danabot | hxxps://github[.]com/dfrnoch/nitro-generator?tab=readme-ov-file#download

Analysis

max time kernel
457s
max time network
576s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/dfrnoch/nitro-generator?tab=readme-ov-file#download

Score

10^/10

danabot banker botnet execution persistence ransomware trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000700000002373c-1741.dat	family_danabot

Renames multiple (7778) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Blocklisted process makes network request 6 IoCs

flow	pid	Process
186	5192	rundll32.exe
187	5192	rundll32.exe
194	5192	rundll32.exe
195	5192	rundll32.exe
199	5192	rundll32.exe
203	5192	rundll32.exe

Loads dropped DLL 3 IoCs

pid	Process
5164	regsvr32.exe
5192	rundll32.exe
5192	rundll32.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TNYTOVASSLESDJQHQJLYSROXVH = "C:\\Windows\\System32\\TNYTOVASSLESDJQHQJLYSROXVH.Bmp.Vbs"	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\TNYTOVASSLESDJQHQJLYSROXVH = "C:\\Windows\\TNYTOVASSLESDJQHQJLYSROXVH.Bmp.Vbs"	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\help = "C:\\Windows\\help.vbs"	WScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
33	camo.githubusercontent.com
39	camo.githubusercontent.com
40	camo.githubusercontent.com

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\System32\.Xls.Vbs	WScript.exe
File created	C:\Windows\System32\Kernel.vbs	WScript.exe
File opened for modification	C:\Windows\System32\Kernel.vbs	WScript.exe
File created	C:\Windows\System32\TNYTOVASSLESDJQHQJLYSROXVH.Bmp.Vbs	WScript.exe
File opened for modification	C:\Windows\System32\TNYTOVASSLESDJQHQJLYSROXVH.Bmp.Vbs	WScript.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\THMBNAIL.PNG.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\office.dll.Vbs	WScript.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-256.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-100.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-24_altform-lightunplated.png.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Microsoft.PowerShell.Operation.Validation.Tests.ps1.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-400_contrast-black.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\Example2.Diagnostics.Tests.ps1.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100.png.Vbs	WScript.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_multi_filetype.svg.Vbs	WScript.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_bow.png.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-200.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\12.jpg.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\4px.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ArchiveToastQuickAction.scale-80.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-100.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxManifest.xml.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-125.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24_altform-unplated.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlMiddleCircleHover.png.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\SmallTile.scale-100.png.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.Vbs	WScript.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.Vbs	WScript.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Threading.Tasks.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ModifiedAlphaTexturePixelShader.cso.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.Vbs	WScript.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\GetHelp.dll.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1113_20x20x32.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-200_contrast-white.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-400.png.Vbs	WScript.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-72.png.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.Vbs	WScript.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.Vbs	WScript.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.FileUtils.dll.Vbs	WScript.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Win.ini	WScript.exe
File created	C:\Windows\Start Menu\Programs\Startup\Scare.hta	mshta.exe
File created	C:\Windows\TNYTOVASSLESDJQHQJLYSROXVH.Bmp.Vbs	WScript.exe
File created	C:\Windows\Look Here\Youmustread.txt	WScript.exe
File created	C:\Windows\help.vbs	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Program crash 3 IoCs

pid	pid_target	Process	procid_target
5668	4468	WerFault.exe	158
6060	760	WerFault.exe	166
4884	5192	WerFault.exe	165

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-47134698-4092160662-1261813102-1000\{B015D004-6A81-4002-8413-09906046E0CA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
2848	msedge.exe
2848	msedge.exe
2160	identity_helper.exe
2160	identity_helper.exe
3956	msedge.exe
3956	msedge.exe
5400	msedge.exe
5400	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
5760	msedge.exe
5760	msedge.exe
4312	msedge.exe
4312	msedge.exe
3176	msedge.exe
3176	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2356	2848	msedge.exe	84
PID 2848 wrote to memory of 2356	2848	msedge.exe	84
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 948	2848	msedge.exe	86
PID 2848 wrote to memory of 952	2848	msedge.exe	87
PID 2848 wrote to memory of 952	2848	msedge.exe	87
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88
PID 2848 wrote to memory of 1824	2848	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/dfrnoch/nitro-generator?tab=readme-ov-file#download
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97c5c46f8,0x7ff97c5c4708,0x7ff97c5c4718
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4278078285386098216,11490353054532166793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x534
1⤵
PID:5396

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
PID:4468
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@4468
  2⤵
  - Loads dropped DLL
  PID:5164
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    PID:5192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 844
      4⤵
      Program crash
      PID:4884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 460
  2⤵
  - Program crash
  PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4468 -ip 4468
1⤵
PID:2664

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
PID:760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 156
  2⤵
  - Program crash
  PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 760 -ip 760
1⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html
1⤵
PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff97c5c46f8,0x7ff97c5c4708,0x7ff97c5c4718
  2⤵
  PID:3004

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Emin.js"
1⤵
PID:2092

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\ILOVEYOU.vbs"
1⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Jer.html
1⤵
PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97c5c46f8,0x7ff97c5c4708,0x7ff97c5c4718
  2⤵
  PID:1472

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\NewLove.vbs"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:760

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Pleh.vbs"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\San.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97c5c46f8,0x7ff97c5c4708,0x7ff97c5c4718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7740736345647924841,7299417057125600822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7740736345647924841,7299417057125600822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7740736345647924841,7299417057125600822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7740736345647924841,7299417057125600822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7740736345647924841,7299417057125600822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5976

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Scare.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- Drops file in Windows directory
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\854f2747079244cdafbf328eb6c3ee27 /t 3228 /p 4300
1⤵
PID:3732

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\CloseSuspend.docx.Vbs"
1⤵
PID:5252

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\CloseSuspend.docx.Vbs"
1⤵
PID:5916

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa388d855 /state1:0x41c64e6d
1⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5192 -ip 5192
1⤵
PID:3188

C:\Windows\system32\bootim.exe
bootim.exe /startpage:1
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe

Filesize
3KB

MD5
55cde934290e89ae29f92ff118b6280c

SHA1
e13989a5ba4dba2cbc7c2a779b06f381266c32c7

SHA256
dc98a3995c8c9db2897b3dcd603d0a55e9d6b42cb3900f9b5666dbb461172197

SHA512
011822883aa21cd328582dadae90190b0d51040d6c7b05463584997a1c2f67e4c9655f2e80350e8c87c4d3c073ab0d80ff9bc6459d85f03e85ff1a6db9f28157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e412948d10ef6ba7ba6bb4933e46880

SHA1
e4b454e8bdc885ad3fa815943dccc33e63e95842

SHA256
277a3b2d3311049b295398443d97cd3f7da80cccb5e5048e92e2f1d547e5edbf

SHA512
79c7a4ff418f320a77a7cb6885bd686191605b98b535556b87feaa230d9929c6c12b7701e94fdfb8f05e152d4f3547b07b4c63041be3941176b85e0598e9924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0052283edcc193f821ca2697b98bd155

SHA1
528918c50f63c863c06c08f5833bca4ec185e448

SHA256
8214c9efc81c2571ab99ef37c615c3239e0df45e2963bc2549eae8ef4e7413ec

SHA512
d5f6c81c2623f3d201cc2a21ca795fb41c8242de3f285edfb92a9795d2608a8390b159c46bd61e4027054718d682d3265566cd771d987d78f26f28093211dfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
f9a90d58144602c12373f3a51ae11c3e

SHA1
50930fadc719a0cf689f480f053fe55eaab64817

SHA256
477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82

SHA512
0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
37KB

MD5
24ecc381197d8e8ad8a2b6413c3561be

SHA1
214089036a950beceab98848e2e20c63e689f259

SHA256
8081189fa618acab50f6cdffd4de5a4a908bd60e52d8133cf2424cb14e25cb05

SHA512
16b0426937a50e519f1cc254cf142f181b2c1ad044974db0e98113cdbed9fc34b26e7074bc3d66b4d75f0df1f200194edfbaee32832a94d0907bca7dfbb5e055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
6686ec56c4536362ed40e1a3471e4a1e

SHA1
a0f9d0126bddcb40743d717cc9322c6b91d35b2c

SHA256
823063b7a7f06616d10539be8eee67b351e66a7e7cdaf928679ce88c9bde42ca

SHA512
067ed2eb82ae2d10a5d7a05cf2bf8dc82f8fea0eea1722d93ed95caba12583f8382245348634365ff92fffa547a55f579957ade966226a674875c43a6f18191e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
6f0d8c2d86b40b21934ff819a3961667

SHA1
2e411280d2191d0f9732fe01ebc522aa87363b34

SHA256
8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88

SHA512
b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
57KB

MD5
10b9cf5cf2322c11764d509691c2a178

SHA1
c2a55104c197ece37f3bc34622b6f2677cf14a1e

SHA256
cb488256c4ecce1b68dcbfa31188ac85af76ff238fe5466095f31b271d146723

SHA512
dd6963b0cbe6f9e2904a164e7ba66c1d07ae79e5f0bc8c20a687af96e16756e115f6858ab4cfeac5e088395b7b8895b76237fc9acf3d8117dd2c4255997560cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
17KB

MD5
d7580dce32412dc9d53e8911beeac7e4

SHA1
fb93b2d7546f30ded645e40c4ad2ae962bced731

SHA256
136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06

SHA512
2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
dfd5f82ea82263420ec1531a363ebace

SHA1
1015f0647044d3b31f4063e0270d2de382207c8f

SHA256
63f200a1acc6d8cc5ffa5b88bfcc402f7f7a85098f7e8caafc324ffff6d46aa5

SHA512
678f5a516c5732c6eb6db73bc68838e54a6d90fce632d6e7b3c36a2ec3be36b8e2b60bae0545ac3676ef690a0cd2c0f79276cca4f6618fac8320e152ac12d1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
53KB

MD5
8fcb818bc23425964d10ac53464bf075

SHA1
396f40d25a7d38eed9730d97177cd0362f5af5d7

SHA256
8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7

SHA512
6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
41KB

MD5
9d3881d3c9400536a0b3d78c867ab8be

SHA1
8544210a4e0bb56e91b98a7615e0144432fa4a06

SHA256
147e0558bde7300e6fadc9284009077a4cd6794ef77d909e502510b23e69f7bc

SHA512
2c5a1665e3c3c459b9917944009b1c9027912e7876618cf584eaf9e72040494cc547aa232c925032e7d9a461e95590d1c2cce9f8b1560fcfb714bd69f731b5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
23KB

MD5
dd2bdd36a44cedb6944ed1b19a128f18

SHA1
fefe33a962b542b9882bc2fce59fb10f8d214513

SHA256
4a01c3b3d92c78fbc327ff4acdba882e43b92ada0dada0ab844065eb419467c4

SHA512
8252d6811b5d86670c15f229be9306d37bf5f0a3cd1ee869b6f666f66417e377ed55552b540730f1f2145dfb81e2d612433e537e937b983f1af641de22310306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
132KB

MD5
01088b35a7144b96e1c65db9ecf5aeab

SHA1
3d5b4a4fafdc3867adca4a4a640d6296bba06f82

SHA256
66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f

SHA512
bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
22KB

MD5
5c29e9effab2c01b2bb3b675d34b9e68

SHA1
312122e6c2bb627902c9f8758748bcffedef880e

SHA256
c916b144a2bebea51297a74e3bab8339705f2f04994902e6c1dad0fce9e25b7f

SHA512
c96dcbf195a4e7954d9e6390918752bf99ba1558deb1355a3d31abcbbfee83c0595289003ad3d0b94d4e81eb965496ea668f65b49cfce83fefe8ea51daccf0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
18KB

MD5
250a11a34099ee700fc21011dc5226ff

SHA1
a53059938b7c51cfeaeadb3e5adace453990600e

SHA256
1ba7fa70e880cd5d3b5be347ac9d3c6a0caa9a0a6ad9c6f9d5e2948873c25509

SHA512
6782c257d11980af3e5da3539e1287cc128d6cba55d9bdf127f19400884c69ae567d1948644e0907d201de73108f173b7ec333015ed92641dc58dd55392b74e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
18KB

MD5
96c2504f85cb35ef18a8f175e1adb5be

SHA1
7a337ffc7b9ad3423d67843c87d7097701fed0ea

SHA256
d8463386f2b90e38244653ca36b7172286f87aaf2b8bab9675cdc335da9f3aea

SHA512
be846f47489756c850e0b658de37b72a79f89f961aaed11a174a4dfd4459bcc82a07f332ed4b8008e4178817fbc4087bc7953da780f18037337db864dbd7a626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
6KB

MD5
d5aa56b34a078b1b1c7b6d1e293b132e

SHA1
77a512f772ac89186829aa5d098deb5ae42c8fbf

SHA256
a435504859ba12c8954512e753a1d3172f3ffc4764bb32275055735cc655106d

SHA512
447d309e38fb3338a360729128ded8f487ef5058c21825e6410f85cc936a37e0f93b7f11b9123d238e7f96d06538bccd49e5ee30850812a112a76d7cbc1372cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
5645a9957b9c2f23c8765f83fdf2a4af

SHA1
aed770c7c5793b02ae82dd7b3e92e9f04a88f85f

SHA256
1ebe017b30887d6682c543699d38026931f2152772fd7a7d225f46f001081301

SHA512
8e565333001fa52c87aa437221f15f17fadfee84678a131b98f8760fa0444b8b9e7338d6ce8dd3218d9c8e22ee21d41cb32b9a4c72dc9096eb7c55a9024ac554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
17a32a493e37cf11a472aecc9fe7894e

SHA1
7338c71a9cfab08def73381e734be27ef41d8dbf

SHA256
002d0bb7af23af4d0f3ba2ccd616734aefb41c852e8b0a4c7ef6d6f6d23e4bdd

SHA512
30739d3bd7998dbd7b616c10e3c3c2345b26dfe09715d8ca70b10adbe62662434f89b93277cc986569a34c091f9f8342818468920f4dcab1bb468689e8354d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cbc3492488a287fb6d0a9e2811e74c41

SHA1
3388a8046c351ca258b82b6b234b61c2a89fc11a

SHA256
cc2fd3304b778ad5031bcdb94d978841ed521a83cfddbc549382b45df9eb7884

SHA512
264e8de12f121de63f35dd2773cc83f3eb259772411b8115d8a0894d8571e59cafc7c5342a52d5143e2817b018f30d7ab3e27db3af453a2401b9804497abe0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
753c93805de4da2f80ab0d6a6c244169

SHA1
6100df52fea60f18356eecab9ca5afb05d7269a8

SHA256
c1573a041ed5f5b40a5e7acfcebf2da850389b825386b5c60200ce8dec2e7210

SHA512
c8e8031a0686be39e467847c6a0898d335b97d08432afaa8e50e96bf74dab69d1f9223628033410ea3ca7fcd9162be4137268f8bac281d812f21fd3527b18f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3031f9ae6848d076f85d29d148e95e6a

SHA1
0261dd98cf018246609eeac83a2396c4d51b3f85

SHA256
0a40675238a3ee74c3c3caf4b10cb0f5a3e16f980ed7a0a968a916873923b9e4

SHA512
3ef10a693bf705964761061d62f40657cb81adfaa534a3cc93f616f8f8751b3942dc09281803d390bd73889936d590c9a91029169bef47cd25aca37b27d7e8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
88da2599297c584271c49257c56cd6c6

SHA1
ce1eec679df14f7a433a278bcd5a4298873f37fe

SHA256
42b80e4535d804ce728a388696fdb70e2f47285c6f1bdc652cee7620c3aa33cf

SHA512
1ca5356a946e4fb4fc25d6c61cc467090caf6b47b8d1c80b3c4e2b08198e7723a6082f33c4fe1360c18fa8337620cf8a1ecf02fc1be0755135bc3f74af91e255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
65d318cf8add2d109d99b7dc30c584b8

SHA1
f0c44d798a0c88db61fb0d9715472bd15efc88a7

SHA256
1f2661f3fb501501a4d9ca473fa316c3c95540c1d7f1a3047718232af1190687

SHA512
9941a28c546aeaba1cfcb0a36c7cff59362bee7633a89b2e70b1de056c84b98b4d7bbe98e0b5a92642bd482da1d70b32d3a49be79ba486010388bdb18976a0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
78ef85bc0686dc4ee6313bd7b43e9c11

SHA1
0986f6b281a43d715a08c757b46333f0119f98ec

SHA256
5930ae6358d4329029ecf1c01ac4152c83289cc410a324c5967d8793bcbd8b2c

SHA512
dd103e629aaa3e1a7a38e2661161ef80006a3b80f040b0e27bf0cbb173c6c01e3fd042d6d37c0621038ebff4144939a9a86de2593eca6adf16a638f3ca2f8fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9c102d8a6d20b7be4e45e77b04f9c6a3

SHA1
07a4d3a34510ca79c1abb73168113f2643d54f24

SHA256
4530486b3a4cab66a32b0b9965b5986bc5c378f50f671affbab13ad0ea1b79ed

SHA512
cf0353c321a4780830705075120cf8c8cf5008d1250e6399f9c7ae3b61011a47506d30570f6bb293cc3cc232d7cc245c717098c0a9c4881aca096949bfa6ebfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
943B

MD5
27ef5cd4887cec39c7cba845fe12acdf

SHA1
920a8c5af85cca3190ded7cb531bc642393e4c4f

SHA256
8b6a0425ba0a56c10be7730cc2e10f4688c502962875f7ca291526febf82c13f

SHA512
7f3d1b57d3580871a3fbbd255afbfba42008b24655bbfc55deaafee7ca6316b5e2305e33965a93ffe424d89f4fe40ea43da69661dccd6f5017f3b2abafdc4561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8351233ef0f68eb1824005c4b234934

SHA1
96b2131f8b4ef2c8940e9631a49011cea00d8508

SHA256
9dca40371f86d75c4453390df2ecbf6115cf887e3b17fa2350f4395bd60fbc26

SHA512
49a0baf837c6833dfe31550096922d325f271b190fadbca92d0f73ab3bfe265389c96ee65f5d7b6d7d2e61b4c8d8009d7768160766419aaaab0f3e230f792223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
658315b7028359f873db4cfef925be37

SHA1
288e72f367e2a0a99c9442f4c46239b6f7210aa2

SHA256
1666279d36b2845eda6f01dcd1078a1fb99e99785f84598f221c80a2b2ef7690

SHA512
ba685206241ce9c5030220903c5a019d7d53e252603a7492ad87d12afcdc61103ef347ee069e343c1e418aa5d48d03b798c39baecea2fb666902df4f5725a69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c565d61bfc3e042901ecb1468b1146e

SHA1
9a1e6037662b99014708c326305ba1eb9fed1ea7

SHA256
466a74ae22eb16907479393236190aa8390db99a5dfad4f77652512361052e60

SHA512
fb8997b1e0ea6f3212dfd38d9395072ec734bf9736acfbd4615d19bc33623a5530534ecca69fefcf2fe58d92d084325fcecf9f3b1bec462ddbc5645f13095860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2dae9b76b7d1243e0c6bb96ab1c9dfa

SHA1
d31f5f0452bcee1215fb395300d440009f5058dd

SHA256
d2c3f79c06af96b71411de4160d46db75b236bb1dec80b282ecab1314ba6f585

SHA512
e1bd148c4acd84aab8b225fb8ffe1d2b8e8f7fb56b25465ccee64ee23d3338b8437ee7213cb669e5c582bd330c9a85eedaee5caac2e213b16ed5e2c205084945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a5f17d9923afe36dd183196805a19f3

SHA1
61648f514ea24e07b553259b4e138932e499de3f

SHA256
d2eca82cf9aadf69ebb95afd4b9248a47df1cc338db5bcca06bef45947e28a7e

SHA512
954f6ec9a584d7d1ecd3e35526e10715909455cb41e759d124d4e15d0e9b91787cd19c703635154774a78bfe57f8bdcf0bd3b911c9136998f9937bed077b7f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91504bd6831b12d94c5425f46f5d1460

SHA1
b001943043443fda9611cb7fc4aea41ad6af5278

SHA256
61b0ae0faa3a831e7362b6f305b0d72f351a3712e6ff885233980c1a861e4f5b

SHA512
4737cf0a35e4cc7a09f55a9ff81ecf1885a98db15969db9cc0c4088cb83962d8d16045010f3034365cce82accc138562b947366499397de6bbb9edbf5026f652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bed026103243cc16301dafd3ea8ea5d

SHA1
cf7940ed3b427fe7ccdac362f26289a2e0684a29

SHA256
3c7ee3b5cac118dc7396649a7b97e4fb6aa040efc9a08c232527c03a90c56bf4

SHA512
c64005e5cb9783ded9c21ee57a5c282d54c19f9bf6954ef15e12c78f22a0f73c3ed404a97e4c2efd47d54d439ea15befef9db66bdfc99061e1285590d80a5ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
024978eb461714b391f03eef7eb1d793

SHA1
5625fc52f2767f97d3d7be19469833775860e8d7

SHA256
d1679a7f542e26ecbb88d60ecf4cab279f44722476128d8263ccd4388694b09d

SHA512
125e7bb1c7dbec598886b63f0ffced2a63ab673618ea78f5fcee1586bf794e7640bd6a1ba16758748f691fa3229942812b609ae7348a3825898272bca3d96397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57fc3ae38457de6b375a30bdda35a748

SHA1
ce3632bdff9525d7003f573e6737b52931b60d4c

SHA256
1cfbd6c41b414e7f5df2d77ae567e998f0e34a8a797651d1dfaa248bdd78200c

SHA512
8c12b7e5d699a65bf3a64489348441d9c3a2203874248cbd464408cca1a35119affcb949339949db04794adeccdf92956eebaf1bc247bf2c9d33f715986d89ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
491f2e6f3a1bc2070e94e83d326cd2b7

SHA1
42027f432e05d012cd27c102ed3958148170a614

SHA256
1998a384e058ff63754b11b8dd434a9ce89945462ae1f98a7a9129fde1269a76

SHA512
714f9a26d4442597ab6301f32fe33034fc4c1e20cde9b60c97bb8daac0715667cf23db7079cf4438d00f56891d49b710702a295c655f07546b3073e6a0d6eaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fa4b11bdb5c819484e1764c924cc1294

SHA1
e790d3e42ae731cbb5e3f1536971a64c9b341152

SHA256
0b7236950f82dda6fe32802caf3c270b30d78f33c730bac501272efd47d88caf

SHA512
84de892f595957727ba4ee643c4727189446afdd6bff3e255bebe3b669f5f7ea969cdb279bd6c33023d05faf9f140a60089e21fd6f6d96b50d72345373e0aa5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4a1dd7329b5a8a868c12db36c77dd722

SHA1
ad80d21d669b0899c4bc2d9869601dc9da49cb42

SHA256
806811393bc43c721c1b390e0b489f47c19abd9f7261e095f7d40d0dc94f82d9

SHA512
bcbaf5ff3d4cc97eb0171b745f7e17804064c736ccd56bf73dffba095e867e62ccaf875297616f8f3b68f2a20ffab3bccb2a66822e326e77bc9e0d38405111e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b3fc0643e1c3b3a6ced312cdd8be292

SHA1
f52040a7dea439b62f2af519601a822556747daf

SHA256
017deb2fad67d9b2786b2c9ab4e52b1571493b7edb5f2fa620471fbc70b61241

SHA512
882ab03cd177b68dda002b5a318ffaac949d63e560d94a7ab7d3614e17013c2636762ff76fbb0189e36d86c4bad343306cd6271fea3d1e3b45714a7bf2856eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a1c77bb845555ec5be991d25dbe318ec

SHA1
a6626923cb25e4b9688a92b6c68649c3e5198eff

SHA256
485f3586a739f0bb5948da5d6026518b67af9fe56151545f18a704e1a3dd0e31

SHA512
5fc1092d58a4cff27738c327bb8ad1ab3c4521f6d93581e718fad2a3367105b573d5f20224726a86946882abbbe0d76410f7db685913bb37ac1a9b2bd7f29c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7af2ff08becf31b2b6262d56c35038d0

SHA1
203384ae999731d7b10f41611c0c4c682c63e5ac

SHA256
63ff30d75d0a1f6fea0b294bb4c470232dc1e45e2ebeebbaa63621d01fb16f5c

SHA512
01e0b0468275021e4c4a9d4336b7825bcabdd8414e6da2eb3af5435e9d2719a1d51d108adc6e00f99e32c6ff274cf72dbfc34ea2abae134ef9ba76499d60e5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4757a906611102e76f874dcfda67e49

SHA1
7afc1b73dd1fcc72c6af0c71c6d029b2d256ec50

SHA256
a98d4f3b3731bb4879681871b2a707776d03e963d78949fbbced1353b91b9ac8

SHA512
690dbac5ebe1b2693d2d571a5669020a25cadfd39faa03025fc64ecf57743e28ae01d47031021fce4109bb5c67b9f3726943361f123969ece1b9b92f38a748c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7373ffce1cdfee3e7b384fe23237c53

SHA1
d6127ff45609b23a53c627ea49f41f92988f740b

SHA256
9ea8057ab6fdcb4750d01204de41a624dd424fc686837f4d56d2364b69f4384a

SHA512
6cb07bf7a8ab26f5cbd4e7b0daf40e312c996ccc9068f5f3bd3de02059e399fb28ef42309c5936d3a167c3e9c056aa9e3f5002aa79743f67b5e55a019f1c7bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74f937e3b7c50e4601030f90fcd5f3ef

SHA1
deafb7236ad95ae4c7aa1c1c113cb2a2a8a27c7d

SHA256
c966ff6a7a3d4fefaf65645ca5ecda5f9e4f5644efe375d760f8d0cfbfba9eb3

SHA512
42922e3eaa08f0bb6ba101d9bba3f6d75fe39013f471fe015744e4112463d5a764b045ab1e66d49d937542bc91916b1b90af000e5748ddf3e38619246c5cf5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c1561edfb5f6f8f35b4e9dd8af4f71c

SHA1
90e70cc89e69d37075ef9a8fb405c38023e8e57e

SHA256
f298b1c7e5ac00064b6e3981e36409b7dc474271494b1c6427d180e9236f56a4

SHA512
e21cda366e5e59a19792ac7b4a50d0b413fed531aacb536001c7ea286ab04196150af7eb6f36317cfac310dbe0b797d55caab19f54e25944511a9373d342932e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae63cada8949e03c9d692890e750c70c

SHA1
4501334ad9d1440d40b8b7e831907d685086da55

SHA256
d3ef287f74abebf30553fc4f35a6ee9d4c5574099180869e5ab016cd963fbba3

SHA512
52780aea83d6fb54836e851a901c47adca30afd4e525850be2b623b9d293dd9ee57059d1abfb6a4bdedf4c5c0710724ededf65bbfc32cbc7de03819a7b602f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fd0867fa3d10a0e1899b4b804b9efbf

SHA1
3fb78c6d3cf0a3eba735aeaff757da5106dc8e55

SHA256
aa79cf03cdb4c5175b8f13839d7e87075611ef8bfd3bee489a7797c7b64a8f61

SHA512
e211f18e1278d2264d25123ff2511dabe7725f8ec7bac98e927eb212f26ef24a724a0f3ef400984f9556bca8b8beac2e4d60effe4fe7ab1db4c964896929d7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3cfce31c247f98c56f9cde591a68e748

SHA1
f094480dc2888d0992f1a9b1be93e427efb917d8

SHA256
fc112038c7b8d101cf13b239559d204c19f3a4fa948fca125e6907637e5664ca

SHA512
1835c509b4fe853c49ff396bf0d3e57cc6ef39239792fde7f678410e3a15587527c59556aced19ee63f016f239973c31ce58e969546f44adb6997064768f5dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51b809771f6648cdece155ad0676af5a

SHA1
5b6077feb2362676f73c189f1a49a1e8de96ffa5

SHA256
bdeb467cc71116b462618ed25e2174296cdb24c38960b0d3ab1785c142eb6a48

SHA512
fc7e06d77a3bc28ae4dab20261219c8b446725074a8f23b1dfcc75c797b2cc4d39ce4abec281e8ddf44676eed5268b7227c1e8cc91d67a868b5afb123f48a987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3cdb7f469a97d15da4b4f908ebf3c0e2

SHA1
4faab21b4a354f915cd83d920479744efef7e425

SHA256
496dba9ec26aa7c9c4920e79ac27a9d9819be937879b6875ab3b0a0ec0535468

SHA512
485e4127fa713ccbaf42a563e46c11e2211bf1671f6e0a7c267fe64f7b6ee9cd9805101b4d50cda9c9c6a16e115093bc9614490fe5ff145a5c3e77800cfdbedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eab7168f46d6b336fd928a7184843dc3

SHA1
8cb3e0810e7e3c9ca38a1835d588cf4631c9c1ae

SHA256
810dae317f8742066c1ce18ef3e8ab6d775e434c3c315398b122c6c6b67ccf0c

SHA512
26841e32a8bdad2647b23e19a61920db50d643bc0411011d97291dc0f3356d559c715824745f642ba91a3cc7acd66a9bc25cb1436b3923659448e560315412f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85780a97d063ace7eaba373635fa655e

SHA1
6b6d8171651008bf869886cf8d904387bdd18fbe

SHA256
3c7686b2b8322bdf578419d0b216b10a73e894a10f390f0f04ebb3a7422f3e62

SHA512
eb8c5a3c9f289f1542f49c7a0e612d7e7a31cb3ad409e75590ad394c9743c9101fc117ccb361c813ba3d86e73a55ead7243ede9d64a57600e1d122e8c2d0cac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f31a.TMP

Filesize
873B

MD5
9157d62f210913f0805236c2e033e36f

SHA1
e652330bd8a5af74d5c7060e1ddd950dececa7db

SHA256
07e9ec3d27c7020e3e6e545b251bbb5a09ae00c24171b9e36ec32345ea703e22

SHA512
aa7df2c2631ff0179997a35e45ad6cb45b63bc86bfbbb0ecdfdbab31c70d63e35128b965e0073e712e1574797436f9536221bfbeaf37313fc11c0491cddbbad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
df56f1bb05144b7858120b9cb8dbeb28

SHA1
1cb0e855f0df16deb3a65039824feb6ad2739689

SHA256
0e2ec4139b7701abc4eede9210b3e9eff74c07425a947269404638524a75e173

SHA512
c825554d8c794e2e1b8f4917916bd8817b09ef42c4cdcd310ac74b6d5660d984ca8a26dd6f6ed7b812e4273853c45855aea4ec438ddf8cabe78ae9dbd54bf18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
28b32ff6426df048477997821763be7a

SHA1
769ff225f2d19e7320f02eb814dbf2885cf6594f

SHA256
c40ea6863f9c2c6679f68d2b1b2e735b20873e805252d2caef10550ff410830c

SHA512
8d96f588d382c0000e899ff941ecdf0d785cf9205050b99d59eaa88b353017cb535db121fd492c58b010dda90dcf73a0b6c336a9be7bf61403c33c0d58847e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cf41bda68d6db5a06165615f4ca7282d

SHA1
40f8436684381ed08625f50f5eb870bf994ece14

SHA256
db896adbe06fb99ef14c5081caf911e57b778348cd798d479a191784b934526f

SHA512
a70b3933986ed17e1404a7c5b8926de7977787b11a0d025ce04946922542870bcd869a855516f21205c860b3d49207d17f6b66c426b3830fef20b477ac8875a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
84926b8a26162531a9b0f7ecd467e02d

SHA1
002ad3efad322479dd05bb3b24668a78cbb2f2a8

SHA256
c8fb4d00664a5a7708d391ace1f589de1b4256272092d3d228d3ba654b5bb96f

SHA512
8934949a7af7dbf83a345e5ab80d7681438ecab5ae851e57942c5c731ffb3f0b4af1f6da9e4d52ba165be117a7e385b7ba30cce21800254b17d397bb9c84ded2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
87b95adf19dea3acda4a4a453af71936

SHA1
762e01ec4b654245ef90dbac1827424fac3da474

SHA256
8fecc068f7b3af7122ecd5fdd6b9c16e4eeaba90c57019b1efa3bc3dda632a15

SHA512
a94232de438ddd1eedb082171d3eea6d86fa1b18781dcf6392971c86e3c124bd41b88dbe47a9a478752d2ebeff725171a258f0e3aadf79cae2700529116c07da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7ed579e49619710847e806219ebab3df

SHA1
ddcf33ad66df730444eb7d3ba64cda6feb2f2a96

SHA256
372ee65d5b1ba11eab4e99a97f507bdc5fe9bdfec5196ed287e1b009d821f284

SHA512
3c06a54649370ddc7d8aa132dbefcd1fc75f69d4eb884b0e508d51afcfd4a1d41890f21decff39618a7c421c01dd92a4aa12d3f91231f94cd9c28c8ae87c765b

Download Submit
C:\Users\Admin\Downloads\BTC-Clipper-main.zip

Filesize
3KB

MD5
4c6353fd1f2f5d5aaf2ad49697f6980e

SHA1
7d14ea34cdc4d9fd08f40231e80e9675f67988a1

SHA256
0e368b6e16def58e928807cf6c0f1650cd153153b9b9fa815b900071ade9f35d

SHA512
31e29fc5d02754e2251b3af4100d872600d57d78e75e0de37566b81d3f5415ff0a883f48773c95ea02e3468c73e1525727067d7651c81edb19ad8ced70854483

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Windows\System32\Recovery\ReAgent.xml

Filesize
1KB

MD5
1cbd0e780eb7029e25a3a130a4a5cc47

SHA1
9cc5b15cde73e429921dbff10c6eaa1cfcfdad80

SHA256
7fb033a59f6f597e0d1829c6ca74ed2ea4326788892946e945c04bb85243f7dc

SHA512
50adbfb2cfabd987ae9f9b20b12342232eb6c898c0a43b5abe8219cdd9f021869894430125d9729fef2a43ff5335a599f6fd9b7d6455dcd25df837ff19c616a1

Download Submit
memory/760-1747-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/4468-1745-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/5192-1748-0x0000000001E80000-0x00000000020EB000-memory.dmp

Filesize
2.4MB

Download
memory/5192-1744-0x0000000001E80000-0x00000000020EB000-memory.dmp

Filesize
2.4MB

Download
memory/5192-1750-0x0000000001E80000-0x00000000020EB000-memory.dmp

Filesize
2.4MB

Download
memory/5192-2543-0x0000000001E80000-0x00000000020EB000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads