danabot | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

max time kernel
73s
max time network
79s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
23/07/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

danabot banker botnet discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000800000001ab6f-363.dat	family_danabot

Blocklisted process makes network request 1 IoCs

flow	pid	Process
40	1968	rundll32.exe

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3000	DanaBot.exe

Loads dropped DLL 3 IoCs

pid	Process
2176	regsvr32.exe
1968	rundll32.exe
1968	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	raw.githubusercontent.com
35	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662298371366552"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 2168	4816	chrome.exe	70
PID 4816 wrote to memory of 2168	4816	chrome.exe	70
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4376	4816	chrome.exe	72
PID 4816 wrote to memory of 4320	4816	chrome.exe	73
PID 4816 wrote to memory of 4320	4816	chrome.exe	73
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74
PID 4816 wrote to memory of 4700	4816	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff949a29758,0x7ff949a29768,0x7ff949a29778
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1672 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5220 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5380 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1884,i,9737024993982039629,16069144440466237046,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3000
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@3000
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2176
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
431acad24f052734b25d2b19b13f54da

SHA1
a47411d99a29693272dfa77c025fb3c90bc5b10c

SHA256
c61cf06269ed972187c834407521d325af45020466fc810547aaa8611aae0090

SHA512
57184c4187b15d2423491fa4f803706a2ac1b4486fa1d876080196374be7e6be4cb4c3cc6dc871b238067e4f5e1d27cd039dc6b1dcbc996434948a4087169974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f2faebb08e012170a77d5a06b413af9d

SHA1
6da9fc26d5091a1917dfa860b69075c4e02571fb

SHA256
99ea9a3c348555169645a098e01dc6c907deee3410e7d3a9474c978b9c2745fd

SHA512
6f9cb9e8b84358e3973b5709e6fcd133d0b379744b887fcee18197b0e1050740c8d6657263124aa9662d6cdc8cbf10ae317a459cc1f9ab7dfb1724c47ea29bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
81e5ea30dac3ee9e9ccdda15eb5d6fe3

SHA1
4facd3471b160025a8e7f901cfa45050966873ed

SHA256
508b5527602daa4e5678894a12ee433d39d5f9cf58f3eda75c0379ab4c227c44

SHA512
e7ffbeeb44004dee1c750f68838718e72bdd00eb66cdef739f77539218a0379bbf196f6fd430d48064d80e9067faf883b437853ed731a05948e09ff8eb2861cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
bcda215442d5f5325297031a8379840a

SHA1
6b787584704943c67282ca1f52b176bdd98a7033

SHA256
e70131ee13de25d50c138e933fa41400597e9c146035f2b48a30d6d45937548e

SHA512
67fd40106e5e0e98d147da4d810f0afa6cb361411302872952535fd41f4c5714f7115612b17370218917f350f0b0c7c2dee0f20ce707154309472836cdf63e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
15b133097429fa61e7032e500f40c790

SHA1
7782371fc8f4855030ca867f738c73e99fffd971

SHA256
eb3f1ca492f7dd251176222eb138adbb984ce61c0b4d10e8ab5691d69cd73e4f

SHA512
dfaaca8bc945243e2bbd0c82ee1c5432eaa74a3e21061112b6cf7bdb2d85d78a0447f94f8165f59da80f318845c7b52045b7f56ac30a4d1fb8cd4e62321960b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
605ed824d1a96483b6d3cc09a5e228c9

SHA1
343b2b0ae085bc82faf998b2d13a6b2d1bd44322

SHA256
d82472935d6c3752be81410a016039f2b50c8c1a70b50472d10174740b6deea5

SHA512
20d7218f0b8f1937b095b229682f0aecbdaa5917afec7efdd88a4cfb9b9801016f59284f42fb3dc4c30695fa9c95205b3a2e5b0959ea6b0beca1cd3ab5d884ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9153bd2ea0b44af623ec5d5b520315e

SHA1
28a35437065010760cdfc7faefec34fb25e205bc

SHA256
9e5cb95ae79fed1316ebf70056055f8643da0e880e1f9afef2cc8e64b35cd371

SHA512
31694f8afb103e663f3087ed4ba83de7780e3067d54fb32572105dfb4fa3da67993f72ab2e95d536b3e50c9da15da57fca1b4e9b2f4b09cef509d8bb3e36d043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ff95ff08e36f6a3023fcca72a7ed888

SHA1
458bd05afc656d2a2b0dfd07a6e5fcf61253b5eb

SHA256
11443e8b1266814200834ecd2dfb6c1d461adf0b6ede77dacf2f10e468f6a796

SHA512
f629eac28deabe7fa9f9176fae9432c6daf13e79b7913b2d40aaa6afcb1f4640afc5b26aff2d461d45d4a1a0b8536a42779b5cf6fefdb7f1f288a4ce6f923409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90dc8c8e879890a2eaac985488cc1aa0

SHA1
44e71fa9a273187b5ed9474886abe3a57c8c47fb

SHA256
966f35557364bfc2a7411efe96ee581d486810f7e2f666515a9ce7cd3374d51c

SHA512
fc23c1c49bd3b749aafcce1d5814cc9d51ad88dacdba114a121190b7c6f9fa40fb03588f2fb03c0191d1fe88264952568430f8ea5dd356d93185a2020f80e847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d32b00fea0683c34a8759744524b91c8

SHA1
112c6c38487700575ba23dae5bac90d97e73016f

SHA256
a4785b08a494eb87583229938991de8c707b2cff63ab2deb41f2c97de9cee803

SHA512
3155196825539347e5191db9749b5e15a4e4f9e8668f3a4dd92d524e9dacb7d142aff26b01cd30c4cc3211f1763914d850a918dab82c6113071dfb1ce042f3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1fc07d2479a0b936271690922e482763

SHA1
d7915a6d54baab4c6135c3199503e485f02fbe6e

SHA256
e8086838977c98ee94e77e53b0a18d998519e63e1cdc737236be8d091108be0e

SHA512
a8f324968f46a6ddc9921da1a0ee060481c3f3792bb0ed4b7406b66e545049fb204a4515cbb7933f932442b6b9f074e2df50af74a7d290c289ba65a1fbb6b665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3f3a7362c35563b8310dba1239359a53

SHA1
b6b98fe9a5a2954171f75c5a9726243f6364e237

SHA256
b5b3574508a2ee16cd0d70669747de4f36948c711158dc664a3ac69c9710816e

SHA512
19527ad46f64f97ebe54091173b7950707b33ad79171ff4ec6144de317151aa5c799cfb63002ad8b30085ebb3ae881cc8c1bd7867dd605ff10331062ba202b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad748b4bb3046927e1bd3644b9d935fb

SHA1
be7f2d73718994b6c19e663db58b9c8d09dec05b

SHA256
43d13d350ae3b301acea099e31b92e54697dfc98ec6c447fb9205b69ee78fedf

SHA512
e28e1ca3d2dddb7fa03bd8264ee2c137674c4fa2551f84d448423055264c2c282369dbd3d917053baa26bca2a12ad9de7881700ea61ad2eace6e7a0bbe8e74b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
86e76d5fd1686b293b03f0c163d28a8c

SHA1
e575fd9fa4211f0de6881aa464cdff650c615d82

SHA256
4c1c3eb64efb7bceaaa0e1a5383bb81e8e91d8d375dd914b772f7e5643a1fb88

SHA512
6a461871832c6d47fcc7935b6300e665c5e4198075d03443fe5cdbe549760adcad9e2fb82aaf9afad0227d41858381bf6cd8da53d30b00f0a18c2027d3ad42ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
5d98a6c2e90f6083369cd47a8bff7312

SHA1
0c241a2fcb66111a325aa7179c0233d67451b14f

SHA256
bbb834a7d1125e5075523f0f61da18ae7c553ce89fe299b88842a0baae8d0ee1

SHA512
e6245cf61b25178fa3bd6ee901301b761a7dc8946df1fed94ba3ffbc82fc08f3d9b42eef0763ff78aaae98cc31807e078ce100f04a5493d2af5fdd61e838bff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
bea1c51578e4c79127f0d3766851d4ca

SHA1
551b2587ed7aa0bde7e1b63d299ff1ff93ac90c1

SHA256
24c66b88f50adc62f806d5e7c1b7681e68a502106b3093c65e4aa5b0c3ef6b9b

SHA512
b37e84610b0f680813c9561e32b2cf3e77a6faba5b31339ed37b78b904fdfc988f9d95e3150490ee96e2eb9c2546e76da37b8ed7e521fdf86902616f6e2e03e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
73269011a584ff9236343bf04dbc7320

SHA1
fff2d4e212a05aabac63279f69fd374d914dcced

SHA256
4fb54629edd1772184b4e7f32618613e5e645b8ef5d1ce3f287c1d61218aa105

SHA512
76838af97d14862f5b69ceabbc61160737910b916958666b593399a7a40a2e4a8a6b6065869eb9808b28ccd93b96ee9b75854d06e34799322b0dfe7cb15764e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
b3c77c9852bfda2d4c5a2c0494e12083

SHA1
93b8504e177c3d6bc6faf466d4168ae46068f2af

SHA256
841841f1bbf33f3e9deec9ced63fea2021feb8b984aa58bddefb74d1dcecb693

SHA512
f537c537f3034dd5480bf090739fbb5639163fa7d7a5ed0ccd46c71a1399972cd75d20eca5d1377b3e8c6228f553d8a5aa8304d8dc0888058d964ed87a896a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e087.TMP

Filesize
98KB

MD5
a4092c369462abbb79c6b4176fe81cbc

SHA1
17d894b94d06b3cf92c95eaca1d79ecc631d068c

SHA256
a0ca5bce7cda139348a7dce9b8d3b3d166e9d1fc2d9a2f9ae01dd47fca70e5ec

SHA512
901ca8e1ba515936867bbacec86f71e66fc8e53d449529774ce77a05efb39786950e915ce5a7cf3a5d6cf05b708a3c4a29f1994f7ac70f16f3513561c05ee067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\DanaBot.exe

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
memory/1968-367-0x0000000004430000-0x000000000469B000-memory.dmp

Filesize
2.4MB

Download
memory/3000-319-0x00000000029D0000-0x0000000002C5D000-memory.dmp

Filesize
2.6MB

Download
memory/3000-361-0x00000000029D0000-0x0000000002C5D000-memory.dmp

Filesize
2.6MB

Download
memory/3000-362-0x0000000000400000-0x000000000069A000-memory.dmp

Filesize
2.6MB

Download
memory/3000-360-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/3000-320-0x0000000000400000-0x000000000069A000-memory.dmp

Filesize
2.6MB

Download
memory/3000-318-0x0000000002750000-0x00000000029D0000-memory.dmp

Filesize
2.5MB

Download