hxxps://chromewebstore[.]google[.]com/detail/save-turtle-tab/cjbclahodcgffgpcdokophcaeahpjddj

Resubmissions

19-04-2024 15:29

240419-sw4ecsgg4t 5

19-04-2024 15:20

240419-sqvv2age7x 1

19-04-2024 15:18

240419-sp43baff44 7

Analysis

max time kernel
39s
max time network
38s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/save-turtle-tab/cjbclahodcgffgpcdokophcaeahpjddj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580135700132399"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3856 chrome.exe
3856 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3856 chrome.exe
3856 chrome.exe
3856 chrome.exe
3856 chrome.exe
3856 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3856 wrote to memory of 3860	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 3860	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2736	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2824	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 2824	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe
PID 3856 wrote to memory of 1720	3856	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chromewebstore.google.com/detail/save-turtle-tab/cjbclahodcgffgpcdokophcaeahpjddj
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84320ab58,0x7ff84320ab68,0x7ff84320ab78
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:2
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:1
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3804 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:1
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3252 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4588 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:1
2⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:8
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3276 --field-trial-handle=1812,i,4251223663829961737,16376439151357399805,131072 /prefetch:1
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4204

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
28e2b70842627e11f68570b8c460a5a4

SHA1
886f8ea9077d6fe495bff9d7520abeb39400add7

SHA256
dfbf681fb4cbdd1a1890fde156f87f21a2bd7719890e7da48f748439cc274e83

SHA512
30206c1cfc14cf1abe440b7018ac8426a8b6454f6c1788352d1c323cf9a54fb5d9e4710b7dba2a181624f263bdbfa3d4621c68103c5ea1c38c2057980d892d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
00804893f61242721c7d499ff25dc619

SHA1
e7f48932906c8fc923d51eabb7fdbdfd99c148a1

SHA256
71640fe10c6d4aea679dd78eac8b97cd92b9ab23c8aa253f4a79d8da3f6f815d

SHA512
c49a6ff700cc5668d1dafbf4dae9516198475cb9f402dbf2dce14ee80e389cbd8f475f0ac37ca6476e14a1c6a34676f48e8652f9ec1c3ba8d3015e605b864fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ba8cd249e1366cee4b27fd2ee105c835

SHA1
1e2624c77664854e713df186ed4b6585af8f0fa0

SHA256
d7dc95e285173c2e8e17b503222811cf632e5e55af28a65a25ee9b1724d8569c

SHA512
bf872d54588f9ad31d633ac0abfffdb233199933904b4a6909c30251554dd86793836c4c7eeaef8c81ba1620f9bc44c1e4bb984b1df809c8541b15dab14c5762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fa25a5c9590132007568697d49a20016

SHA1
8f558d381c9ce4f0364b8c822f285a5c86b86a3a

SHA256
d72412222d62bdf0e3800249f7deed745bce4c9f1e1ccb49c29e855eec2126a8

SHA512
a4852fedc18f3695c246835a55b037fb43d6798583412721fa5d15faa1ae792e59933e83ebfc345770345d481fef7d3faba731eeae409e518ac67c1e1ce6c4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
99d11e7985ebe24b652cf785d4001fc8

SHA1
eff5497ffe0fefee6b6cc56285e90300bb22a263

SHA256
1dd1bebf8cdbca10ac2d943fc176043261e729be72ade79884fc75685e1aac67

SHA512
680ac336dd7a99093c0fd9f4a4c771588a8f8fe440814e08f0d1c8bdaae57f17b3ffa8d765676a0aecf21ee4196ff94940d5f3400052505d516ce3475e9bcbd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
b419a44634cac02656b05eee150601b3

SHA1
4afea36b46618832809e139b98aba0ac2290c001

SHA256
32b11804cce9fdff1139d2243751fe00090628b6c315b6776ae1960ef1ea3b32

SHA512
32cdebabaf4c79a54cc83f0c0674813e33aafb66ef8cdbc43559a3c60d52ed51f25c05a6ce011358fac949f5a82009f1258a6a9ec33abb72b9bc1f47865b30bb

Download Submit
\??\pipe\crashpad_3856_AZRUFPUDFPDKEWDO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit