darkgate | hxxp://193[.]178[.]210[.]226/documents

Analysis

max time kernel
74s
max time network
80s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
15/02/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://193.178.210.226/documents

Score

10^/10

darkgate stealer

Malware Config

Signatures

DarkGate
DarkGate is an infostealer written in C++.
stealer darkgate

Detect DarkGate stealer 2 IoCs

resource	yara_rule
behavioral1/memory/3944-80-0x00000000063B0000-0x000000000670B000-memory.dmp	family_darkgate_v6
behavioral1/memory/3944-81-0x00000000063B0000-0x000000000670B000-memory.dmp	family_darkgate_v6

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3944	Autoit3.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Autoit3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Autoit3.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\reader_update.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4888	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 1176	3504	chrome.exe	77
PID 3504 wrote to memory of 1176	3504	chrome.exe	77
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 1500	3504	chrome.exe	79
PID 3504 wrote to memory of 4528	3504	chrome.exe	80
PID 3504 wrote to memory of 4528	3504	chrome.exe	80
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81
PID 3504 wrote to memory of 4056	3504	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://193.178.210.226/documents
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xc8,0x10c,0x7fff1b919758,0x7fff1b919768,0x7fff1b919778
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1804,i,14518523798386310739,12178435221974024963,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Temp1_reader_update.zip\reader_update.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_reader_update.zip\reader_update.exe"
1⤵
PID:4976
- C:\test\Autoit3.exe
  "C:\test\Autoit3.exe" C:\test\script.a3x
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:3944

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a0f36386e1ee27980c80edd4838614f7

SHA1
c2d9e357dc78bd2c1d2403e01acd97b2ac03e4f0

SHA256
d4a005940ab7226da62776f5ff3be2ca2517997c9c7364891e952494a3f69e5c

SHA512
343134863955d902336169b92048aff7bc09ece8a0d3ead1b6d713b5a01c5f41d3c1b14f8d0ea6ca637bbc1b65059a76f06e872d7487b55a06f53ef3362575ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15fac5b343f95f4a3fed78cbdb3d54ba

SHA1
3eda33dcfae2e55b574c0da4b173d8ba3030509a

SHA256
0ecc3af2d9c22226f3cb7d493a23e34bd20978f5030cfd924ba88d2bae07987f

SHA512
9fa4f15a27c1fb0ea06ed291b708d1fbe3173171b92ddd7c6cadb88f9b7110fe38062f7d352b89647a1853dbac8e1c692e317f7878423b72d725928c055c2b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2987a94ae1545e80af9b1e3f03f9698b

SHA1
0482cac23f606da27bcb2d5aaf99988ea2564a93

SHA256
5c31445dcb8dafa019ba34a4fded4dd8e38964b5d6557526e569f6db23b6eb1e

SHA512
66d946fbe7df7ef9c98f5138b01eb378108546ed15e53d82fbf76c8361f5cab42cb3b123131e91605793af0007ef3ea8c2c74eaa6b64b9ebad20b1c891492d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7cabd8cdcbb896ae0b02914338bfe74d

SHA1
5095634f6e9e8f1d13e182ad7f96e642aec93376

SHA256
4a59bdddf955377017c4ca4eef1bc6cd70d64ac2e703e65de412f00fc528c2e9

SHA512
7bf1604e2fc5c4b901af49b4f5736110d9a3bd09ddbc1807213482ec4b594ac27b910ef6cc6abb3a723d185abd9204252a7e5ce6c96af4d85cb90b47f8865d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a9c4f145847f8ee5772f57b21b63f9f4

SHA1
f15b543d3c15e8664856514db0f03ebf14cf3c5b

SHA256
051e46fe59150df8dfb95fe3208c3cb75d5db4b1113f712067572169be7be93c

SHA512
2aa718f67f98be8e2cf5169de1add52f42faab0e9ecb6549210083cef521f9a1505c73950209a988c6a9164f230a977d46d35343129e242e8fcfc31943ffb341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c4d597fb9f86a0afdf0786384d6a6656

SHA1
4dcd04b2fde89de189be8e6e6e74d0a02628863f

SHA256
10a3da13a56793d4f40bf82c10a471ad093926f0fab5d38815d3a8043048611c

SHA512
4601519712fd9fd5bd1a340a541bbef0113c1588eab338b70648cc8dcf49f68038f475b6fd9126c55c3b98b598e0f7e96f7f55abf6e19dcb3bd7e17521087800

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
63e3dabd927fafb8df7c2564b7e30922

SHA1
1999f2649911d88cda28f4508d422223052a7821

SHA256
fb783f09597478aab4f55f5d3857da8e69e8447458aeff38b863673d27d9e565

SHA512
51ac0d543bec7787252fb0ea8b695fc08f8ece08c32da6f0b0b3b40e19f2f65e296a80f42e9ddbcfd8e5a56eff99a9552efc0cea0827e645db4fecb79871eb92

Download Submit
C:\Users\Admin\Downloads\reader_update.zip.crdownload

Filesize
496KB

MD5
0bb063d129162e8c93830fdbcf2ba416

SHA1
b94061877b45dda085ef56c03b09c210a6b78a20

SHA256
34141756b9cc1ed73041cea7f5b96ba54098ac91aa11a74ada2a4dcfdf05f574

SHA512
fa31c12a344406a683cd9bb943351eba344ea8c9bdfd38e498ede07809b8d43f73a5cf317fcaefad5beb5f96f76b6be14dc666c071f271025b16ede5a15d05d4

Download Submit
C:\Users\Admin\Downloads\reader_update.zip:Zone.Identifier

Filesize
133B

MD5
7993b62fbe6968dc7553d1bf1de483ce

SHA1
77579cc404d818792c686e0d042768671804c3d0

SHA256
f26aae7f8354d455e481f590038843448de8cd59ce22a779ee05e76dea7f1ba5

SHA512
3802669fef80a3d241cf00aa21ba057dc5fd464533f0bc73c4e2b75aa3dcf8702ce23db2ded19f70f4f1958696df3dfa4b97b94cd5488878cae34d63e832614c

Download Submit
C:\test\Autoit3.exe

Filesize
872KB

MD5
c56b5f0201a3b3de53e561fe76912bfd

SHA1
2a4062e10a5de813f5688221dbeb3f3ff33eb417

SHA256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

SHA512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

Download Submit
C:\test\script.a3x

Filesize
473KB

MD5
30a57489d8db61af2b43b3a5e796234d

SHA1
31bda33394b533f33147b374c9108d8762876590

SHA256
b21aca04205df1d33b2218cd986621abbca52070f2f21ed1bc24294f8ab09f31

SHA512
647dbb85c863808aa88ec5c7f15a4fc0ec16f9cfe7fb923778efd1365bda1e0d9a37d9f9950d7eac6a31717da3bf38dbdf41adda68485fe3074d76a2d389b17a

Download Submit
C:\test\test.txt

Filesize
76B

MD5
570fb19bda07644952532d2bee7593d7

SHA1
c434be58213f885cbeaef00d47877490e8ef4c9a

SHA256
7b7228217776234e8c03c7b48cfa51f4284553151158b6bfbacbe3d9f348f25a

SHA512
abd1230cd3c000cd8a4f5100883b46b467c10993cb94fd2ad868b2bd6bdcef8fef7bc3021d38d4f042e9ad8ddfbf6f92d9779325006be936c0992186bc546e66

Download Submit
memory/3944-81-0x00000000063B0000-0x000000000670B000-memory.dmp

Filesize
3.4MB

Download
memory/3944-80-0x00000000063B0000-0x000000000670B000-memory.dmp

Filesize
3.4MB

Download
memory/3944-78-0x0000000004EB0000-0x0000000005E80000-memory.dmp

Filesize
15.8MB

Download