danabot | 806fb0b10366bb1923a9d4e4545ab76d589a1848eb758c978bc349ca86b22c54

Resubmissions

04-03-2024 07:39

240304-jg8k4aeb56 10

04-03-2024 07:33

240304-jd2ndada41 10

04-03-2024 07:16

240304-h3sw4acf8v 10

Analysis

max time kernel
271s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2024 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YE.jpg
Size

1.9MB
MD5

db00d76d920d8d9e1a01a0d278d64f0f
SHA1

321535469be98ff53be76621c10027ab0d14bc15
SHA256

806fb0b10366bb1923a9d4e4545ab76d589a1848eb758c978bc349ca86b22c54
SHA512

86950248bed2ad1199d9ded6f74318fe86ee52af99b420dff9101839c9757f816b7629b251fcd867078082a3db48deeb8a1925b2ef73dd0ebae646bac4a62676
SSDEEP

49152:pzMD+O974EJW3DyQFXC2p1WuO9WYFNmPR4X50IepawQWAs:pzMDXCiQXFhytNwc50pawQG

Score

10^/10

danabot banker botnet trojan

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://erpoweredent.at/3/zte.dll

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 5 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

Processes:

resource	yara_rule
behavioral1/files/0x0007000000023350-796.dat	family_danabot
behavioral1/files/0x0007000000023350-798.dat	family_danabot
behavioral1/files/0x0007000000023350-797.dat	family_danabot
behavioral1/files/0x0007000000023350-802.dat	family_danabot
behavioral1/files/0x0007000000023350-801.dat	family_danabot

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

rundll32.exe

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	1952	1080	rundll32.exe	146

Blocklisted process makes network request 5 IoCs

Processes:

rundll32.exe

flow	pid	Process
165	3712	rundll32.exe
172	3712	rundll32.exe
176	3712	rundll32.exe
179	3712	rundll32.exe
182	3712	rundll32.exe

Loads dropped DLL 4 IoCs

Processes:

regsvr32.exerundll32.exe

pid	Process
4192	regsvr32.exe
4192	regsvr32.exe
3712	rundll32.exe
3712	rundll32.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	Process
File opened (read-only)	\??\G:	EXCEL.EXE
File opened (read-only)	\??\N:	EXCEL.EXE
File opened (read-only)	\??\S:	EXCEL.EXE
File opened (read-only)	\??\X:	EXCEL.EXE
File opened (read-only)	\??\Y:	EXCEL.EXE
File opened (read-only)	\??\K:	EXCEL.EXE
File opened (read-only)	\??\O:	EXCEL.EXE
File opened (read-only)	\??\U:	EXCEL.EXE
File opened (read-only)	\??\W:	EXCEL.EXE
File opened (read-only)	\??\M:	EXCEL.EXE
File opened (read-only)	\??\Q:	EXCEL.EXE
File opened (read-only)	\??\T:	EXCEL.EXE
File opened (read-only)	\??\A:	EXCEL.EXE
File opened (read-only)	\??\B:	EXCEL.EXE
File opened (read-only)	\??\E:	EXCEL.EXE
File opened (read-only)	\??\J:	EXCEL.EXE
File opened (read-only)	\??\L:	EXCEL.EXE
File opened (read-only)	\??\V:	EXCEL.EXE
File opened (read-only)	\??\Z:	EXCEL.EXE
File opened (read-only)	\??\H:	EXCEL.EXE
File opened (read-only)	\??\I:	EXCEL.EXE
File opened (read-only)	\??\P:	EXCEL.EXE
File opened (read-only)	\??\R:	EXCEL.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
3992	4640	WerFault.exe	144

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEWINWORD.EXE

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exeEXCEL.EXEWINWORD.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133540112706124566"	chrome.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{58C66FB6-E8B2-4FC5-A1A5-26F83061A65C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

EXCEL.EXEWINWORD.EXE

pid	Process
1080	EXCEL.EXE
4636	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

chrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	Process
936	chrome.exe
936	chrome.exe
3456	msedge.exe
3456	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
1436	identity_helper.exe
1436	identity_helper.exe
4108	msedge.exe
4108	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

Processes:

chrome.exeWindows-KB2670838.msu.exe

description	pid	Process
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeShutdownPrivilege	936	chrome.exe
Token: SeCreatePagefilePrivilege	936	chrome.exe
Token: SeDebugPrivilege	2396	Windows-KB2670838.msu.exe
Token: SeDebugPrivilege	2396	Windows-KB2670838.msu.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

chrome.exemsedge.exeWindowsUpdate.exe

pid	Process
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
936	chrome.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
4276	WindowsUpdate.exe
4276	WindowsUpdate.exe
4276	WindowsUpdate.exe

Suspicious use of SetWindowsHookEx 26 IoCs

Processes:

EXCEL.EXEWINWORD.EXE

pid	Process
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
1080	EXCEL.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE
4636	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 936 wrote to memory of 4984	936	chrome.exe	99
PID 936 wrote to memory of 4984	936	chrome.exe	99
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 3644	936	chrome.exe	101
PID 936 wrote to memory of 1620	936	chrome.exe	102
PID 936 wrote to memory of 1620	936	chrome.exe	102
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103
PID 936 wrote to memory of 1560	936	chrome.exe	103

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\YE.jpg
1⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3999758,0x7ffad3999768,0x7ffad3999778
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5080 --field-trial-handle=1912,i,4333281693432286024,10467110606592389398,131072 /prefetch:1
  2⤵
  PID:4852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffad37f46f8,0x7ffad37f4708,0x7ffad37f4718
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3562865593720815179,3316535083279191638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
PID:4640
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\THE-MA~1\BANKIN~1\DanaBot.exe@4640
  2⤵
  - Loads dropped DLL
  PID:4192
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\THE-MA~1\BANKIN~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    PID:3712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 480
  2⤵
  - Program crash
  PID:3992

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\Zloader.xlsm"
1⤵
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1080
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" C:\nxTgTGh\ECeMdPT\EnVYsVZ.dll,DllRegisterServer
  2⤵
  - Process spawned unexpected child process
  PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4640 -ip 4640
1⤵
PID:4924

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4636

C:\Users\Admin\Documents\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe
"C:\Users\Admin\Documents\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe"
1⤵
- Suspicious use of SendNotifyMessage
PID:4276

C:\Users\Admin\Documents\The-MALWARE-Repo-master\Joke\Windows-KB2670838.msu.exe
"C:\Users\Admin\Documents\The-MALWARE-Repo-master\Joke\Windows-KB2670838.msu.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
a24cb09c2baa54557fc28b44bae86f30

SHA1
c1f435d6a761664cfc9378ea81179e24a2406b7b

SHA256
5f44228b0ee9fe7778cacdac2aed2cee49a45ef2006ed354f810cb3c3121b093

SHA512
e456e89796878ebc24a7d742200bb5f07378908a79a9ae627e351eee647596a65cc0c5088805b6584193419ec4dc26f86b5aececd1915dfca4a2e21f22320781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
e3c4ed27c16e9ab19abff565cd553240

SHA1
d12f3809adc51a772008be3a9cafd481c09407c6

SHA256
71a8a989751b421ae672e9199b7c9e9d5bc1fb65d953097fecfa097b553ec2bd

SHA512
fe1e407d977103a50830900a6514103f69015e887758e51e6ea50bc73efcace0b410e436fff0a7b8a64fa2209a64a2054b7c9f8c5b20214c1ef29ca3a73cb23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
530c3350f90bca016b5e61890c8d9e55

SHA1
9d518a50a4d7bbdc8982f06ce28f89573e0b4c43

SHA256
36eaed54a8a81b7871b9019e8b4fa54590e3f41c5c24fde6d67c42ea2c48d268

SHA512
c3867cd46fd2117d65a3fcc25a193f45dae75fceba5ee4f527c8ff18282cbe33e37a764f1a7cc3c0a6674a1c705b9971aa0a8f1abe05a4f542e80669c49de007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9599dbb248104be0abf1a418cc1a693c

SHA1
539bf05fb2d3bc9cccc06738893b9f520d9cfe80

SHA256
26c8fa8b9655148997993571faf26981e57bb5f46014053e41b53ee0488fe8fc

SHA512
efba86294cf8f96d039de8fb49ad5b737ab2af995b88251d48279bb99ee0c3db95e39a9a6008a7095cd5f4d7f62321d90e3a60ee7479ee3292a98d70b45efd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
2bc9c423297a15e55aec7ea9c0088e22

SHA1
7d5739bdad8e0a1392eb760135d2c4f14083ae67

SHA256
44a262fa572f3822bbd39800e9eaa2154e5237c58a6d052b7908c794baa97edc

SHA512
d481caa4b2926d7ec0157996c057952322fbaa1aa5c0093b36af47861e54ad4b861b573a5cc0528ad95241d7d3b89deec0699aeee61504f82704fea3c1bd407c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
1fa70de1d03f3664f61b5b5bdc408cc1

SHA1
db8a58d42fe8fae1e29076c7f31d76a8b658c414

SHA256
281ac64d19ee9a10b1777dce823b975257e468047549c97eab00c6cdcbfc12cd

SHA512
d047eede55e58b3d9fa7a0c2169c3a7e6457f8f3ca39eacbfa00f33d35b77732f806ff90a75f401066bbb225a08fa05c9b1e1027a38236dba569770c45334a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f4956cca96823c78cb9d1cf8f8c6fb4

SHA1
ef3406bdc9e4ebca95c2ca24f466f9eb997cfefd

SHA256
e19d067cdcf3bbe1effd751d561d61baae2141d8e8b089fa30c3caccae31e8fb

SHA512
76ed596e9901d785a1fd1811ffde79dc95b67ffc3d0a56de2171bb97ab5b1697a6e9afa13ab41cfdfba9170cb48211f0706874211bee3559bf490655c75d7d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb3b5a19f5b49c785b95cf125508ac7c

SHA1
70ae0f25f678cdfd75f8fa26188e9e5b9b46937c

SHA256
f7dedc30b74cf15527e30def34070ed534ab89693322465657ee45aade5abab3

SHA512
812f74ea83f0459f2fe556af77003464a8c24a0709039fa2bd0ddd8fdedd87c8e0e56090df3d9c7a12bbb150d502a1f9aab7b89cba81d6f40762c0d6229ff8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3570bb41440d78ed8a21c90371047131

SHA1
c0478923a588e645cb88e524719fa5cb93a3f390

SHA256
24e9bb0869cdf775139bcdf1239c53e614288f65583a7b332c1f0002b3ce4a12

SHA512
05f63df223b34001571e0fd30858a325afe21eadf04a8a551b0f5faf9b65e2ea96c3ad20dd55667fc8f70fa7ed73c35ae1eb728cd72075001f39e534d823635a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
098224ce3efa0efdf5bfe78af8bd74e9

SHA1
e81539feb2b95b4e9a69e5a8921dfac54c37f4c4

SHA256
a4d79233f3d35411ac995bc1efc9bdcc7490b9e249b96b7ecbe60620d311f7dd

SHA512
7057c02891f94b0edf37ed125b110b94b9848b20d5bd5b684c4b4d3bcab1f171aad9eb06b5996e01f2d0fb48acd8a0d7eaa3955da628a0a233de17449ead47f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
46907a939094493518fd502deb941b92

SHA1
e6470f67247016c3b7158336258829bd580f8b7f

SHA256
e129f0a981bbddb2161cc46f66a0359649dad6b6331b83981ba2d32b90aaa5b3

SHA512
a314c2c3b7bd3f2709621b47844426cce70b43612921a27ab426925a34fce9b52c2232bf91c91f493eb114c27ab28161ddca7d455df5c20e24bc7b66a7e10663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
435e6a88f1a5d79b877fcf4167544e5a

SHA1
ebec76436a25cf9156846fac3cee4375860adb16

SHA256
f1850bd777a0065fc8fe6617410083c6a2a04cecd5e1f5c24e271b8284411275

SHA512
4f46968cbe1ea319a03f9d5c3a4a0b58b67184374ae478f4b26537cec6ae76de2a6d6406334dff3dab4d536d8630138cf77c4748fb1bf8f42058c75806e1dfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d73cb74a296a858ba159509937703d19

SHA1
1808e6dccc597606ffccf58318082bad15834be0

SHA256
c4837f1fb831425b00941c1af85f0248b64bd73bbde283aa215b400c1fc82155

SHA512
a0fd84dabaca8d40ebf0df0fe9f806737648e02d4925c577cf978798bca06298d8de4c5a284bcfb77b70a28a31d8d5854fc30ebcbde71d3b9ff03df70270437f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
d4c31b2b3a7850f19d427d77c6e87ec9

SHA1
7eae63056a3da82adfee458055072359fa1d6e9d

SHA256
003dd0bd9ab7e96e8c863f83a46bb9ec5ccf1ebf5308e1a7069df8bccf7fa18a

SHA512
d102333a13d120bd537ad7ebd0cdeba024870507ae93a3cff4d0b579a8629415380fa4c2857f7d1bfd79cb8e1e89084ef404c55d96e762a1ae368d8ceddde399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1013B

MD5
65c4c5126151162c74d214c55d66d16d

SHA1
4ed54a88de928f9dcec8899d38e292c7db695d58

SHA256
f490f053ecb8671276e61e35d485645add3cc697d073bf4ac3c1d99dea3d8a26

SHA512
64e52206310f193d48d1bdd1d43ba281140d11f07119474b3a56736fb934e1fc0dfe04f040b41ed5c75be632135d941a3cc1108e383fef860782a18adb31fecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82a3ea5307c9a5c187f405400f0a6fcf

SHA1
a593ff101ac82b082d99855bf51102758fece063

SHA256
5888dec98f6f0fffeacafd12b53b06f31dd1e5b6a932ed02883e97d1fdb15162

SHA512
488f07d985a5d7968a36ab1614c4806acfe0a8f85e9395e4ada23cb442ac6cdb1235059a30447032257144d660d8bc3f014cecd58aaa35e90317ca54176e4171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36ef103d07628d7313ad5cab255fbf2a

SHA1
c81ed7a4e381af135eb98c329d6407d9d0a24249

SHA256
a52b40a52ef176b315496ec3bd6134bbd7eb561ffd30e7e5b94c53811cd17212

SHA512
9b9963df49b4409c9fec1f642170f4259707e22486cb14a7144571ffd31847b1fcfadf0c3a83fce738164df8857ebceaef9861ea28a259964394eba6334c8cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc6639588af0c0517933dc1310d841ac

SHA1
279438997014f0ba3de74f9b5abb170a3710c4f9

SHA256
fb74a0c1f2700797961bad9b2fc8d8c00ab508f82c332dd348ba2004604de5a6

SHA512
d583f70b0d3e8461df6ad1ac385c758a1d75adfa09828c39ced7814f0995421a7195c2e33b421401a1d066a185e0b254863175a705b67785222196ac9a87edf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fb3b899728c50fb9971baa319f50ebc5

SHA1
cb5379a8a95e38b3ae8ac3f73b0c48c415fc0262

SHA256
e3cc1f195d892cf78940341d8a0f7fcd42651ae5b71cc6950046b73a36cf130a

SHA512
3de927e5ca8a1c7f25c33022cdebb63ddac98c4e338546d3105bf9e8748a4c3ff5ff3201b3dac2691c3ed468bde942056a1700874fc53c9df494459af7badc4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
171b68bea5a936487a03b38b8f4f8243

SHA1
ee8176ef43734e348dcab27eba92a675fdd6125b

SHA256
996b6b682fb99e77c5df4c58aac55a544396c3ca7b7d24f53810bb85b733ea05

SHA512
a7ab955eba2a212e22d91ad45a33e2e69ac540c4f90163fa3ffe520355bd69530ef327222bc3a54b730d1479a65fee9c567df893191080e9c585f12fe6768736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e8782d43cfd99362deae15227468c8a

SHA1
a961df78c98e16428fd1c60c2169554c8d994654

SHA256
7d180f31204b291e0b049033bc1244946aeefd1b83ce03b0ba6ca54c80b7b20e

SHA512
b3bbd46e061d7f8fb3e6ad954058d8626ac87e0f85d374a78528996072f5e84223c7492c9d7a958ac13e93e656bc6392d6266a8dfbfdc4f2b9635f471a0b61f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5019d8ccad90a81399946b28a7d42b10

SHA1
162b91564edcdd5a4b407e6bf5019ec48e6f3399

SHA256
78aef23ec682083803c13b747ebd113da07d463303cb3687ead819f68a830336

SHA512
0354abb9e57a317c65d50e62483e33fb6a76b81a9fc4bc5d4aa9eda9cd7f69984ce46fdb3088089c1d2e57ce020359f6c1a24221f965a72df6876826d7b42e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b05e959841f7f91489e9b13e51a22acf

SHA1
361de3ba45c10f8c0e89fcaa986e6ca9c83047ac

SHA256
9501549103a267ad284511ec47de2349f37b78918d160168a1bf75e2d123e4c0

SHA512
b9db5c51997825b92a72f1ed1f2af59e4b182d64b3b22761cc68a147a484d7c6baee13416a1a705eae5c23cd0a4098bb1aaa5070598f08db4da292f83a0c8381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02dd0238a48eb6fa778b3b86352ef177

SHA1
f0feec41efcdc1ea8028f86227ab37533ef02051

SHA256
c6444ae2817354d7312ea1078daccff7c55cbe01d100f9351a6e4b1d420b9b0b

SHA512
b32ef1676623697c26c2e4b242279c9c436a6bb5de4096972535978d7420c3256a53f038847de0311558f65c872e1396d0913e94da73d19f425bab0642c6ea78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70d2f3745d5c4267125d71b98eb6f313

SHA1
99026c5c211148ea972fba4ae6544089736a3902

SHA256
24cd71b8858bb2f5d8b17485b019488551aab88e6be796a056b54fe93b378ed8

SHA512
aa4306a527eff627fe6426fedf3fcd1c85ae19da59b56ec94053f86ab31da757ac25640d118b6e39b214c61a6f55732674520df56b264f1f7e5ecc53ea2d9a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585407.TMP

Filesize
538B

MD5
1ef5cc596cf6bb0358766404ed29562a

SHA1
969b015d2d379c782c0a82eecc6fddffb55a8da1

SHA256
dcdc4408cd8f24751b4d5264af65e4473e5c3c23f437b8fc436fac72de8f5084

SHA512
e30a2e839cb2470e942dcedfd6d38abaf8668f842a03f057d8434f3ae792d4188765ac1958cae7ed772cfb3c56be400c0d9715b8e5a8594b65221af9231e40a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dac4d0ebb8abf00bfc2d701cfaa367a9

SHA1
1bd184a74c6ff75c6e726a800fcbe48b2d15d414

SHA256
cce735bb008fa0335c04383e9c0dea9de7d4090ca7a9899ad8f3d2f6ffd59e4f

SHA512
0f51497c7572f8171eaa9fe484ad52cb348e8c472d66501853ac0a8f942ca8cba89ae1116cd19d23dbddcd04aba63217badffa7303f80adad69b400c33d69e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
55bc5004853a76b6813fd4b40c0d8d19

SHA1
eda9378aaf586809760554149456ca9b640a618b

SHA256
c331a2f498a4fb0494ce3dafd74bd00703318989e656ee8c005afeb3fca1e279

SHA512
106a69c719524f16ad1a1ae24b419cc599dd740c3aeccd456f002d2ee15e98a2680ef64c49d4f0d0b67fc54da62c4c99900c71420c8589d9a0a2af9273dea3b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\913834A9-82F6-4901-85F6-FD17E7F9A837

Filesize
160KB

MD5
2a16152f572db7d9d592b388585bcfc7

SHA1
a2ee8ee9282aa7368c3576e8afb3224b87dadb8f

SHA256
6138dbff508890f79ce569f1e27435114e528b53e34bc6d5e28f0b8dbb7c31f7

SHA512
da098c3b9287787324db12024fd3853309b78a7700875253ee0df814f846788129740eb03e3061e664035f03787e6bc3812b755b44ea37b11a9a64af0eb43e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xml

Filesize
76B

MD5
0f8eb2423d2bf6cb5b8bdb44cb170ca3

SHA1
242755226012b4449a49b45491c0b1538ebf6410

SHA256
385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944

SHA512
a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
75f13912ae6a791eb20b053d2fc20689

SHA1
1ef6455c987bfd5a806c03c990e9015c4490b6bb

SHA256
433262d3dd0b535ae7d8edcee59fa39bf434d38557097d336a09b6395cf73e0a

SHA512
fbc8eba98f94f2932ed0f1951b3e316bc2f50cb1b939527ce2bdfb1c029e47c157407a7e361d47c62c0679eee4857649d9e726f5a62be4685470808202b9610e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
e0740f474a5a4d02f5c2a97dead40a3d

SHA1
7a734e62ab9e3a09141c95ee35162bec822aeeef

SHA256
de00750c1fc8d27a5566d1c972a891a42146b88ad471649ec0ad9a83f59e039e

SHA512
bc8285195d1732e5fcf636091a85196cff542fcb85850b8c0086bbda8443a9b4812e931b5a8d3bbcc84e6393def69fdb487731d513ad449edb70d11fbdf56d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
fcd84b70a2302b1321bd237595d96b16

SHA1
93071ee92793d0c91cbac75247155a6c1a39ae7e

SHA256
43eaaa2838cf94665d1a20e4921b5508454af0601fb0a3edf9c882cafe50ac3c

SHA512
1e4ddbf41122ac6cb56b5564a005e151409d0a11217aed6f03ade714de6561cf63a0062f2e4ebf02e11eaba172f97ec161ab66ba1eec4ab73c90d321d2ba020a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\THE-MA~1\BANKIN~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\DanaBot.dll

Filesize
1.9MB

MD5
a80298998b952fb5b91b1c05f3a6a623

SHA1
1590d1f75f5ef65290708dbcd971889af61b97a2

SHA256
6c424523c50e30581c04d123110b86c86c83c792fd15d5f9922d66a358d2ba8e

SHA512
6c52ea7305a70cd23497cbdc8fad873ec90e80e9295f752f6c4efd8ba019a0fe03397f2a16ba3f3a5892ce167bc6a060610b2c99b1467475b81435a2f939d916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\DanaBot.dll

Filesize
1.3MB

MD5
46e764063af08335b30d0995abe99b59

SHA1
2b77da8e7fbcf6ebd26f809e9851dca6246536ac

SHA256
057132d8f7aa95d72c47912653136dfd51b93c88d01545264dd52b52e0afb027

SHA512
bb3f685bde349ff3f4ce20943c01ba5dab294cc2778885c8743b5afad1f2b0ad8054a054f6dc2898eafce3d4f4d0dd54444babd42ee933dac0a48d59c02c5e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\DanaBot.dll

Filesize
704KB

MD5
f52c2a569cda680c8999a33c52a968f5

SHA1
9ad097b0b931efb1fd96bb7ec1c74d368c918f52

SHA256
71c888e2dffe6b863c4c8d47770e26d78625f3f5162710b2b7690361c8d34f72

SHA512
ea37a84eb779f3b18fb25cc93e49ff3f0adcad02ce38cf0d9d98d2b316e63ca6b7b9982405f8e3884480a05da3e1fff1b8c5a6415a23c2ab8d7f31a9512ff29c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Banking-Malware\DanaBot.dll

Filesize
640KB

MD5
82a559b5ea126eb01a82fe42ca2210bb

SHA1
0b3103948e201ed8be7c9ca68aafcad2e3211cf2

SHA256
37a0ce881be877fdab40542dfbb402ee8c7c2e6deaf6b535c8e2fee28e06f624

SHA512
f88e1d3c287b278214b9a4057ef85fa070691094af16c413a28833b60b2e30416292a4f55fc6b39ff59186870db1754d908554d69105338128fd4abf1d62dadc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
b0d97c61a8f7b7f57cf094dcc5b93ade

SHA1
99ed784ef344c3e0223525c28686a0b5f063b918

SHA256
ce53ad317e97bd1cfec8ba7fb6beb7af5180306ad18162cb764a9294e793b017

SHA512
c595017ea309a0ef17373f0506c0b06bf6612154ef85ea5736c46cb7327591244dacd5ec676bd80c051e3783f4801b5002219906d0c2f67cb4bba294fd1e9683

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip

Filesize
58.9MB

MD5
616dfc043212af77f70820277314cdb3

SHA1
f92d986b87ff518d011775b24cd02b0b71fd6296

SHA256
f106ff1f2cfb427f259549b62e2f19f9479806a41f1a6e0af1e66ea75a758fc0

SHA512
b4d2867b3579137cc58f0bad2d1d17ab28c193bb8f17329b97cd8d47a074573360d6635ea5699ab2ec36fc83fa137bec9cdd3f36f9a865f811af6a1ca354617a

Download Submit
\??\pipe\crashpad_936_BASJXIAZQGUHOUYE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1080-789-0x00007FFAA0210000-0x00007FFAA0220000-memory.dmp

Filesize
64KB

Download
memory/1080-780-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-879-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-774-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/1080-787-0x00007FFAA0210000-0x00007FFAA0220000-memory.dmp

Filesize
64KB

Download
memory/1080-784-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/1080-855-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-786-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-785-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-775-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/1080-781-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/1080-778-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/1080-779-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-777-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-882-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/1080-782-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/2396-958-0x0000000005050000-0x00000000050E2000-memory.dmp

Filesize
584KB

Download
memory/2396-957-0x0000000005500000-0x0000000005AA4000-memory.dmp

Filesize
5.6MB

Download
memory/2396-956-0x0000000073260000-0x0000000073A10000-memory.dmp

Filesize
7.7MB

Download
memory/2396-955-0x0000000000600000-0x00000000006BC000-memory.dmp

Filesize
752KB

Download
memory/2396-959-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/2396-960-0x0000000005200000-0x000000000520A000-memory.dmp

Filesize
40KB

Download
memory/2396-962-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/3712-887-0x0000000002160000-0x00000000023CB000-memory.dmp

Filesize
2.4MB

Download
memory/3712-824-0x0000000002160000-0x00000000023CB000-memory.dmp

Filesize
2.4MB

Download
memory/3712-803-0x0000000002160000-0x00000000023CB000-memory.dmp

Filesize
2.4MB

Download
memory/4192-800-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/4192-799-0x0000000002F50000-0x00000000031BB000-memory.dmp

Filesize
2.4MB

Download
memory/4276-952-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/4276-954-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/4276-953-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/4276-966-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/4276-963-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/4636-842-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-840-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-860-0x0000024787860000-0x0000024788830000-memory.dmp

Filesize
15.8MB

Download
memory/4636-845-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-844-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-889-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-890-0x0000024787860000-0x0000024788830000-memory.dmp

Filesize
15.8MB

Download
memory/4636-843-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-942-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/4636-943-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/4636-944-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/4636-945-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

Filesize
64KB

Download
memory/4636-946-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-829-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-839-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-838-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-837-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-836-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-835-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-833-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4636-831-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

Filesize
2.0MB

Download
memory/4640-776-0x00000000026F0000-0x0000000002977000-memory.dmp

Filesize
2.5MB

Download
memory/4640-804-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/4640-788-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/4640-783-0x0000000002980000-0x0000000002C0D000-memory.dmp

Filesize
2.6MB

Download