Analysis
-
max time kernel
462s -
max time network
467s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
02-03-2024 10:10
Errors
General
-
Target
HLlib.dll
-
Size
7B
-
MD5
6629e06467507a1cec63e311e5bfef95
-
SHA1
01e9b7f87a4e1484293b5f688480740bc5251544
-
SHA256
af9323627c09003e6979528b9ec9c1ba8064d0e42103564d006ff205634823db
-
SHA512
a8cf7ba7d73a2428009d9f23ffddf8f9c4dced97f1d9f42dd839a7cd6da5cd9c942e3496acc95832853f9ae8650d039a79273d8e578d2e9658d738b8a0a88156
Malware Config
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (539) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables RegEdit via registry modification 2 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Deletes itself 1 IoCs
-
Drops startup file 5 IoCs
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops desktop.ini file(s) 64 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 5 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 11 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 26 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 9 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\HLlib.dll,#11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b2543cb8,0x7ff8b2543cc8,0x7ff8b2543cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3564 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6632 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 2963⤵
- Program crash
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:12⤵
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 2563⤵
- Program crash
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7728 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7692 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8136 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7244 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"2⤵
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
C:\Windows\system32\mode.commode con cp select=12514⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
C:\Windows\system32\mode.commode con cp select=12514⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"3⤵
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:12⤵
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7700 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7492 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:12⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,10515316447855256158,16276142815154515757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"2⤵
- Modifies WinLogon for persistence
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off3⤵
- Modifies Windows Firewall
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2396 -ip 23961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5116 -ip 51161⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39c3855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-6B75748B.[coronavirus@qq.com].ncovFilesize
2.6MB
MD5bef099276f099131c7f4e22690b92738
SHA1da4d10f9f4283553261bd53d88997d1d73a081bc
SHA256ef815aa83d3459d09b4140360555b82f8554e299e191ecd64240bb1263bdbee4
SHA512a8fdb8af8376c7efed21f9bece8fd1acafa7b32135818773c05569bd3ad84d2b634a7de88c36070f9e01ed0229fadf2b5dc1b599ec53400a0cc095431d3ef532
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5caaacbd78b8e7ebc636ff19241b2b13d
SHA14435edc68c0594ebb8b0aa84b769d566ad913bc8
SHA256989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a
SHA512c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57c194bbd45fc5d3714e8db77e01ac25a
SHA1e758434417035cccc8891d516854afb4141dd72a
SHA256253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3
SHA512aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ba7590c-6915-4599-9865-15327189e7d1.tmpFilesize
1KB
MD5260c6a98331bb441c70c9236e00d022f
SHA1df6e03aded2195710c7e29b633523dfe017a8aa5
SHA2565a4289957158886f893e13c306d1f1590cdb7fb96cd2ceb9fc1e70bbcfb640e8
SHA512e9ebf79600a788e1d2e39c825d89a9b418cecfe221c192c1b103f4b32f334bc86defe304bf5c9c4b96a3ef8e5efdc8a93152c31bc74c475f6dd04bc5fcc757a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004Filesize
31KB
MD5acd3f8bcdca044e4382c0bb6246b0234
SHA11c83d89a3c40835a82f06e6bea0af86f52901bc5
SHA256cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25
SHA5123cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
1.1MB
MD5ae6fba4a8a4923ae8fb23bbe54365bb4
SHA1fb04d11d5f8433a5149dbbf05323cdbcbdfaf3c5
SHA256d3effbeee1babe87697c39dab95237973aef8f4755a273b3a04b6585d927f7f3
SHA512275b997c5819b5c360b1f5f1a8239e6f7e1631a0c75677a4d428c8a25e03400314e8eca58f54af524fb93c3b609b7c47e60ae05a7ba874651ed58b54281a2ed5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009Filesize
37KB
MD5848304416018523d94a3c05d103959ba
SHA11b53b586cce313283d74285208827d115764f6c4
SHA256a28b31ed7c62940af21dd2a5e86a1e0e50a15b740ee3078b0ba42a575ac45ce1
SHA5124a9a3a5bb6495c7799b1413d61ee7232b2cbe3d5096f81a6b2ddaac1cab5b6db1ad694ed449be622741572d623697ea1348d0a465e1c2767a5d8c376654e9f4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000bFilesize
33KB
MD53cd0f2f60ab620c7be0c2c3dbf2cda97
SHA147fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA25629a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000cFilesize
74KB
MD5bc9faa8bb6aae687766b2db2e055a494
SHA134b2395d1b6908afcd60f92cdd8e7153939191e4
SHA2564a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6591353e7e8bb2c_0Filesize
8KB
MD52d33ab920622242c483314c03ebf1a6d
SHA1c5e7ea367eb2f7c6a09293e1a1aed5cc97423410
SHA256b153268c29fb0689ff1b015955658f209c164ee6c7acb363fb19ed83e8c169c0
SHA512b546fab7d5f0169c21a2de1c384101b4e55bd0ad355c2bbab9d102196743c8dcb7c0af1e669c82070303dda9d6c96cc1fed7e766a80a8ad0023c1762be2b84b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD51ce4bc6b418c60fdc9160595e02cc474
SHA1a8e1441c1d9f3a27c690013edb43c1c799f0522c
SHA256a287e02bf3c02f11b1aa4b3c3950594b5937bba2ea9bafaed0f008039004295b
SHA51287ed9013397d629515bb252c0c6f94b66626c22a6831a758961961f1b61885ec8f38b9ecfcc10f68c0579126dc791d9a49b72074952283676f5491761e606250
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD52ec8bbb56af5af8f05d486feb20c989c
SHA1ab7872d2dceb956e4641878e07d8a7fd3dbb9367
SHA256a35b8eff9e459edd3b8719ef29db70ff46e0d9dd2bb2574c0028ea1e2ec77b28
SHA512b3b000435dd1ecbb31a98917432a8f7f547fa2f52e9713c152b73db761aa29060319a2b7a4f37e990729fc5657bf8e0fc9308487470a5edd5fc8870c360e1fb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD57fbc8cc6930a780296062e77e253e0da
SHA1c6443c173a71f4e729d14d3296c3e1fe090e2072
SHA256d861648890978bc2fa1c34f7b9d95d459c996f3dad7d103bf25334746a8856f9
SHA512a44c5df62f7f8b46a3ea745b3ba249dc58bede5cdb142def86c3a4c6ad99765379ee8dbf421deff286e9fb36c08ebf9a4d19d2033ec33ff32361d3877542ce87
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5f54027174d361a8b2b66c70141912e8f
SHA19efcceefc1fb367ff0e82fb9cf789ec1470deaa9
SHA25644f468e5b54cd78a6e6f289b2f955ec0887de7ba6ac896f253eecc62b9fdbdab
SHA512706a30e52a9f78f2fb4fcf58cc499d24a0eb1c9c5de92ef8a38c284c0ac513e4733b8f4e865226172def4f1e66a8c12edf6c278ec9d67ef2503a423338b1e27c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e814432fd4077893ec5caddb99969f9f
SHA103cf4faf403b886bb6f88e4641ae618c3777c312
SHA256c38c72587b341ce0184ad2547677b45e2bd39e5bbe4462588ca6f3749f9aeecd
SHA5129e0b5b7de71828b1732357c2e24995cc6f7e95d4df3d1e14b8f5ff6d64948f040c195d1c83c648e7e7a111ab76818a4d04cf5d3130be06239b87ee112b07d054
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5081eec127727905ca9d9c0716bec62ea
SHA11914f9653ac607807d6ec950f94ed6d3f2e93891
SHA25643c3eea07c5b310f6f72f01aca489ac4793522170682a707a48abb85a2833c94
SHA51231713e69d04229a751423ad3648d85a6594e97a4edf1c00e3d72a39c340181fed8db5fa18810a768a4d4a0d0eb5a9d7ec4ad25dc8a0fd83041f11ac1ce9fd6f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD514014ebcde1135eb0a3ff09a8fe78b3b
SHA143e27d0204ad9f1f6737a93b3e6a6658e48fe1cc
SHA25690740777be156ff5cd3ea640debd004de132f6ff61db9eb66926f1f5af11aed1
SHA512cf8a71e0c005d6feef8e5df5d02f57e6538aa9076eba609a0ba77a462e89b16e689bd656b65a05adc715cf1a56296f0f138ab73998f77064b318b1a369ced5ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f23616d1757ba44d8a94be5aaa6f558d
SHA15431d34549e1ca7cfd0ae5d340676f7e1d0ab1a9
SHA2567d2b3953e71848ebde986b0d22c8fb0df2745b83d2968b000d2145385b1a5e1e
SHA512e28b804aa1c820f92c5955b4992d5dea39c4b148e5a2146b87f8370e8b1ce9998f224b8daebabfd1ff6733e2d13f96f776f4d8e2087c8e635acb0624ae654eef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD56f03164287eaaebeda59796606616a1d
SHA144ea6e9080300e4f86f1338b5698ef3477ce89ec
SHA2563f75c984c566738c58e28808230820da29f836ffac737c08480c46d2be39a30d
SHA51224b43beb437e77c342cb5032ccaa5a7f87229f9dcbba3efe0e89eb3eccd9b6d167c8265718c9e4e1f72691c35c9f1c18768ad1ecb297b2836d456b43bb39ada2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e987eb2f44e95d40d6aa33decf389040
SHA1ed381c60199ff90ce21f61a596f19337f1d6d88d
SHA2569eaa0ed3649f0490c7051d007b2f09abcb632e0ef6134a84d481359a84a9318d
SHA5120b4d8fa7f5e321ec1739d1a18330393094d50b2334008efc319d3539d0b48f0db6504fecaac36b5d7cad966ae7695d31c81156da80dd97884aece66bc35065a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55bbd37496a3825135885676dd07f9338
SHA16c3489104df866eecc2e615e1e904772affc64ff
SHA256f70787a7e91d11fab19f15a36bcf100e90939af74aa20cc83ff7791fcd8d163d
SHA5124a37996415852870ef3b5be7cfb1167f2e4ae81889f17cc5c64307bbf279dd631c3472e65dcf122557b5893bd55f4e82dca7c1325b33b5d961af6a36989f5c1f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD515cb082238680fcd8c4b1e98c3a453c4
SHA1dc8e8a083600b2aa65c07463b6a72264c99e7a41
SHA25694ce224fdb6897df1a79ab09f7cfab2716cd3c5bca2b522c82611c8260ee2954
SHA51203221b00ee60244ac9d2fa7c7b5c5751cb42c4d018293db13bcb2e9363644f9b8069bfa41ca1b67bae12b4fcffec6fc3fba555d555b50d6c3c4dc9ad47f1db46
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD53b874c4fb17ccad64cc37150cf275f83
SHA18a6cbf4a3d92250088d05fc4ede7264e85d2621f
SHA256d689e6ab344d6b8fb26de8253e0177ea20dd2439f7a3a3a830d35f4adada42b0
SHA512eb38f2a680a7b1da3a5465867e0f8e9ceb40de3aa8db8a93f9f014f4553622a1ed0258a1e1584803296bd7ee94f2666c6cabac69a5b8e94aa96cd9bb1809dadf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57e6856c78da85bf4c1939fc79ce68041
SHA1f179c5f5904017535b9f7d037ba4d4d583041d2b
SHA2560e1b0a8b285fa8b948aabfac83994739e6182b90f8dc0b84db44cdc22931c3c7
SHA512f3386d509829e1170773ea871db5e9a5f94cf228b772d93ab15119573798768e5db1085f2832d239fe379b88cf64eb57acf5838a891c52d162825e930f966eb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD55772685cd6bb627e470340db3ff73ae4
SHA1392b7c2e0e9f38da52b6293014d4b83635f8c098
SHA2565b3cab0461a98fa663f5e3a19fed756c2e1ad5060a74c1e585e701aad670c7c9
SHA51215672224b53ea43b1147f2daa91ea903a3ba82593566ca3fad974ae25c7d17c467e65e8d3c95ca668f18f8785c74173c85a02b4aba31bc1a8bc2eb4e4e5a80e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59f824ecfad6baf58741487e1b6238cb5
SHA19447976e5d47b76ad31df58f9f127fb34d9c23b7
SHA256d9c131a82ac265d0646f46c7609fbe68683db0cf23aec7edcad95ccd52c0ab08
SHA5128f4f76e07c1e7c2c11d6d58f0dcd6ff14586ae50834a5077e52c13352baa9a30b9e463a8f5a5d47c867110a135cc4b6ea790decb24a606f68f373025110cbfd7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5cd7614f434223f11dfcd8cf60567f46e
SHA1c9ba4824c2c83fdf63509444aeefee70e7e5ab34
SHA256333ad3163a8474177af45ff6d2dbfa787edee0f8ae4eb9db57a1b896224d6c44
SHA5129735adfe03f39e719d19dab1eb2e2553b4cc53553de15087f5af4b9e7554c0c955ef15d3e9464e432984c3531f4c07bd5a4dda5f0f18305ace31bd6ea4a24ca6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5149234c31698fe6f42d9a346fdefa4b4
SHA103db34e248fac05f2a8c6fda26ac76cff6fceb31
SHA256678cbb50acd8799b93e347bd018e3dd268d8dcf7882f555bb291cae7134f0fef
SHA512fa4e75784bd9b02b930c63c0c4ce1866387354f776ea98bf7096d8e84afba557dcbd61bcfc400449d3df127bab6bc6c01c4eb2b19a22bbe03e96b1596d70bc5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e665073325f568c2ab5ef6a821f8e84a
SHA1ad7d48583f07b266a7e93f2d17617f02f85f9707
SHA25690a7fc82a406d7705666e45d73c5dbc7da648cb5682eaecf0505889b27740d39
SHA51210ee837d797932125786e84f2e321dbe5d1c297ede1a35aef327589454c39b187083f7117fa40a9b8e2220df3a5b7aeba685676cf7f7a6c1bd8ebee097cc735f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e5eb1e8058bd28b468cfba93c36c0537
SHA1c5f6b6943c12ece1c55fd57a9fd8755576a1a4ac
SHA25638e4f3f23ab641d51968b54b1c0759e88219b30766b59ba594919416b166bb1d
SHA5125d0fb228144fc57f402ff222082095393755104afc80972a8313ca78926b7d08350933d6d5b13a138ce6ce8fc06dfa90f6f6bba88fa0666c9968239ed2ce7b6e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
871B
MD5f25fd42c3a747a5b930df091b2c9c49a
SHA1a8bba0edd8daf354d79828498c9572ae822e2743
SHA256a5848956119ce898cc0ecbaf45b5298b2fe7255ca9ec93df00f08ec48457888b
SHA5125a35f396f8b727cf69b4d404d673342db9e2472ab96199af81b0794b3cf24e0f49e24108ec64df551da8b678bf62a7ec6b7d481e631dc9d5a415898db6d410e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD56667b8b255430475a50bffd72fd60b30
SHA138609530995e8338d57e407d28818ec37d9bc02a
SHA2568acd1bde2f3ee6d193166fca6c592c8b8ce01e8b137d34e47133e3c4dbef7ebb
SHA51255b51d4f50c6c48d6a59965e81f9c203d30df239f3798532f502e7955cbabc5c3770809767867fc373f264a92a681624f9469caaef857ca7319040e887d59b64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e1eb3fe63cd7b7adf7c3d3324a8d20e4
SHA1ca49ca635564cc5a76adbd587f4905bcc5de9fbf
SHA256523aba81a81af95741f33ba31f55e9e33fda4aec2bf064f51971b082ed8a59cc
SHA512220e63eb22e351d8951c19da3f54312e0f277e0cb0cf88a70f23307ddae14a79fb4506022e85321b5fed790a49de61903c74a10f2d23bc6a0b751e68cb6ba51a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ab8d2f27ae5ae2e43768ea0ddf726be6
SHA106c30284aa4eda2612ebffb4f4de4997062e134b
SHA2565d244c650fde7fdfdba00a4bb8f7b68714c9d86dc1dd089654d1cf3d320c990c
SHA512d703cc2663d66b434aeb00da6b251ae419180ac4a7878e3317c78628e3fbcfd2753746b479a27ee53c616b4bdff5f4f889236b80605d727056254d4a31431700
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5836730e9bc2100e9b52e15cf865b8f94
SHA1602b379285686d53c93e2ec0e2f9fabdf918cd06
SHA256edb6f6fd2294ceac53e60d1915f64831d8a4144f116ea3bb2bc7284f3c4e3f0a
SHA512354e0f0d1dbb3637a44740f3a2b56afbd38a3feaaeffa1b0ec8b07c68493b284da48b651a9fe6e45e0e546bd155064eb259fc36ed4b82d3f28e6c26f9fca4d48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD504d7cfbad0370f9e2075b27bfe7144e5
SHA16374ac656f2b5854463a2f4a0ff430b274b606cb
SHA256a4e5512a41bdb40d548af96b2f032991efded2e67a520ed2365f8c138c910e93
SHA512f2bf5a5cd13391acf808d76aee1d10197cac38701d9129e4be3994504fed47a2969e57146109a58f2d59c8f76e38532042933fd9c0a9c7f36ab4fb0e5b215941
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c22cefd7fe3fd8a66c0b8bc0c3f16a37
SHA195c8e1902fb65ada1e13f37465c05df07746d404
SHA2564d55f98c24557bbb8c5c12588c8a2cb64379f10086bac49d200ab5f25a739ee2
SHA51272adc52da93c2cf04ed12e7e22650e178449e89765c6d8332fca9621902baaae16efeddb613870cee5b7070d5b0db69fc98c31e099fec9e00ffe7cbef41eadab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ba508851ab762fd8641d7787d4cc4aab
SHA1e07e96a4da0f7b2d931868807a22d8c156c5206c
SHA25675e0d992c15ed38ca71605adda073a7e9f85e1dea8e09730e47febe517e89b9a
SHA512f4a8c5e9e00a2d2178f8887a92ac1f6009fb07f291f1ca3696c9d85c2e44e6962b41c6a96c3335729ebc77ec49b21c12992d28ce19e048a9005bbf612189af45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5138ccc28d7dbbbeb28e944d8f2b35a96
SHA175cbe7f98c69d23cdc0f36e4bed97febdca66a72
SHA2566cfc0482ad2eb35cf281481299b5f62c119b5b3d7e35b66155788f4b4fc6669c
SHA512b5b32aef51c572e69f422e200b16531766e4a11bd310a65b29c2ee0c96b195596768fe40b58166d3412c822ca2308a34bd020bd7f81ca3a31c652ff8c9232375
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD55e4a51b3f1e05e03f18b728914b14403
SHA10e3b7868b8326a25637832dc0efc1788f5058440
SHA2564f41d521fe4a16f29aa2851407ee6e805de37b9f8f9b37bae1b0ab963118a210
SHA51236b4e87127c4da66a3c5ec3ea26c3b8f40fa5343972570c4aabf3e423f64ffcd02846a5de00424afe51b8943a92a8500835dcf8fa9df9b84239820f656bb92b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ddf5307d64db7837128773660a95be4e
SHA14644047d29321925b4ee321ac891dfa61a29d5c6
SHA25670fb3f4fb0d5afdb36f0ac04824e5427a0c745686bdc8db1e183fc6c7292ff54
SHA5120ba587525d1bb77777f6480fe80841cb7b0120ac28102e9bf84c1b5a2afbc2314fbd4a689270b91846af04403ab5b2929b192d6173a26bd9f4d7d1b1ec393cc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD58b43e7603555844f0cd2192008e0c0e6
SHA1062330ff09ed75bfe1f297d0d54ff605d270bdab
SHA2566fc03a4d14a368ac16ebd506357ed2842dbd33de452dcd3d13d65ece2f6dcc80
SHA512b154de0b31752ac9543d186246ec715a0f2c09ef5b3615e0dfa46e88efa3c7aabfdfe290aafbdd71e8f29fbc648d4284eb85c4260129d3c125d3ef21d6938225
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b15.TMPFilesize
536B
MD5b11742892f39c1a2cc5654a02b7d773f
SHA1471175d998882745a077adbf17d7ec27387ce488
SHA2566f9420d21b3a6a2ab05f99020b0bbae9423188058989423e925864eecda8088f
SHA512100dd546a90d8d932f4edeb60ccdf7ee84ab87446fb32f6c1ded320a26b9b8eaeaf451321b9d3d5055f833be3e5cb3a03444f360eca837818a3d51f8fe55d054
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d040a.TMPFilesize
1KB
MD540d985f797f7a91e6f316fd362bd1620
SHA15272b4afff3edbb67a3585359dd3faee30489ce7
SHA256363a76cd9cf3030741a8ebda7b2cb9d79553f43ab6ef488af575ec9362ff1d04
SHA512cda726b9f93b3ac850472e5aeb9d214898994051ef74a5ef0a1cddbe16eebcc4a9ffef2f9b0ad13eeac71187998927d294a46025024f275ebf34839e36191825
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
76KB
MD5d9eba8f856c0b39e3f635ce4c7e5862a
SHA1bd28ef6a8deaaee6b7109eb2123e800c8b01cad9
SHA2566701e9cbd5e57eb2afecd30ee50096bcac876315c2bc0721661eb3af38bcaff1
SHA5125f03e7bb0fa896a7c2c8a93fc700bede6b6204435ce4d73b435209d631e6c92eb3eb17d026b824543f9310383449659ceca9519a31a6196b2d6f54711ef1f034
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5737185932f882ad461ef798cba1789dd
SHA1ef911272078bd8745b603b5de3d10f08cc2929d9
SHA2563539d8ec04ee9acf4c6890f9c57f44acac24129b823d60247d8a747674347946
SHA5124586cc3abc3e55e8803d68fb888f9c455faa62076f094c6133743095c878c96e64adb2ce8e7696ce01668587f824e3ade2ccd1a3ebe347d9d06c986d5813af91
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51e550bba4b52f187251f0be7cc42753d
SHA1645fc8685c78c280d4db26b240321077ac570ce4
SHA256bb3c191b7abd2e52a9d47ce4ed06ace98e0cb2904c35c0ab5e3f90472fa76a23
SHA512d020d67dc162d2d3a219cd354ed32f05340a5c8f3e59c031b72ca08e908225b961d6d17a546139f69781dbba0408ddafaa3e5d6d9fbff46123b0907767a701d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD547cafb20ef51c7f8cc9c79d89710fbdf
SHA14ca4db7c53ec8d58672237bf932fc4a21cb35d1d
SHA25632d3499c11cc001feb8535e587381396132e8eb00a02884b883026ceaa0ab838
SHA5126a46bae4197d64c64168ea5a3dc60836b4b5358d1e25a29ff8e198b971ae225157938283907e3a38e31f0f043b7eddc154dfbf1a3e9df66746c1ec52f5ab0aa2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5352e6ce5eda4cd52263d5d336b2c895e
SHA16685c657efe53592d60b9f91b892f7c463c811c7
SHA256ce4fb1ad08aef3f2e6539326c6ff16bc9966eff7689704f38e1a67d0536be0ab
SHA512eca232c76b0895af29a3deaae5e320cf9bd0b97243bf129cd1b6ac0e1e170bc66f9477e3a55b935760b382d037dbd85bc5463ed295faee13311181accaecf53f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD591a08be3981636fe13202c7c93e207ad
SHA1ec47cd2318fd88f2f60ed12931b03db6aeb94bc2
SHA2565738da78169dd2d0f95aedfd4a65ededc8d5d19ff69eb2e957e6a67332530ab3
SHA512a2b9a1da3cbb80adf919901795a6069940a2e9132922285b7e0c6cc3a5548b29ad58aa2ae5a77ecfa9ce183f5982cd6d39e08beb80f0a3e2dec283a2bd74a186
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD566cf0166e1c89d1c05f9b7b73fd47495
SHA14fee1b6faef4a327b7c66919d814cbdbb2ad7b91
SHA2561dd3219ec7744cca07e798c78791f41198b2352ae2f395f08f0c67f57dc87b1b
SHA5122427dd2ce90415aee795f57701c9b151ca04fdfee4e05cceeb5e234c465b38dbc2dcf52bcce9759661068f46a8df231d33c0a25b8390ccad42315866598d62fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD500d2557f2821e325dedc724338c62562
SHA13eddf91936809a1c890dae7454b45d883416f752
SHA25643cafbd9fd75d29af17f7d78d9ba927adb695b3300235b27f74e842b908184be
SHA512b23e2b6ac72c635ff87ecfb1222c7bb37010b482a0f7b9a111d29f7d4d56dc399e450abe0a637cced312dd11e1b11e741f5f6405a8be6be47b04971fa17b6a02
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD582301461a08d8ba90ec066335e079fc5
SHA1a82571c25c9bb0eb6016bf931bf69835eab7adc2
SHA256d483254d706154838c67aa27dd88a7c791230131711c3e6b5cda07b01cf1c92a
SHA5129465df6a1c2110eac4ddbd59f85c6ded711e13bf82d41f1bb357042eea98ffedeb19b134bef1259b8ef50ea99fafc3ed6d962c4a2e5f0653dc09a9776ff5ac66
-
C:\Users\Admin\Downloads\CoronaVirus.exeFilesize
1.0MB
MD5055d1462f66a350d9886542d4d79bc2b
SHA1f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA5122c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1
-
C:\Users\Admin\Downloads\DanaBot.exeFilesize
2.7MB
MD548d8f7bbb500af66baa765279ce58045
SHA12cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd
-
C:\Users\Admin\Downloads\DanaBot.exe:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Admin\Downloads\MadMan.exe:Zone.IdentifierFilesize
206B
MD50fde7d2b01484a8769a6714265dc7030
SHA1dd86dfd03d9bfea3c873703ce0f2874bcb901598
SHA25605fc511d197314bd7e8fb4c07d5f76a1236ddf97e69ab503ed17af58ea30167b
SHA512ce11744154cfab9ff2258431c8e49319fa50e0baa7dd09e2427268dc69833f35e710d445ef777ac70915ff805107a66572d117cf0ddf17133587130bdabd5d8d
-
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zipFilesize
239KB
MD53ad6374a3558149d09d74e6af72344e3
SHA1e7be9f22578027fc0b6ddb94c09b245ee8ce1620
SHA25686a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff
SHA51221c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720
-
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.IdentifierFilesize
228B
MD5fa3374f52c14a969c628a0b9898935ba
SHA12125b2297e81491ff74004202a697fc560030f40
SHA256f4f781121f08d2b7264b09bb87c50a5afc0de6268856be4227d19de331d59cdc
SHA51293fb5d4d7bdb87aec0929d27032416eaab30dc300544cb845f292c2a216793ce724729e2c1327103277fdbe1d05edf8cfe016519213e1f79760c6faa1e829a82
-
C:\Users\Admin\Downloads\Ransomware.Mamba.zipFilesize
1.0MB
MD5f94d1f4e2ce6c7cc81961361aab8a144
SHA188189db0691667653fe1522c6b5673bf75aa44aa
SHA256610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a
SHA5127b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad
-
C:\Users\Admin\Downloads\Ransomware.Mamba.zip:Zone.IdentifierFilesize
122B
MD50ad609e88a621526e722998c8677ae8d
SHA15fb7f2e54e3b1f3e68f3325ca23859d38f1be94e
SHA256016ba74bf5d6cc6bcee76140f4d2dd89491f470af938a3aa474344338ab1ab50
SHA512dd25a30e7c61ed7e4f5f6fd763d34863b315e08f21237c28b55d0b4e261117bfc19bffcd87cf8b205d164ab72bae0644a06cb44fcfb01e5cf91dd1d4df957644
-
C:\Users\Admin\Downloads\Unconfirmed 167525.crdownload:SmartScreenFilesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
C:\Users\Admin\Downloads\Unconfirmed 419242.crdownloadFilesize
2KB
MD5a56d479405b23976f162f3a4a74e48aa
SHA1f4f433b3f56315e1d469148bdfd835469526262f
SHA25617d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
-
C:\Users\Admin\Downloads\Unconfirmed 46744.crdownloadFilesize
2.3MB
MD5fdf213d8fdb25db14a3958b1dfb7aad8
SHA124c31f351c2117ab94f05a62922405a3370c04c3
SHA256ffdac13c99d4afb7541f0ba7a72ea5308fd527cfbbd19b7c88ec9c1a6a146f07
SHA5125971d450ffd616bb53f9abd29bc52c86d1e66ec26b4d6a5634a003223f352ddac33b651d166c0e3fa569a9e2e044fbabfa35567f3fd6b00f1f204f0b48e81765
-
C:\Users\Admin\Downloads\Unconfirmed 71217.crdownloadFilesize
4.0MB
MD50d4195dcb31e326aafdcac60ca990670
SHA1361b5b30ea4b986903f1fee4d2627ceece406da2
SHA2565d82e770927c2b4a713efd6e8931c1a9bb72ff564ec587d2273860b1e84d50db
SHA512fd11f305b765c201965cc9d317b9b7608629d03e7eadfa133dc3bc08bf5ff330c347dc80e95d9c5a06268953ca70fc83c5ed6b49d5f97d2b0ed1c27b65b4ea68
-
C:\Users\Admin\Downloads\Unconfirmed 922947.crdownloadFilesize
802KB
MD5b098ae06e0941adba783613265bff686
SHA1656c7b6cb35d0b950fd6739a66e1e6198880a685
SHA256f108d958115cc38f1a0253a2a66c6fa26997f1a15039459a909b0fa898dee4ca
SHA512c07ccb96a266d2b831e75e1afcd2e31d5fbde8dbff93ed88f7a8ffdb0bd7d0a02b249cbe52453e7b6680b4c2a19d4c8fd1363b8adf86d95ed53ce16a614a9c6e
-
\??\pipe\LOCAL\crashpad_1908_MHQKJDRPTSLCDWZPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2396-1525-0x00000000028F0000-0x0000000002B71000-memory.dmpFilesize
2.5MB
-
memory/2396-1526-0x0000000002B80000-0x0000000002E0D000-memory.dmpFilesize
2.6MB
-
memory/2856-1753-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/2856-1721-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/2856-25893-0x000000000A6A0000-0x000000000A6D4000-memory.dmpFilesize
208KB
-
memory/2856-4414-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/2856-1752-0x000000000A6A0000-0x000000000A6D4000-memory.dmpFilesize
208KB
-
memory/5116-1544-0x00000000027E0000-0x0000000002A63000-memory.dmpFilesize
2.5MB
-
memory/23808-25954-0x000001E80AF50000-0x000001E80BF44000-memory.dmpFilesize
16.0MB
-
memory/23808-25986-0x000001E8267A0000-0x000001E827D2E000-memory.dmpFilesize
21.6MB
-
memory/23808-25987-0x000001E826790000-0x000001E8267A0000-memory.dmpFilesize
64KB
-
memory/23808-25953-0x00007FF89C4C0000-0x00007FF89CF82000-memory.dmpFilesize
10.8MB
-
memory/23808-26080-0x00007FF89C4C0000-0x00007FF89CF82000-memory.dmpFilesize
10.8MB
-
memory/23808-26203-0x00007FF89C4C0000-0x00007FF89CF82000-memory.dmpFilesize
10.8MB