darkgate | hxxp://178[.]33[.]94[.]35

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2023 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://178.33.94.35

Score

10^/10

darkgate stealer

Malware Config

Extracted

Family

darkgate

Version

http://sanibroadbandcommunicton.duckdns.org

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
5864
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
true
crypto_key
LAbQdWWsbybjAY
internal_mutex
bbcAde
minimum_disk
100
minimum_ram
4096
ping_interval
10
rootkit
false
startup_persistence
false

Signatures

DarkGate
DarkGate is an infostealer written in C++.
stealer darkgate

Blocklisted process makes network request 14 IoCs

flow	pid	Process
78	2240	cmd.exe
79	2240	cmd.exe
80	2240	cmd.exe
83	2240	cmd.exe
84	2240	cmd.exe
88	2240	cmd.exe
91	2240	cmd.exe
94	2240	cmd.exe
97	2240	cmd.exe
99	2240	cmd.exe
104	2240	cmd.exe
105	2240	cmd.exe
111	2240	cmd.exe
112	2240	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
4340	stubbed.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4340 set thread context of 2240	4340	stubbed.exe	119

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	stubbed.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	stubbed.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	cmd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468158885813590"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
4340	stubbed.exe
4340	stubbed.exe
2240	cmd.exe
2240	cmd.exe
1752	chrome.exe
1752	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 1576	3976	chrome.exe	82
PID 3976 wrote to memory of 1576	3976	chrome.exe	82
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 4172	3976	chrome.exe	88
PID 3976 wrote to memory of 1304	3976	chrome.exe	89
PID 3976 wrote to memory of 1304	3976	chrome.exe	89
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90
PID 3976 wrote to memory of 1176	3976	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://178.33.94.35
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc76649758,0x7ffc76649768,0x7ffc76649778
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Users\Admin\Downloads\stubbed.exe
  "C:\Users\Admin\Downloads\stubbed.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - Blocklisted process makes network request
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=952 --field-trial-handle=1896,i,14997057254058382489,8448137437599158016,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ebkhkdc\gecbdhe\eekbehh

Filesize
180B

MD5
74348fc79f1ce6abd47ac869e4fca99a

SHA1
8e205bf6e2c6f78379fa542f3251c216e351064a

SHA256
3e89e15587b21602543e34aeaf9cb18c2088c70cc769c3ab1794413cdc14cd9f

SHA512
9c1f6a49a2ed27f9b1b41946a5ffa4a5fe3355c406f61f3458fcad3ba83238e0bbef227544db14f9ba39c915f646abbf48a897c31d15f281e1462d9d2f950d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b050888ec5f2dfa193af08304d16f050

SHA1
b81a5767b35e2190a9cb1097dbbdf0dbce3c890d

SHA256
e7a898046ddf85f1da3cc057d675eed50b6a43f39b844731616d543c4aa4ade8

SHA512
b1c7d6965549a90599aafa8d94659822a4ab8078cb52716385dfb43c5737bba28eae6fd0258563618a37d3c21f450f7431ee3aaaa3563bb4915de199e52e777d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59ff05f0d7001cb767db82f09d8c6da3

SHA1
185a4a08d3e56763e32704d700ed53b40b28c5c4

SHA256
3e2d1ccd349337a3bb5e6c1538c4e964c522959cad67e5f5c343e48ecb9be60f

SHA512
e705a22184342f67b7959d7a75dd03172ea521a260abfb2781122dc45be07727625163fb23443b7e10f8d9068f3ff214311dcbd6df2a6c092f96325d94701873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a917b54a6992a5a9af12691719e1fa37

SHA1
d5c66c2fa148824928fe09d5c05a444b9e2f1758

SHA256
0c8bcc631ebcea38f3304f4a226dbc0335e3afd8e550657e77e523a8afd54188

SHA512
71f7a975739a87d95f1b15679d58e476ba716ac8fa829dc1e67e0d351ddd5a121278836a299cc28048d8824d08e503cd0ee29283c47087fe15ee8e4f757fc7ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
5371cf8760fa513dde69bb23ddf31172

SHA1
8b2dcaddfe9b965fd4bd7b0c2f3b7e5d76dd6beb

SHA256
778d47b321f9811d733156524bcd2555b41b848c3dd3470221afe64ecc0b4ee5

SHA512
81a6991a8df5374a88c56c4d5eda64305d2ecbefdfdb6df699f56b21e4d0d3cda12da15065c8d38f3ccfcdfa6d6523cc3bef8fb1076a6dd03073f091a0127ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
06bd66a654f63a00a9122c87fb12a52c

SHA1
051d106865244194e34f64fb1f2c6f0ae64460c7

SHA256
cfb0d332c508d5180aebcda1e9782dc2a0d10434405c306a814ba8c4b376ca66

SHA512
80e9831c2d3f976ae313f8dbc7c0db14f541275eddd5044ef03a541b2627e8639821368510f64a0cb235d21de2b97e3dfdb22c75e1f4c11c0e4f36cf088e51dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586a4e.TMP

Filesize
97KB

MD5
57436ce12a40788c4ebb623744834755

SHA1
937af06edd9aafdfc5ad93ecb4e8598ee4274216

SHA256
cc0f49d1f22c129b273fba6df7bcc18f8bd02de48037c7c4f80be2e74e5a6605

SHA512
a38557569722b98b15b64f0a402ea4645f95edac06dee8faa5296a094bac659513e5816970380946b5ce441c6fe1e21b9db4c41a9a7227422d4e1070cd5f0117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\baahghe

Filesize
48B

MD5
02f1b8491e0c2043852b5bb11f68ca1e

SHA1
da7566394d4c47ea0c3826de8502c1346d9b4d5e

SHA256
82bbc0b615cad883754b1db47dc23b79b7ab7134f3215a907f4582ba34d1a329

SHA512
eaeaa1f20f1a333c2dbc2ebd4cf2034a8331e7e0c1e8abe33405b94cc9b004cb837aa389184dbcdcc5cef071ca6872a5155cde479f70160be28a853ef5adb59a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 880092.crdownload

Filesize
434KB

MD5
32779bb4eda0b1834dc50d88f4930c3e

SHA1
7041fb14c8593d2657d4244d6930a35a2745f96e

SHA256
8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7

SHA512
aeb8e88e9b016df87228be72517694f1c382fde0e1f42bb3e91f0fba22ef8abc7298aec89cb8439d1c1bb20ae2429f1d4bee5a99f9fd78f4a8d7840ca856b0c8

Download Submit
memory/2240-88-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-83-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-87-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-81-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-90-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-91-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-80-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-79-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2240-104-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4340-82-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download