kinsing | hxxps://drive[.]google[.]com/file/d/1Ys8-viej1i1Qz81w1qsG0xie3BJjWRAA/view?usp=drive_link

Analysis

max time kernel
301s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Ys8-viej1i1Qz81w1qsG0xie3BJjWRAA/view?usp=drive_link

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

5 drive.google.com
6 drive.google.com

flow	ioc
5	drive.google.com
6	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506784365716169"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3668 chrome.exe
3668 chrome.exe
3212 chrome.exe
3212 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3668 chrome.exe
3668 chrome.exe
3668 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3668 wrote to memory of 2752	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 2752	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 3424	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 2940	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 2940	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe
PID 3668 wrote to memory of 4472	3668	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1Ys8-viej1i1Qz81w1qsG0xie3BJjWRAA/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa22e09758,0x7ffa22e09768,0x7ffa22e09778
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:2
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:8
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:1
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:1
2⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:8
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3716 --field-trial-handle=1900,i,7285296551536337791,4525762888741526262,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
27KB

MD5
8e726f705237de526d24bef1bf3a0631

SHA1
32686afb7c33d0ea65c413d773bdff6a01a59899

SHA256
b0caf825c0456cc2e5ffef6801f361e34d5533c3bf55e3af0cb983e39343ba14

SHA512
c62c7e9ee6d1c5408811099f5bd5dde0ea20dd5d9d85deec980b3bab8344eefcd55143eda98b995d2418ca20522420f0d2d6c8f18bc0ecb48ad32b4a5e2e8c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a6a9a49c871084ededa6b5b29988fc18

SHA1
ca68710310bd8ec0366202c5133307b1969d9a77

SHA256
9e8819e6488425e37fcb86772cb903cedb54f4a06702bd75ad19c88a762a63ca

SHA512
af3fc85aacd1ace7ed05404186317e4bb360d5c2d81a8442018f962d9af314578d75a340c71c5d371ecd6453380e8f0bc3002c458a94a85641c174f54a75dbf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7476e1faedc465fae80a2f33c2cd217d

SHA1
0a683ce7979cbb9edc9c16bb3240d9f7f7883b49

SHA256
01231b62dd0e5bfc01170abb1d089dd0e24fad35e38794ec86196ce4b8ee5eea

SHA512
e2173dbd9e5b0d30c5eb2994202118aacd376080d3af1e33c108e240e067b9a2e2cdce8c46c8dfe9ba859598d032bc48a978f00a497e45ecb7c0e7adeee682a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
63186f02aa282a0b78ed95f559fcf34e

SHA1
b87b0fc95034686f921112cecf4b315154acb572

SHA256
7a44e31d5b4646e039469a62bf84ae81c268dfd5b086353e44bac30a3d654d23

SHA512
2cdbf75f59edf7f69101ca0fcfe3442b1a34e1cf7ad60107d48767e65db575b3cc08b97926249e645a9ae38e826151f35609c652cffdc85fb10b20e7921d59e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0ec8b580c5b22eaa54d4867b737fb389

SHA1
5d96f01712e0520886d13f45ce2d6401b05071e6

SHA256
b63dbc61a38c4461e739c4b7f8c75f2e915ce94f793fd890f1c410bec99db62d

SHA512
767f66a8b66145c217783068f553c3e6130b69fec013f681c05af306a7c1b335197d556e0bfd244617d8affbf7b88aa165b1fb4eae5e5d5835a53a013fb0fafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ce7a7a35016270145ad5e4be922091dd

SHA1
69b46d99cd33e1e51643e29414d1aa89ed3264fc

SHA256
e73e9808c3edd816d524099e9f5db9a66dc2a0bed0245d5231f5254713c2a244

SHA512
6e78b7f8c0109f9f46ef6d2ffec8c39579c92c0c01bfdedcfece27ccd3dc43d78cc036c5e755cdb573ddc274db01fdf0df5ed979db0c363c9f5db5f3dda93da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
798f67b6815627d63d06229ccd92fc34

SHA1
1065c302fcc9662ef4cbd7444c0646957d46572b

SHA256
db1f490d2426ebaddb727f2858d52a3486f101f2d733a73a4baa3dd92b316872

SHA512
073c1c1073826abed3979ee6f68685b9284c4663db92b4195b02d354beeb42bf7c42c344f3e6debdd1980d0200456bcebd0ab83286d2c5de77cb0d7fef9351b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1fdea4f59cd3ac977914b1c1e6841896

SHA1
f78aef0b06919888a61cd073256e09ed2df5ac1a

SHA256
7a9667f340dd098a0d6734a482c8d1d09bdca167df452e1922bc6a525d1ba0e0

SHA512
67d031a5ca143dec5454f544f61a1c9bd6497ca3a0305b4f955d785ead1b38812d145e3c22e84237c8758abfbad0d2880e579a9ebcee01ccbf7857325bf11506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
50acb0aa13afee248e9fd6befa405b7d

SHA1
7c1e4a4042112f3f3ff1be0419fca09e63a2f710

SHA256
bbbab56e0883c006ab095a439d61e2a1b6b5e258e29b512cb19900b533b00ba8

SHA512
30b3431be6b05a2e4c476b655f92dc2908d93f570500dffd6107b956c95cafcaaf105d2cb59f86e457dfec19f6674ac6c753e36f0f880f8eea0b76545d8763c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40aed221d807368fdba400ab36a363c4

SHA1
067fcc8828d6f98be5b24c07ca0cc5973efdea3d

SHA256
da133b88e127e863e0d1e89ffcfee7441f6ee62e316fae3fe8fd53cf52d850e0

SHA512
215b6a4f39ec520c09d6c17d21a21f901834f8223b361eb47b0823159d305842061e30b794280201c224d9e574af772d96920833c775fc5de02328892570d0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4b41829865e6e1d483c5aa6cbb9ec68

SHA1
94c25f0a1921a652dd3a2c19988adb7f9113bb32

SHA256
281179799e101945b6c915d183144c452e61b8d9d45fd30305df3bceb7307b15

SHA512
b60e448ba6aecf478d0ab0134831c78fca0e351d66b5449552bb24bf37754425e6e0d77d74e112b68d4b1e1fca005756fbd636277544ea1c1070da364988ab2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
4b99957c4ce80b2bd721eaebb59f656d

SHA1
5596338d13464de2bbb12d360467ea4217010f8f

SHA256
b280893a3a0554a0d2066a98f8fa7cb02969683afac83959911164927ccceed0

SHA512
4b00d4881eaa937dbdec705db21902a5a5f6b8e9e402771afaee3437eef59f24c75fb6b0432f0d44f7ad68ce2b51e398497af38e0620e1e1de235f7e910b6cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3668_NPGKISFOEIRQUOIQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit