kinsing | hxxp://lifeofbets[.]com

Analysis

max time kernel
299s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lifeofbets.com

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506772417628240"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
4884 chrome.exe
4884 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2172 wrote to memory of 1620	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 1620	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3252	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2372	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2372	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3180	2172	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://lifeofbets.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda0bb9758,0x7ffda0bb9768,0x7ffda0bb9778
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:8
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:2
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:8
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4064 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:8
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3924 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3008 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:8
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4952 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=212 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:1
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 --field-trial-handle=1968,i,14696777083615811503,14622927933188606767,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
823B

MD5
678b1476e1b394830a7c3836af08e255

SHA1
adf0b7b56589f64b826385d0007038c54b58a950

SHA256
1c9aa07862d6784e8cb687d395d4156c2be81e0e313a5c3c455954a29039926d

SHA512
0e26bc39818ca02535d2a454ee97064a4ba3ad195090cc1547eff2a41c92468424ae13738cacdca31893fa869aef55c4088863f68a03201662cef22bdef60df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ade24f3357121b9878652c8580b94cad

SHA1
22da47076afea0053856038dfc70a804ef815632

SHA256
3194aa93c23a57a31a03feede51deee848f1cd59640491ffeea1a4617e9dcc8f

SHA512
e68aa758a3334c8d0d5baf187995552a937f086369b757dccc4c16e26a61801e7b5ed748c8b14c159dc3d00526519a5aa00f229a3f11ecfc7d2e0f38a3f923c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2839e12db11bebc1ef4a84abdb900c55

SHA1
92474d3fbf12f37ca0173f3cccdaeef341ac0516

SHA256
93a916f6f7da7d00805e1c94d54262420eb627bfd6658d6a1a39e8c82ff5aa25

SHA512
2c6d1b02900625bfcb593020cc98d951add6266972f2cfbffc5978576feb57b65c974b4cc3e062e05f257f113e38ed02d7805c779b985993f8f0f04286257247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
b723b156fd4c614b1af32ecda51ddd0e

SHA1
bae97fef1e96b17a64fc11367c4da2654471ce35

SHA256
5c7387ea7c1620ebc4b0692f36a54db9974a8d568b52023259d6726c6f3a6ba1

SHA512
6f99a6256b8433eaba74852e800e46ac25b5a2174061b69ff0786bd24605edc58d2a2a47abfffbb79f929594cb1ff0c100189de20c0a8126f0be5923337aa970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
6bd7020385f55ddb9381dbabce411495

SHA1
813c50b034531fc2488e3a95e3e076cb6012a801

SHA256
a5272573699658523617fc3bc8bfa829bc14730f70d9b1dd567769ec60187752

SHA512
0e24ab4fca4d8bbf04fd106f4179024af63fb5cb38ed1670913da17621b8be42683d0aa9ee69dd384b48d938dfb3ef0ccebd1db1a6ed7aad54af93561fbdacd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
bdcb5f8a9e10ab18ec8caf87f60f0e2a

SHA1
2177e24acb7ca5b3eab5d392029ad702b3d5503d

SHA256
01f2b130e1f7c186acb6d39427696b70556aab17743784e69be1980cbace2ba0

SHA512
664ebb04307f7a32ea8744a7a342e84993ddff1428222d2800550851b21f1d24502dc68a358ad97d27ec7d97f08090ce432e02fbe4aa02a9a0bcdb6fdff21985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
fb4204c6a85ca3fa75d25472a533fa7d

SHA1
e6c24dcedc68870822682e00aec3bb63585f36b2

SHA256
9b6c179cb1d526a779b207aeea88d22a43fb5ef3248e6e06c8b805a2ea4be83b

SHA512
2445fdf52aae93a6cef73b3fe4d9106b5f6c10edb5d24a811e5869b107906f4c8641aadf258e1b7c739476c60f355391af163995f53d18c36f31f4782bb75af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2172_ZELSUTDCGTYFMZPE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit