danabot | hxxps://youtubee[.]com/

Analysis

max time kernel
1799s
max time network
1686s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtubee.com/

Score

10^/10

danabot banker botnet trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x0007000000023673-827.dat	family_danabot

Blocklisted process makes network request 30 IoCs

flow	pid	Process
212	2436	rundll32.exe
214	2436	rundll32.exe
216	2436	rundll32.exe
220	2436	rundll32.exe
221	2436	rundll32.exe
222	2436	rundll32.exe
223	2436	rundll32.exe
224	2436	rundll32.exe
226	2436	rundll32.exe
227	2436	rundll32.exe
230	2436	rundll32.exe
232	2436	rundll32.exe
234	2436	rundll32.exe
235	2436	rundll32.exe
236	2436	rundll32.exe
237	2436	rundll32.exe
240	2436	rundll32.exe
242	2436	rundll32.exe
243	2436	rundll32.exe
244	2436	rundll32.exe
248	2436	rundll32.exe
249	2436	rundll32.exe
250	2436	rundll32.exe
251	2436	rundll32.exe
252	2436	rundll32.exe
254	2436	rundll32.exe
255	2436	rundll32.exe
256	2436	rundll32.exe
257	2436	rundll32.exe
258	2436	rundll32.exe

Loads dropped DLL 2 IoCs

pid	Process
4292	regsvr32.exe
2436	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1452	1132	WerFault.exe	144
3568	3844	WerFault.exe	151

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{25922BA5-4F2B-4DF7-BD63-06BE3E32E5E6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
1388	msedge.exe
1388	msedge.exe
3684	identity_helper.exe
3684	identity_helper.exe
2744	msedge.exe
2744	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
3304	msedge.exe
3304	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 312	1388	msedge.exe	81
PID 1388 wrote to memory of 312	1388	msedge.exe	81
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 924	1388	msedge.exe	82
PID 1388 wrote to memory of 3488	1388	msedge.exe	83
PID 1388 wrote to memory of 3488	1388	msedge.exe	83
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84
PID 1388 wrote to memory of 3932	1388	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtubee.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
PID:1068

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
PID:1132
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@1132
  2⤵
  - Loads dropped DLL
  PID:4292
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    PID:2436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 456
  2⤵
  - Program crash
  PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1132 -ip 1132
1⤵
PID:4928

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
PID:3844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 136
  2⤵
  - Program crash
  PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3844 -ip 3844
1⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultefb3fc65hcb19h4592h88a6he960f27c515b
1⤵
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15107628407076908447,8560077059618609806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15107628407076908447,8560077059618609806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5059d907-ef39-4850-97d8-fe1d297e613b.tmp

Filesize
6KB

MD5
04d47f7b63016f0200df3a324b07d714

SHA1
a7783d3996b2577f7aa4dd70880407a327443d3e

SHA256
e26468f7e17b7058ed1b2af7fdd3a4f50156a4a97578fd76c1d247053046bc68

SHA512
4866a18d260268b7ea3dd10eb14a2ebb5ad32f5c62046c0135548d0f2e2bbc30414eef3ed1ea27aa6a9471f2d0ce58941cfc43b1fbf4f48033770e439820183e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1cbf3bf7867b612e0ffd853de4016850

SHA1
89d417657d539d27d1108b6be856006f259dcc3a

SHA256
4b4479df011e66ca75b6b4f64acadf2d48e4ce464d97309a8470c708264ca716

SHA512
a0e6482b0ea0cbf3badd3f37723031f6ae99e2a897dbbc65339a66fc61f49d89d6898296f200b9b2aa2cf5e57623e7a4be7ccda22ec24a05f3c9d265faa271d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
45742911fe14863da8e130ceeb7d8955

SHA1
9c1bcfbb93d922d6920a00117c138559eaa7eae4

SHA256
332e4b577022248ab71ca46fb00670c785f5343c79f5240d02fec588a1b4726c

SHA512
d358da55764726e52849cb445faefd6efbf0da229c34ce6b74a21a698f884f7913037cb600950d015bb583c2a15eb7c29b7bc4e67e4521d02b2817fc56eb2d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b83e1af5819c53d53e787a0ee410dd7a

SHA1
cb833ed155fbbb8c2f7f7228512a46e3fe6b030a

SHA256
5cd1045fbc4c73147c379e2bdcc2903205dd286ab94fafb7740f8fc61222c764

SHA512
b5ef2e57e16569dee19efa141e2696ebe8319bd6525edd397ed0960cd8b75ba1096f238c7d4053f59b1944a2209ec0e495c417557571a6fe6ce23620966504df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
75a74bc4530e484fee04f53e7e334c78

SHA1
6802eead300f8992baae3b0d24afadc447377ba2

SHA256
137a261ae7080b8457acd168e3ca18c70d1b4006c02772490c48ab2dba703d83

SHA512
cee20fb04f16395132a4a311eedda15df1d4beeadd79f0ae5113370c1275fe3dc2882bdbf9e97838c750a36d31e2f556cf216bd6684d17d49acc29cd1624960a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f111cf1a1ca6342b8cb335a0986f38d9

SHA1
f35f70e698daf827e5dbdf299ce1463811a7bbf4

SHA256
87a3f2c4a0e3bef0f48158ed8458811cadef0a496c5697d969b96d54d095e691

SHA512
ea7b475de73aa3e822889da3e77c218c89fe20dcf379d9f517a12c7c722092f2e46ab84c1bc241c046640fb592677cc36599a819f80a95ebcbacfe504b8a6b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a7557b927a3ff8fff6f0004b2e1aa00

SHA1
b60befb7c5a6b6becb4be756a5760d7f77a91dfa

SHA256
114739387a9cc6e1e930168c9392bc2215ccfc3a279532a3e9a3b8030f3ea7c9

SHA512
af4e127dbc6ea91c09389991ab123388071690100f7cacb5f061a88bc5ea62b905a0db3ec9c56e939981ddce6f40d0d2f5a4dd994e1113fb1044b4d9f678d615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61ecfe3ab61fd5de24dbe6fafe469fb1

SHA1
25c83f67c3c05b487f5dc7810cac589d7a1412db

SHA256
658fe56a83ee758fa4305d86a91fe0e2926003a010df6e3773a8f4ae5e7c5ffb

SHA512
b677ca8c6f7c880f40a97e4106f042f66692d90fd29816b827fc413e10eecacdf8b6663fafcc2f8807d9ff04801a5605ab5908d30b4f52432eb2dc01dac241ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b112040702fa6d52ee0ca23a55b5fa1c

SHA1
3212e13b98e6a39da7f996be6e16f7a4ebb9d990

SHA256
9a6ab2b1e544921368df7acaccdf5d7a8fe0966918eb10154bb5654b06d82349

SHA512
4085d7104cf969256fea2ade908e59083312bd51ae180a92391dbe3c5093255be0a2eb40d4a3090bf17fac2d46d6ea2b7d4291b4fc96d690381c2d7c9e7a26f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f4b9ffc6fed0a24b2af24e51bc3264f5

SHA1
f18238cc9fbbf6b151b0512f64de18aa98bc07f4

SHA256
b9f4de1ce80e4a5a0664a024c3e58cd643454c131316e7eaa7bcc17127ef2d87

SHA512
524cc46a5d4bcf20a40b3d610b3338378bbb9d01ff35d2bc83a20f6fe2d4d20beeef96cd2ab545832627eef00d9f79ce9c3bd44d6995291f7dccd30f2756083a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78750bf9432b55659e72347c9a318817

SHA1
c5eac65d0d07200e5fce8b0d8952affe3e66a71d

SHA256
efb29e512c391eea8d2a174d29bda07d8e11ec30eff199419c69214a9d18de20

SHA512
763724a695c3157c19a9375734d9e4284616a218d5d325afda2ab2b78c837435545659d3ede20fb08b7185b09d7add1724eb967d51347740f3537366faa14f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5e9d154640bc4d81b88a7e55bafcb2d5

SHA1
8de103ef519cb3def2ba7714eea79b16021abd38

SHA256
085be9da508932409da65e09b5eaae54cff11e8f43c9170d5544148edf3589bb

SHA512
b3d35db7147267472c2816806571da9f87b111e82fc1c6b983c53dbb5834dacc8be84546ca34cca0884d378fff94e189e005517606f6cebdb4190d25321d1554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
025e482b0e59197fbbc5eb0d686dd3eb

SHA1
bac27be271dc594a5c94522a39875de3bdc515e5

SHA256
b6068cd28486476235d707b51111d825bccdc2dc134cf2e4bcd4843e975d744f

SHA512
6e973c8538a80781cee2111ba9e2ae5155848c46afd49289d774d07c8f8a6b9469ee01a3a0451d24cca8e6f0efac415b368f3cb1090907c151b0b06255fddac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d7a6a45b73251536540431413b670e5d

SHA1
390edb5c7d1147b7860a878ce05dfcbd293a92c0

SHA256
f7d2379b851af75b5a6ab04ad5ad9824c6732326ae1ab4385f4b8b9aea942f80

SHA512
87b7a0afc1c51673500cb610b97b1f037c35844a39aa197d019f6626b51cc2163bcd0f954af233a0db08fb48dad2e8a532f1fe2f93c54567b75e7425304e8da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc8941e11287fd46c432aca21cf7dbd8

SHA1
b2158e758910cce4d335affaca9e3973a71522df

SHA256
8a7ef815b74560a0ef7fdbc539d9e58a4cc76a8e942d83f63861733dc1fda5b3

SHA512
d8b6dcd8f487ac639e4c2b4b48a7d3a96b132838a3968be334c469a067ff653d8498c4093f60e24f0bd687a2f0757a4c57c15b16cf206cdfd0166b6fd2d87f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7eb30a84d532caf48a525273d549f529

SHA1
9b84c342050f69fcddb9d3e54b14caa2670f3492

SHA256
d9ff432163fd4b898c926f33cd57ec8159075fe6086723dad54305194f02b7d4

SHA512
cb473cdeb9a244337adce3b16f22a9ceeea1e1689700236574760c274c7724eecf08a0422e1b53724a11e3d0668b9a72b44cdd08387add419a597911d737cb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cd4ef95569cadbc2f18ef6743ce9827d

SHA1
4414bbf8b627f8a59d6ee95d359fccd5958874d9

SHA256
5be636ec347912d2cf61e9f332e9089a79c116776acfedce18baf969ad87bff1

SHA512
5beb867bc146026d0352d5a1d45d3b13f7e9c2b94f32c3b2a8e2ac25fbf47f649b37f4558fa0b1dc25dd61db4dc8b32789c32d332c8fb089bbba1b911cd653cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b06521224ecbcdc17e45fb8b67ce62e2

SHA1
d818edcdbe50192e1ef6f0e6c15d505117614102

SHA256
27a83915ae57c130e96c5babbf6cf82e28acb5310010a42a3437ef49d5a165e9

SHA512
dc9cd01e175c694a9d4a25d1cea2682a46684bd5983db3fa094b839a2ec2595ec798f5c9013e1ec8b86c3019cd5069f3effd69dde75656eaf69b365c92142751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f1511a52d7d8f5525e5baad82ae7edd

SHA1
024c634eaa0152b1ea03167d09d44d92019f545e

SHA256
af4c7731aca3ee6fffb57900282d7ab83846b2df9ebd5943f279b3e1b18727b7

SHA512
10afb968c1801bfbed50812b16eab025a379dcae717edb813c669e30b4dcd79a209f8840c31b43f9926d6cd086c859115a307e642dd2ebb28ecd5978bd63ea36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
643b94c22f4092663e650f90fc2c4c2c

SHA1
cb8aba1ff356a42ac152e3dfc7d8929330ffadb8

SHA256
7163189a88314e1b9f8d444e9c40749821584cc84d9fbefb63441c9cf4ad7917

SHA512
f5d8dd3b02793c6062409e83cd87fdc9203bab5e5a7c00c0729d1563c3e7f1313e268a619c992bad6fbc5ddf616f2e705a4fc8a0b93461df8c63c1d5130b68b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5902e4.TMP

Filesize
1KB

MD5
4158f8129d4e18b53a5514450cb74b94

SHA1
b69af4f31fcac9bba72262a89213467506b85dfb

SHA256
1bb881ffa7d5449f660c47f6699b956bd380a03e8e94827e35615d8f799557a6

SHA512
1a7830a32f93a9141d26a84506e153e6eb19ea3afa1a197229d84c6f75a3247b26ab08a2842ee1f866e6b62ec287ce89ec49af1dcf791b0edc330dcf35afedc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
44ffa22174fe3898f841b0d693183945

SHA1
c1c07cf9233df1b0e806dadc7e08673433917497

SHA256
eac2a66c664d0e8d7546dced7af0745a81a8e77708b2f1545242a591a64a14c7

SHA512
e70490014adecf8599ab4c2da8f5e09631f7372435c1f2a8eba36891583b97f82ee773359cd7806799dc9ca42c01033574dfa657e323b5a0caf10c8164e9930c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d8162a5a403aa72355c3f4c35988773

SHA1
cf2c2634d9f8d91914f97dd371258e9673c79845

SHA256
b7923277546462e4f26f0b51bd92a5dbf4d1161ecad6c7de34f1e6f886432a8b

SHA512
b4e307cccdb5575ea3c962affa984866034c382f039c2d8ae9996dfd7517f8809aafc8040605058b47babf192cab968a904813b0ebadb7b918edc9c669de6a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eda3b0f73c6600744f38d296f23c5e3e

SHA1
4128a865693c65046f9e8cd04a381551d72ab51a

SHA256
ef324b42c9af70b152faf8a365a6c6d6853f7b408f2d6d988dc7db72dd3ca15d

SHA512
63087a9df9965609ed535401bfdc71b677183c624d925f3227a198c8835adbe94983de2271523eefbcf578f49ffe7a0056cfdb61f222ee208d3def62cd03abcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c1e86eb273484752c3edc9177951d900

SHA1
775245033c6f205eb93dac446de9d5d344a87938

SHA256
e3be08d249bcde7f718ce2d37322daaa2ea2ab53bfb1b75041db628bd532d1cd

SHA512
3c1a884d10c24de47e6d55b2f5514ba6608180754cb0119034a107eb4345faa5b184eb310c689886a713b28a538c8329d612db4134742945feaa875816ef9bdc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
a301349e42493ad489f11027fcd9725e

SHA1
080db51fd43a622ecba282ea7391cce878301458

SHA256
0f1df64c4b19828d846c8f480d21503773de48f1aebee7720c0a53df8644d0fa

SHA512
183cce5b8948f55f60e531069f9dd2758e1cf91b145fb2f4a30142a4986a8cb4c2011f1ec3f216173cb074bf529b142f8b2c14398853daba6d0c1e3279c13284

Download Submit
C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
memory/1132-830-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/2436-831-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2436-833-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2436-948-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2436-951-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/3844-836-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download