kinsing | hxxp://multifactor-0ffice[.]info/

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://multifactor-0ffice.info/

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
37	api.ipify.org
39	api.ipify.org
57	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506783837243131"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid	Process
2040	chrome.exe
2040	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid	Process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2040 wrote to memory of 3096	2040	chrome.exe	81
PID 2040 wrote to memory of 3096	2040	chrome.exe	81
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 4036	2040	chrome.exe	88
PID 2040 wrote to memory of 3236	2040	chrome.exe	89
PID 2040 wrote to memory of 3236	2040	chrome.exe	89
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90
PID 2040 wrote to memory of 4728	2040	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://multifactor-0ffice.info/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93ad59758,0x7ff93ad59768,0x7ff93ad59778
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2992 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5396 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5304 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1716,i,9145129116486413607,12369334518023915761,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
774c70c66d2b6ae23a922186bd0373f5

SHA1
caa7f579a5bb1470d1860d9eb3147c9577b680f0

SHA256
3f8be3e97c932dd097b8f8e063c01cdbc8dee43f97baa6329bddeace81f9d1a4

SHA512
c9833b0a02594693d56ccafd0fc1f805f95941304e558828393b11d541b4b37daadf1abf34f14cb0f094912ef83914fd7042e174682b49d66cae3857c733fc7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
939B

MD5
e64380d909c74e313f46a9871651f661

SHA1
ced312eba42937ff24b74cd30c55688f2c5d0efe

SHA256
9c78b9a4ac793ff0d2925747d534e618b1ead2cb7208e4492ad4190f7dec04ab

SHA512
2e1700b08fce2c6ba8d12a56022b792aa257815bcc3ec76b2d7688e50ec3387ee25827928ccf5f09a6d8b031eefa31e7ae1114e6579a2984a6bab27a612d8bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
ebdaf7a79775abe7e0506b0ad6b7e517

SHA1
cc12a78708766fe16a02939c6f416353e96599ec

SHA256
db8eeb61b72b26de2d3b800d5e70ad33961433681ec4c82747417b3048f30fa0

SHA512
9220f951b702ac2d2313bd6592241724d6226092a804bf985d06c64de6d61f6ec21c049ceca7eab56ff7e85acdd03a443cc4251eb94287d14d0f83a4c1de9a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4ef6c03dfbb056658650f7126a87621

SHA1
000b050b38ddc07e54ce48bf236c4c9c417fb1fd

SHA256
fc9e1351bb005d165092e93854384fc1664d3fdb996e7657515fb4d67aa97a44

SHA512
2e25c62d3a095ec44f7118ebe2906905c6a9d5df6c419e9d646f631e919c077f1007505dd0c7c18b2afab77890a80613dd4d8d6fba378400087e55126cce4d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1a2f7324dbc0b0bbc2dc6c45e130fb89

SHA1
71c5a122a3c99ccef053e0fb3cf8890e08a9b6b2

SHA256
ae6b5e6267e1f9dba0c5806be7e77e849f130d816f7618344e9cd902775862a6

SHA512
f2846b47fd89b278c4a9d17c713916283a62e3c0b1413396a7e2497f66209eb8058559ffb80564769f4767220f7ed707c3972bae1265e9aa5b64184eb9124c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ca7ff3bd6ed6d48b1be205e7595286d

SHA1
933431b9ea10436d7a8517810ecd6c9cebc8d97c

SHA256
110393e6a65ca4801126b263fecd46ed6b4cdafa5098150541796ae4214bad60

SHA512
9384c821922172046264cd6eb1afce07cbb73c179a0dc904e5235bd6695dab48b25537ce898825a2640df1dada97c14ddd21b808a6fbd34a01b419e26e63bc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
375a4178b74547c0273e03c07ad15cbf

SHA1
e7d06684834cbd536dc742fe4cb6b384bf33f96f

SHA256
2adb3e3a7a974b092a29287a996cc50e8d90db10ae2dad7c324255efe19c552b

SHA512
84b85387c99b9fbc62b55d53e12dc9dc62d9faaea48e798afdf63f80189e62f9e8b3038366f0b10ccaeec9658e1d4b9aca7cd008e0d722728e1652b929ba670a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
72f4d618535c41e5ab92732a02379b84

SHA1
6e32a7d0a8fe9f0b08fc2aaf945349d49665592f

SHA256
3f8a8bc76d01144026ecbc3cf662f4351c79d0ed98294d1619efab11027fa823

SHA512
26a3d2e2446fca69244c71b3adaaab15b3f4fc450854d26d8ea93b97e759a2767127f7508484ed2f6c609c9be16c3e49774cfffd3405f7bb7c608b75cedb2b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587fe9.TMP

Filesize
101KB

MD5
9a5ba4127ee0d47b7f406cc8e55aee82

SHA1
42230bc04f9a083b4af7eaafdf7d3d2ef3d9ba18

SHA256
33257b777380e9554d2271c1ee11eb3d6421551ef919e72b5b407660bc256432

SHA512
2432092df48c7c9f9f14b61da2b8435f3f1a16a95ebbce60decf835be50d34da846274f376533b9851c0ed4f8a2da8d43ec6716e3a8dca693cb098e1ec2357e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2040_OISMXDLTBQVZBYQM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit