hxxps://chromewebstore[.]google[.]com/detail/save-turtle-tab/cjbclahodcgffgpcdokophcaeahpjddj

Resubmissions

19/04/2024, 15:29

240419-sw4ecsgg4t 5

19/04/2024, 15:20

240419-sqvv2age7x 1

19/04/2024, 15:18

240419-sp43baff44 7

Analysis

max time kernel
61s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/save-turtle-tab/cjbclahodcgffgpcdokophcaeahpjddj

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\WF.msc	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580141949396344"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4048	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4048	mmc.exe
4048	mmc.exe
4048	mmc.exe
4048	mmc.exe
4048	mmc.exe
4048	mmc.exe
4048	mmc.exe
4048	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 4276	2556	chrome.exe	86
PID 2556 wrote to memory of 4276	2556	chrome.exe	86
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 1208	2556	chrome.exe	87
PID 2556 wrote to memory of 3648	2556	chrome.exe	88
PID 2556 wrote to memory of 3648	2556	chrome.exe	88
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89
PID 2556 wrote to memory of 112	2556	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chromewebstore.google.com/detail/save-turtle-tab/cjbclahodcgffgpcdokophcaeahpjddj
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2b9bab58,0x7ffe2b9bab68,0x7ffe2b9bab78
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4472 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4136 --field-trial-handle=1900,i,17453664696702472802,5254674691538525388,131072 /prefetch:1
  2⤵
  PID:3104

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2004

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\WF.msc"
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
d2cbbcc22b7b075a2af853440e315fa3

SHA1
3238bc53e9c52fe7ecb1a833657d6678d84754fa

SHA256
c0524b0a84bae443e54131ae8439f49cca5a5d29ec3fbdcbc14df55ee19b65fb

SHA512
87adcecb6a853588d1cc713180f0fc924138ed002d3ccb8766fda4eaa5cdb2d3ec5f34fac84da5b67b1e8b65f217f408eb4f92b28d31298102ad2830a2480e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9da69de0026c44af0db657e2411082cc

SHA1
2e99e190d9ddc20c96a102c52d2510bff68f368e

SHA256
00dda02c964c93a47005c938329d5ad38fd719d2f7184065743da530b2bffea4

SHA512
aae2f4f1689521ff604a43d7a676751e8c8b72fdb9a5dd30d49ce855873ce448297bdade55d386c444f7c524ec0c03dff0a26bb8e81ea5b4285aa2a90a8a07d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
2f7be757364fd72935a636790f944b34

SHA1
e13f303212795f0550354a50db8f6a8f75be7a5f

SHA256
73e3171b08deb08a92e9c91475c3e1b34bc4e1833b0006116b0986bf7bede2b1

SHA512
0e9a561a2d024b5a6cfbf332b1edf7fabcb7a274ef9270e7255654ea76aba1effb728fc5b479f4ab2464a60ec71a3ad55a6c9e52d72f474c8f195706a968ea75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
57566f65ce0415584b1bfbccda39d9ef

SHA1
8aeeac169748c03b93d071b834990d083715cccb

SHA256
a48f2332f10435748608e2e1f58b244669b0effc456fed5f1686279de92dedb3

SHA512
ff626a8ce26b2f0585cf15100c8eadbd990fe9c096beb22a4c99bdf3879c39b574244be1aa69ef5e8c7b24eb012f77153139f3880a923e6d1b404c36cfd93b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0b77edda05d72e7e22ee44a86f8329a7

SHA1
0c578701d8f42e643879f85d399fd4e965c70a88

SHA256
113baf01111d095e7bc9dae9e1af8476c690e6c63ad8fbc54bb3f41002e72eb2

SHA512
a0cfdbb56eaf865fef80c7a9683fe1236ad2a260dc5349789c04f71eb9240b35647bfef993f3dd2e1d0a9b7ac1b4d86b87d1aab0dc09a53d5385d60203dda8b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
959c5eb4e7a6f847003f73d0060a3301

SHA1
616fd0b12b9df926cf5251350f145032bdac80c8

SHA256
15daece726e4941a664e7f0941f376118e86989303b798192b233257d1471e0c

SHA512
eb4c8971bf911fcbd87c94a702edaadcfffcb3170a2d6f7db3d59f7c339ae72d4c95a3623c5829dde5d35dfc2cb6ac46193b49ec0af7d10714fb0efe800c552b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
5e2bfb7a922f714e83f23ba8329d5c9a

SHA1
3a08a18ea7652cf48b001226bd8fd5552def5c23

SHA256
eb0613d58f883351670d1600ee4fe1b0e8b2fbddca58c76b11601c10aff5749b

SHA512
5ed8da0442ea1f10435a5f16a1bdaeb27ae09b053236623f2ce6b99cd4a03bbe21c2b1a6cc42fce869ba31f924f991c51a99d16de01264691b66ff23efe51e87

Download Submit
memory/4048-226-0x00007FFE177F0000-0x00007FFE182B1000-memory.dmp

Filesize
10.8MB

Download
memory/4048-227-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-228-0x000000001CD60000-0x000000001D246000-memory.dmp

Filesize
4.9MB

Download
memory/4048-229-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-230-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-231-0x00007FF4CE770000-0x00007FF4CE780000-memory.dmp

Filesize
64KB

Download
memory/4048-232-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-233-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-234-0x00007FFE177F0000-0x00007FFE182B1000-memory.dmp

Filesize
10.8MB

Download
memory/4048-235-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-236-0x000000001C860000-0x000000001C870000-memory.dmp

Filesize
64KB

Download
memory/4048-238-0x00007FFE177F0000-0x00007FFE182B1000-memory.dmp

Filesize
10.8MB

Download