%7Etags=version%3D1&%7Etags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=thecyberali.com//nin/7dn3s1l/Y3YyeC5zdW1taXQuZGMuMjAxOS5yc3ZwQHF0aS5xdWFsY29tbS5jb20=/30783
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe49479758,0x7ffe49479768,0x7ffe49479778
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:8
2⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:2
2⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:8
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3744 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5028 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4656 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3128 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:8
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4744 --field-trial-handle=1776,i,14100966326212198411,14479802921396307945,131072 /prefetch:1
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
6ffde779e5af89f8f17842cc0ee7d976

SHA1
7d4663bcd0291c99e68cd929e380909431fff4df

SHA256
3d1ba396b27f1ba9f7da01fc2358d54184f0fba197a03c2eb964f77083847014

SHA512
6898d09b97fa503a4e79422d94d9a26532f1514d7f325468ad53cc9a43e4841877eff9fd2a89f4236df7ea1fdd4bc88d8f3d8a471651d997eee6fd38a6ea59d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
b2ecdd36d6b3e8090c443ffe0a465b0c

SHA1
7d6d81f1bf7a0c4499b147b0cc67b0c7256a0d0d

SHA256
34b73958206b390983683619f88d9d234acd62d10cfad7dcef5a2f7e5d49e22c

SHA512
d47fdd88c0ed50903461c1b7fade8014ac5547955c78475e8a48398b69224b45c5a7825e9eeeea9620ec49e2d0dc2f4eb1e0bdface3b57073571b0fc4ee96988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8aa294c13de8e2dafa2ed43e2356f240

SHA1
41bf8927cba345de5dcf70cffc20838294240832

SHA256
003c627b2802c8db9993354d1cd7969d3934937e6d8c56ab1679d206c801a01d

SHA512
3ee649b01dca91e6aaa7705e03ca7f767e27dddef07783f68f0eb0b77322c685ba257b1b70a19dd30bb6e1d47a45bf56359a591cc5a871a32bfdfa09c16001ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
39e4a0fd5124d41f15cd65159c4dc5a7

SHA1
d7ee27a52f8edf0481238e881e66d653b91559ce

SHA256
d477171102ae5a308bc266df1f109ccec37ce0af0f613555225de0fd4e0a8c37

SHA512
724d92771c1a44acae5174d6c02894df7ad362c104b68a3dd6904dd8ac792681eb13ac7eb8c3d6db4456f1bcf89584e3d8d71ab411b1d669feedd73f7e276e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
818f0fc1ca6b599f4719b45e588c883d

SHA1
7f4519594fee46b01e5c6b4106b5989edd5f25be

SHA256
08072ce61e30c8a0cf8ee495be16a2eddb707fb78a41ac41ba5f0e0b6dcda16e

SHA512
08b132b884c4dea282aad841542ffc14cfe8e2d276415b3b017d466a43cff0d6f91819ce61e51d213fd0a0788d1912f9c9b0c8d8b358ef0b3ae4c13958454d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0dad7fa58d16b3f0854e9943e7cceac1

SHA1
de52b2f0a85f595d08fc704fc61345a7859c8d36

SHA256
51380d25ceece9ba9aa47b2140954ea77cc61a7ba2eea7a05dd5b2cec2e310c8

SHA512
d5687046fbb55ca43f3e822f89ca6d113242259cf272c0002f9ccc8b29c25ccd908df2bf80faae3c20d5144ebe09659279139ab4ec96f33cdb8812975cee6423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2cc2c4f816c6168f2d1264740aa57c79

SHA1
e42a557ea3fe186e46d687eccbd6605ac83024aa

SHA256
ed45eccef8a3bfbef38dec9f8e5871909f0e8d31a563f994e9de29597c4b3775

SHA512
876aa33bbf6d2e1a823b219b2bcb93400a146f01a80e9f13f03c2397b0690a276fa1e8aecc4753082066c5bac7234b6d55aa6950fbc598d8aa18b2f36163ca2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
049b0bc7ffa3e62cb93ac466d8a5a4f4

SHA1
430d02d4f7232715c71a157df97174210cc89337

SHA256
6205e2db1f855c4573bc983add808af7258db2146460d8ef128dbb4f4bf571f5

SHA512
c7cf7b1cd4ef3a7d2a67fc8e19a299be6de0821eeeb10818ee0faa2a5d4ebffd37094308bdf21ec0377eff555d6e8248c52fd061d544eed24ca0f1b8b6b642c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
497250b3335d0e5496d9fdcd7187e8d7

SHA1
e1ed8f942de85a4e8298d4ef968c818825a68881

SHA256
6c8d0baaf04b855a1a4e7a7b4d0844d081b2b86f3e0dca0ed9180828c4cd06f0

SHA512
c3953cef35f479401075dae39244cf46b380fd08490eb0ccf53803bda1698496985f00b7334a29a84a1f53f603bb8b65776e180f067b45a2cb886767398171d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2832_DSCXRRJUOPWKZJON
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit