bazarbackdoor | 342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3

max time kernel
35s
max time network
66s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dl2.exe
Size

849KB
MD5

c2055b7fbaa041d9f68b9d5df9b45edd
SHA1

e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
SHA256

342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
SHA512

18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
SSDEEP

12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2

Score

10^/10

bazarbackdoor backdoor

Malware Config

Signatures

BazarBackdoor 2 IoCs

Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

backdoor bazarbackdoor

description	flow	ioc	Process
Key opened		\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
HTTP URL	13	https://31.214.240.203/api/v134	Process not Found

Tries to connect to .bazar domain 1 IoCs

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

description	flow	ioc
HTTP URL	13	https://31.214.240.203/api/v134

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2984	dl2.exe
832	dl2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2064	2076	chrome.exe	29
PID 2076 wrote to memory of 2064	2076	chrome.exe	29
PID 2076 wrote to memory of 2064	2076	chrome.exe	29
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2652	2076	chrome.exe	31
PID 2076 wrote to memory of 2536	2076	chrome.exe	32
PID 2076 wrote to memory of 2536	2076	chrome.exe	32
PID 2076 wrote to memory of 2536	2076	chrome.exe	32
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33
PID 2076 wrote to memory of 2484	2076	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\dl2.exe
"C:\Users\Admin\AppData\Local\Temp\dl2.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- BazarBackdoor
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6529758,0x7fef6529768,0x7fef6529778
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:2
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1288 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:2
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2248 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3712 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4124 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4152 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3180 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3940 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1272,i,15508321747862248699,10582621935128093472,131072 /prefetch:8
  2⤵
  PID:1560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\dl2.exe
C:\Users\Admin\AppData\Local\Temp\dl2.exe {0681AC5F-1515-4CCA-931B-EBDE9C1C81E6}
1⤵
- Suspicious use of SetWindowsHookEx
PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56b7749ad0483369318a1823e2c2af29

SHA1
d054eb4510b633449d70e9f6c28490c89d325edb

SHA256
35f70cee64c042052e97fb470f4dfd6bb529b6f009aa5db0b398d28ce5925301

SHA512
b8ae4ac5234b03861e2d8ec8debfb716c979c74f57b371f1bd706d2deb76ccf549a712d0071f7c095004804090ce31af16880382c6c11cfa940bc27673dab28b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b4fae455119c9b699d8bb07a4a3f1e4

SHA1
a5ae939766d2c5a5f4c49aadd9eccbd5a29e8a16

SHA256
0c0b1bd7a728ab9069655d6a6de601354714b6f7658ef3995430a2e7c6bb1f76

SHA512
f589502d4b20914b756369d450753d4247f76660aff18c45f435f59163bdad3268d62cf0761a8b802a0850bd56df7735c5c5a33b3c3363bcec058096eb02383e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43714f0e76c613871d59e7638205595f

SHA1
5cb7e3720e4c36f9a7cce6bafe6541203acdfe8e

SHA256
6a506e787dbced534c9a95c155043aa2123b4f357aa72206a479d69dca4e7eca

SHA512
ca88694865c14d31d90d92a5330fd5c2b6139600db857121b1804c4814d355413e16d75a9acd6c593b82f89ec4ef6c1182a5b75de99ad980e69f56ab6fe0ed3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\04b76ab7-f496-4d34-a781-4522e106ea6d.tmp

Filesize
217KB

MD5
89b15b7dd9e8e7aa3fc0aba8c0b52a13

SHA1
7a9ce6572a95e7bcffa7139233a2015e9033ebb6

SHA256
f78329b7368da18e8fac5f9e4cf4d1e49368ff6667d4304e56ecfb47923c47d2

SHA512
29f6308135414315c2b74127a58d40c6c07c234d4ca75ce407ab9c6905fb007b2a7ef2c08bfbd2436ea3628a21225e84aa3d4d1c8182f4de00d5bebf7258d3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76c3db.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c65ef141e3b3ee556efb34b4c5bf429b

SHA1
1a79dff3ad5b7e13a8b18aa49488a20f4c736387

SHA256
8a4b20118e5e4021bf354032045ec088632f9e0e4870ffcebcc00c934038c806

SHA512
ec139fa0c74f993dd0470cc4c8e7b6952ab80e74d8cd869a9b7b56c7b11bdb68cab7b1c88add47fb4b13edbf3319dc5a09be3af18eed4315a7e96b42b4c4335c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
3198dc64781926992cc0b2b5100d917a

SHA1
90adae189a37938de9a36c4194f26f7d36d11b9f

SHA256
e9175e78ae3f3ccaf3738471fdc16e6023d927d8c2f3c8f94bc3ab4136b95917

SHA512
5b313b6d86d508a8cc5769270b14c78455aae5e33513f76b92482fd0628cbe9f95a79d05319cfabdcb9d02a3745064ad414f7470b956f88b2b619f3752e919b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1a2962a4bc22cfd511c8e82f4137c4b7

SHA1
7f6b32eb168f0950d437e7de598b8361205cbf22

SHA256
c68f3184fa59cfa328026b511548e8774d13037d315c24479879324e53379adf

SHA512
095b324c2bceca4b38d0e2931339a5ea1e62e35de9630ab7210f646cfde30435f6e5d605e57a271249ab606079da19c5808ac0c15478bed9e2474f09462b070b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b7afed548834b06ad32426e65659ccc0

SHA1
3456b08d8ce3504fe62d5d8cf5d9866a2684dfd3

SHA256
e4356a83ea3c47977ca6bb07e8d06eb61c2ffbafb7400021e1e02b181fee18e1

SHA512
75bba8083f2bde9b41158324159648ba71ece3fa805f37b71443b9072aeb5b482189943aee384a95891cb28315cc11340093812fad15ceeae1fca3bad7d11e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc6f1a43f08a5092609f2b824954a06c

SHA1
13d9b5918a0f10e59e35be8b429403e0256484ce

SHA256
78813de06531cdf7c8e51257fccbcd5d8a262a2c665c41522c58583fde2433bb

SHA512
2a599108823cb931ede7d34c4dd1d5a7173e2becd22500143703a132cc77532ecb9b5636f0d2911b30bf01283115371ca5ee6654310bee81ca33e5c853d8aba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d6db6bba93b8854bf1b0576b3d93659f

SHA1
8734596d5343a8e5e86ad931d75efd5c72279adf

SHA256
57d9e75be97d363325c7bca780211e969a90d07b8fb36d5caab882a48cdf53fa

SHA512
1a35925bb1a5e01afe3501641aee3b162b9f328b6a6d6a1c4d776431c82cbbf25e6c233e8baac0059a05d4a200fd5896bcd5195ea7927f8357dc021053bd7e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
217KB

MD5
24efd82c716c9b70bcdf215ffc72c36f

SHA1
686ebd7b7b64204b10dbb82a58adcd19fac1e0a7

SHA256
31019e589603efc6394cdd68219285fb8fe867ba373c1139205888641156e9a9

SHA512
15bd22dfb54752c8e68a4b46cc192738a59fe9abf4b4a9881750ea69e01007203580914d916bbc120002817d376f642cf6923c0fb7c98b0fbd58e45c72d0fde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab676D.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC237.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/832-90-0x0000000001D10000-0x0000000001D40000-memory.dmp

Filesize
192KB

Download
memory/832-91-0x0000000000170000-0x0000000000270000-memory.dmp

Filesize
1024KB

Download
memory/2984-2-0x0000000000200000-0x0000000000300000-memory.dmp

Filesize
1024KB

Download
memory/2984-103-0x0000000000200000-0x0000000000300000-memory.dmp

Filesize
1024KB

Download
memory/2984-1-0x0000000000300000-0x0000000000330000-memory.dmp

Filesize
192KB

Download