56366bf681193184629aa1b99172993fdf6dc05832fb36ae5bec88b1748e05aa

Analysis

max time kernel
110s
max time network
116s
platform
windows10_x64
resource
win10-en-20211104
submitted
01-12-2021 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Presentación Horizonte Europa.pdf
Size

2.3MB
MD5

a3eff03308ff4b5cd42f5f9f979c76b2
SHA1

33a3c042436d6a408c5e2e24d7dc3646854bd30f
SHA256

56366bf681193184629aa1b99172993fdf6dc05832fb36ae5bec88b1748e05aa
SHA512

5ca603238b7bb4abd6cd5454fb737fadbda6d103ac078541123a3cb8a32db9eda95d83983cb8d5fbb23cc7103b7bddc6340f55a1e642ef4c629a2f8737f34ddf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEAcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeWINWORD.EXEchrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

1196 WINWORD.EXE
1196 WINWORD.EXE
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

pid process

3492 chrome.exe
3492 chrome.exe
3892 chrome.exe
3892 chrome.exe
3140 chrome.exe
3140 chrome.exe
2132 chrome.exe
2132 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3892 chrome.exe
3892 chrome.exe
2132 chrome.exe
2132 chrome.exe

pid	process
1196	WINWORD.EXE
1196	WINWORD.EXE

pid	process
3492	chrome.exe
3492	chrome.exe
3892	chrome.exe
3892	chrome.exe
3140	chrome.exe
3140	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

AcroRd32.exechrome.exechrome.exe

pid	process
3096	AcroRd32.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

AcroRd32.exeWINWORD.EXE

pid	process
3096	AcroRd32.exe
3096	AcroRd32.exe
3096	AcroRd32.exe
3096	AcroRd32.exe
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE
1196	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3892 wrote to memory of 3148	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 3148	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 2184	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 3492	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 3492	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe
PID 3892 wrote to memory of 4032	3892	chrome.exe	chrome.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Presentación Horizonte Europa.pdf"
1⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\CompressPublish.shtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe21784f50,0x7ffe21784f60,0x7ffe21784f70
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,9233414122486404895,15048054709611250995,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,9233414122486404895,15048054709611250995,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1768 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,9233414122486404895,15048054709611250995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9233414122486404895,15048054709611250995,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9233414122486404895,15048054709611250995,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,9233414122486404895,15048054709611250995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4104 /prefetch:8
2⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\CompressPublish.shtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffe21784f50,0x7ffe21784f60,0x7ffe21784f70
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,9451299923062085645,5550833214828968048,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1508 /prefetch:2
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,9451299923062085645,5550833214828968048,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1896 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9451299923062085645,5550833214828968048,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9451299923062085645,5550833214828968048,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,9451299923062085645,5550833214828968048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 /prefetch:8
2⤵
PID:3680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9451299923062085645,5550833214828968048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:8
2⤵
PID:2836

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ResumeInitialize.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
0871b10f67cc2f96d3fe59eca05fb749

SHA1
f66b507311f1cd9c164515690f05852fad507218

SHA256
8c23eeae8a86a7752802bbce08e8b09b56f15b72e9e000b7dd482a14d28ba2d4

SHA512
947d4d1becac4bb067f6cecc67f309d2d520eb8d1caac34bb386c11d352d3b780dae79159c483385982762a07285764019828c3c5c9d22a277d00b84abc54aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
MD5
d929a3dc7cabb18aab2fbcfdac7a5548

SHA1
3078d6b0968700a41b02300585acfb867dd47a5d

SHA256
b2b467e7d17bb12f6736cd4edbc3fd684e4edfaf976c1b67b34004a59657cf5d

SHA512
3064bfcf6c804c4f767d486f9cb09a644120a01d33a024b1ede7e1046a9927d47466e072f33e17552a70d366d0d72c7e06b703ff4ba360252cef61017cc2473f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
MD5
1f58ddf5b961c809ea72ec6355bc1f54

SHA1
1f928e26bd313fb670f10a5aa58c4505b0e42fc7

SHA256
ddba7b8b26d94060d0d01500b86d6939b559aa85f14c5aa2cac7a3b64a8788ac

SHA512
af6a2f4452900b598b99072cc72d7ea119a9bd43f6f397242a6d0b357f2725ad47d73a86a4208e9bb3ee267544fc236f435ab440a34a8d2fb969100288550c57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
MD5
57db53d4e60fffc3d33260e4238e82ac

SHA1
cbdbfc09267fbe9237edc81067a796d593f86456

SHA256
d3a5a44b6ff6b62190918658239a2aa57d23a794dba356f31581bd22c89261c6

SHA512
964412c2a4a41c1a7d3c41661a27f11f50a5af6c9f2ade1c025de0abefbf0ca4cc485733e4a03746d9ff15ad5ac07111c2394b84706b7e4a5a16d1adde425c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
MD5
a658436b474dd2b8e0b54aa1cb7aa264

SHA1
3122e73f14d3e7767c65b5a358a95aa4c820fe15

SHA256
17dc5aa05b48cc349926d7948320f261773d72d8de68a61188cf244506ea8f1a

SHA512
904a6f82ae87c48558cb0d958d8c26109c66def109a46d8ed8aca10f396c36fd01765681f28ec5225dcc3b05f32d1f86066e45562bc79440f97767db99bf7db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
MD5
b608d407fc15adea97c26936bc6f03f6

SHA1
953e7420801c76393902c0d6bb56148947e41571

SHA256
b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf

SHA512
cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
MD5
8237ec08ef9defbb8596d12c1328e671

SHA1
50716085caa674d44ec10dfe6a85815fb392b7b2

SHA256
e98486fed2212b59e2766a875282c193b9f8242f1b703be4030ac139c77aa417

SHA512
b1978f32e1b18e111015c1f2a997d141b35174aa2a56b98fe0d13518d38fa0d2a5dddda3f249426271b0a8f8bcdf5cb3dd920906ec49ce8e6f4b1b88403cf158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
MD5
b73a362f780fb6e4f36e4ca1d25b86e7

SHA1
8b043f030d06babf678d79892ead21165c194cf8

SHA256
98109419ad9968866d0b23207d5b5ceda2ecb73c2163b60cf99bce5ec7f5be69

SHA512
e1f50c06cc1d780cd39d6b9097282ce89ace830e1f45a3ed0ca7db568868d0f5111fa3a96a8a333663575d198756ff1cbd30a8f0198309c363a56a1b003927f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
MD5
b452eee470dced2db485a0f3e38fb9b7

SHA1
c19e2af5454b1a9c44feae22752b9562f4f905fe

SHA256
eef0dfac21bcc4cd1f23e759de69cbf51e5ddd157d9b0a9667bfc39102fae515

SHA512
0da8ee779f9696cdf241f53af5dbf1d7f9d74d33a964f416eea4897cdc8ad9cae9dc5bd4c3cdcf59dbcb1ef48e7f87e1d473526f6d510c3f0e0858578ce6f7a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
MD5
516b60ccee4a34072375f8a1fa4d86d8

SHA1
d5e600378f145ec7cf6945d88bca01c016cd7ea2

SHA256
beabed1e43ec8feeadc9a8aefba9bd204974d709762b11e0bb1fdaa2e829fd1b

SHA512
23055dd28b34a8ae8e47e10183d8c35cac225356c8d4002c8e50eafdd42cc4e19f535584e35c6ed891f16406cf8c3bee0a23eac42a61b597a221957cf73b22b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
MD5
2bd5d5c2f6bdbc624a55f6e3408db9b3

SHA1
e7c58cac82e9adf8a78b8579ffe797c6dc1a01c1

SHA256
04cd5c0791b90eefef99fd829dc2cf14da7a83b955072a9bc79412d89ae47478

SHA512
e543d97e63d47e2aa1f6f7a6b057d598a16a269467cf262f4c98e975f7201c6043d0233b42bdeebe5954816497ccabc218070c75feba2c3304b0f90113175062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
MD5
097d32c7e82375fcc4dc55bb56bc447b

SHA1
c017b2268de60e9a3ad94a40eb8f6a8b1ad1469f

SHA256
e26a3918de7119063e420260c9be5671d6e91d31ea8fad7111f788b640b0594a

SHA512
f3c0063d7beb21eadca306091a50d493a34bedfda2478ae5d58ede80586ee577f3be673802faf24bd1d10c827d702f4dc5164d39291104d8f642e754521d7951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13282850928134894
MD5
c09cceb79944cc1cf92720d43ca49e9b

SHA1
3e544fef91ec386892d1475704ca99888a37fb70

SHA256
bdcb4d42d86ed6c642f9d231104246264bda0cdbc8199adbf39ce93a891acf94

SHA512
41dbf0252227f0649f81bf37a0b482aecc70ba2b6f2f01b5fdb1294d23be9bc5b891b7a0c800cc2694c744cc95eefc5368f2158fcb969e3fe94c593681a5c8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
MD5
6f3637b6e8e36b3052c21e458045fbe2

SHA1
b3870f293d709af5609ab15d89bbb6c54b8047d0

SHA256
22fca0370a661dd0a366de8d851fab7e86b11eeefd582728e4a9e7e0d5697168

SHA512
3ab121f2c1e31413e41bb60f497639c00f9d3d70b99639f1bfa38086457039fc286ddd7bb2070d043a8d0490afae1e8eed0fafe343f5d855ac3eb298749097c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
MD5
89b522c9db9798d313866de994970f99

SHA1
c041f54e177ed1a51fb00a341cc1c02006cf4295

SHA256
3a7e4250e66a41d60b368d0acbf4b75af38452321e62a5d5390cb68df7d701cc

SHA512
6f660fef90687ba1f5202ad280bd58e0f0272c221b0caba67447f9374c65331f0fda1027b38012bd1eb50353c48f6ad201e54c941de8b5d64431f50672c9fd0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
MD5
7156048f67faad461050a5a25cf42b33

SHA1
1faa41d626fbbac33386551fbf3c553d5d1f1d34

SHA256
3bf0ac07252c7384aa15526a69716fad773c60b0503d14e32277670d25e1509a

SHA512
6086750bbf63da3d9144bb669a692550e61e8e9e2f7c3bed40ed94945a52a895da127a198f6a85eb4c61a3451a4d5345af957a9f1bdbd4d03712986079c721c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
MD5
2e4d1efc690e0004d04f116de4c6e099

SHA1
a1421a9fb16b88dac4d5609de8cb053189aafeb8

SHA256
9a64117b1d7bf1c385186469bb9d3ab93bd36e5fad756d9302a7173f25b6f268

SHA512
a7611612edc8ba911ba6e18479ec16bf0d5e28962ba9ff853210e677974a61db6caa3ee2dbc7ca7bdbea9c679d3b8bdecce0fe699985a780b37d73289fbe84df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
MD5
a99705b0aa348f75b9a7d9967994d6c1

SHA1
eb9a120a2a8a9a06c4a9426d646fc90f4c94e6a3

SHA256
e812521e5cd2ed5e3a2af1b5057edec1269e8e122a535a935d27a55004b81280

SHA512
0323d0b8d3938ed92f29894c111b0961c1bc1c31078962e9edcefd555fad1b9abe9a1704611d94b4db0006038acb1258b4d0de661233b3f93362173d4d1dc395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
MD5
2ee0504cb88d2dcd3f815319065845a0

SHA1
a101a8424a553e649908f7772a6170ededd16a5e

SHA256
838dc009181a4dc0e98d320429ad6de83916ff49c3018650fbd0bdaccdd06643

SHA512
80b291d3e61f22fdcea35681ca8a465dcaed3adddcab574ba281409cebc611c2d74597711e417fa35163132781fd1df5f6b301fd2dbdf600e04ec53bbd683a61

Download Submit
\??\pipe\crashpad_2132_XOPNVZPYLDQXWAKX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3892_SKBFIUPBVEGBGVNF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1196-146-0x00007FFDEF440000-0x00007FFDEF450000-memory.dmp

Filesize
64KB

Download
memory/1196-145-0x00007FFDEF440000-0x00007FFDEF450000-memory.dmp

Filesize
64KB

Download
memory/1196-147-0x00007FFDEF440000-0x00007FFDEF450000-memory.dmp

Filesize
64KB

Download
memory/1196-148-0x00007FFDEF440000-0x00007FFDEF450000-memory.dmp

Filesize
64KB

Download
memory/1196-149-0x00000207C35C0000-0x00000207C35C2000-memory.dmp

Filesize
8KB

Download
memory/1196-150-0x00000207C35C0000-0x00000207C35C2000-memory.dmp

Filesize
8KB

Download
memory/1196-151-0x00007FFDEF440000-0x00007FFDEF450000-memory.dmp

Filesize
64KB

Download
memory/1196-152-0x00000207C35C0000-0x00000207C35C2000-memory.dmp

Filesize
8KB

Download