danabot | hxxp://kkk

Analysis

max time kernel
858s
max time network
863s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://kkk

Score

10^/10

danabot banker botnet discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x0009000000023586-1452.dat	family_danabot

Blocklisted process makes network request 2 IoCs

flow	pid	Process
207	1764	rundll32.exe
209	1764	rundll32.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1796	DanaBot.exe
3748	DanaBot.exe

Loads dropped DLL 3 IoCs

pid	Process
2160	regsvr32.exe
2160	regsvr32.exe
1764	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
206	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4816	1796	WerFault.exe	169
1320	3748	WerFault.exe	177

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{00D69898-B48F-46E4-AF40-A5BA5CB80E82}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 186596.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2072	msedge.exe
2072	msedge.exe
2232	identity_helper.exe
2232	identity_helper.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
1224	msedge.exe
1224	msedge.exe
1832	msedge.exe
1832	msedge.exe
1472	msedge.exe
1472	msedge.exe
4380	msedge.exe
4380	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3484	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3528	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 4732	2072	msedge.exe	86
PID 2072 wrote to memory of 4732	2072	msedge.exe	86
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 524	2072	msedge.exe	87
PID 2072 wrote to memory of 2516	2072	msedge.exe	88
PID 2072 wrote to memory of 2516	2072	msedge.exe	88
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89
PID 2072 wrote to memory of 2436	2072	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://kkk
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2e0146f8,0x7ffd2e014708,0x7ffd2e014718
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,612660025250310947,2040894736631255065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1796
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@1796
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2160
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 488
    3⤵
    - Program crash
    PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3484
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\blueman-2.4.3.tar.gz
  2⤵
  PID:4712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1796 -ip 1796
1⤵
PID:772

C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 388
  2⤵
  - Program crash
  PID:1320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3748 -ip 3748
1⤵
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2f875204-9b2c-41fc-9067-38aad7506c1b.tmp

Filesize
11KB

MD5
7155a505b2def1b9750d6c097154578d

SHA1
f7667495d099eef3b9d0a4cd4558c0dd709ab09e

SHA256
7c53237c636fea974cd4a5d286424156af053a88113bebe6160c6b3045b7347f

SHA512
7cc8edd7d13f25d1c590cc2f865c07134ea5afefae922f5931eedeaaccf53c11a4f1c4f0e6f72e180004d69e9f3c3e2b99c5e1a04e8e47cf0953aff0974879a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\225efecf-d504-4211-b5b9-18b2907866e4.tmp

Filesize
6KB

MD5
357fde2d346bce5620285e3f7f42222f

SHA1
828b6e8a453aed61c386510cb18b7c305a6919f2

SHA256
bb9cad92711b7ea5617d43fdc45df0924f67a6e9a8d6b0437d8629284fb4af35

SHA512
faf6474708ec9a1e6c2bbe7d60662706a4897ed4014cda879f046a8cdcbf8041e734d7f0e47e8976d145a69e5a56e64e00f71d051f269befdfd0de1917a15772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
1KB

MD5
c1a2f0234c8cb12603c9c9b6d54738c6

SHA1
f4d3a5d303a679bcae763dff28866f7293cbf84b

SHA256
888a61399ca62da4293ec13394fe841c3eaa5c6d3c1178179cef7c41be5c65ee

SHA512
d67b710fb4f93a910008216a865b61543b7e78b691674f0fc0191e1035719084180768008c2ad180c5d819ab3de798d4194a6f8b8abd3691d8241d4471f86b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
3KB

MD5
397211a9ea2d2d0811c26829ff603201

SHA1
33ef2d7c2b0ded157b400709f7dcfa3c9991131b

SHA256
6a9b5d86a7325d97762193764f447fa6b171242c875f8d0086e12b561882c1ec

SHA512
ceb09ae7581e7e340dbd8cefc513a4676903b1c8ece764f7006e300a74e4c21caa7073a3fd71ef7072083ee0682a41722ca210ce19aec6ed745711127ab34308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
2KB

MD5
b64156140f7d82d102c3fcc922e23e14

SHA1
495d2b0d21a625c24703f45e3fe4849420a9e2a4

SHA256
29b7270979598a84910a076e420558f8d04eaa4a5d376bef37a7bac8e0dc1b22

SHA512
e0c2a24fdb1b765ef82f7d6aed8c5d62c5df1aa428679d52c24aada61ff7e064332861f4353193236b092522fd5fa47f7e6eb92357a0cd3040082f1fd8dacb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
b4edc201528cfba6a09bce5b13092f27

SHA1
e342cc9c60d29486b3157514577a81fffd01f09d

SHA256
c958ce90d3f05951656f73eabf12bd33d086f1fb155d5ea6fab0bca3e3bf2d52

SHA512
a97cb1f3322dc64db67700d7baef1bf553989ebf048599dcbc12071b81e2a57b6e4c3fa126bf9f15c02afc0c412c3ecbbab8f476cff6295924597382bfbd1d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
41fa4ecd96b8e7d886e3b8d61e92c0cf

SHA1
7479328d554ac80538b2036c6e40a410b7fb82cd

SHA256
1f96eaca1758800e8dce7d46231ab080db0bcd92293d52c1680d26bce1ca9c4c

SHA512
cdbbc279ef003fc729b197d88aa606f721f7ea7d444c7c1128945ed65222aca0a4497b73e80f9526576cb707c4fe4caff36a44a8edd33db7aa8174ac380064b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
3d060d51e2e3e280b00f445135988f98

SHA1
6d5aa7770565dbd351ffff6f79a4c54079477b0f

SHA256
b34c8fe456486fb4f16f553fb3002d2c9fadd704159ed349f0c73e1231cc24ae

SHA512
3276dcda277551e0b99cf9ff9d97686e643bb23fcae86058b03ba0699f4c3540e84ff145b5ad82e7118c88d1cda794983df12dd6a01e0bd24b582770961bcd5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d37cb16ef5eb861d_0

Filesize
3KB

MD5
e6b7b23eb274d3f120f4d904a3930086

SHA1
e3af3095ddd8026c3824e6e8101051baade70ac4

SHA256
5b61a8d27c83118aabcf2b0e0d5ca27a4c5c10896f26a36561a352ef1b4c363e

SHA512
238c900636b72c68b435f597816a8227bb23b5b27702695a19377a440b33dc34937b2c3acc42a1a235e1a33aca1b3b57d0e4335b5a756c1d9721a2bdcc1290d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
b16719bb7908f1125f069a2aa4b83728

SHA1
3ff9a2b25fbe98b39a1cae458f396add4d8a4546

SHA256
bb015f982a1b2d0d7ca6fe80c782ff4d03aedfd9b846ebb0974605584426a99f

SHA512
b9be559de49f6e50371fd7c9b1699822bfa48622e8fa1cebc3b7bd5b28628d3779d19178f2afaf491fcad6fca1580f8c85289ab529914704477541c73d018374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
72915383c32edfa800a1fd84e731d572

SHA1
c402b573076708b96d9d8d1845dd7f958a1f4fe4

SHA256
4b33dee406ccc8f9d76a94315c7fe7bbc25ca1a1d1e408a10608e3207429e7a6

SHA512
6a3f7142c898673a4fce11749ed1ae1cdbf806b7725e8d9b469abd2d655cf3dd882884847138f38a32e567b778eba6eb1393ca84588804c95e9ec73e468435fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
78c423fdacb367e985a79573555a93db

SHA1
69eff96d09f3c4408fdc7bcce56dca8573198adb

SHA256
d0150535fcc9834fd32a9f4622dd01a364ddd4142a024515f79f64775d2e3a20

SHA512
5c72f2c32ea39b6977a83a9467ee97c8f6bc6dd2a1848d74a97e754cae2a9d97b0686beb6e69ef46b9107eb97bf6db3837c45bf68a534cb983fe90baf15d9904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5b63400ad84042abb187b3e29ac63cea

SHA1
8329cdc10324af62ef6e78d387d489fd1191d2f4

SHA256
930761b5516e913f35153b9a5dca17f5374b95aaaa58b46692ce9ba0fd540eb4

SHA512
e5c2694b7d5690d5a0a3ce48245d131d55ae2dc8e4c495b5c7d772e51711c44cef04f5581647c0d4cd663f4018ac248c09ba9443ca4bee8fb76d0314fd65c3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
241b5a2d129dd889559e8e7fb9de51a9

SHA1
bae9b399e76ae2b770066c150ced8829a528d604

SHA256
fd55f2fe53780c9fe35995db916844ee7210acba00e49dfb706ea085d6d80d41

SHA512
54e360910ce280713dbcb7a5211d0d31dbbb3fdcfc9d8ce52003c1336ea220ec1d1a5539450d87b53b90f0fbeaae59a557dbe104413cec59368d6d3473b17e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0371201e60b0a3f015149ac0d63d37f9

SHA1
894d9056d735e38fdc811e0879c4051360ff8a83

SHA256
229358dee9b6e348853c5fffd59edcd3db6db50ef13e8d8ed4223f814d1cb17a

SHA512
098711c66a610c7bfae25c6073640114aa5f806b850b61f4a2369a10c42cbc689785552cb9cff0cae46369b144e274962b4e34bcd674c6b12ecbf1507c3f5e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
873B

MD5
92e0f32a6fe11147f6c0fbf42a3ce01d

SHA1
adc0fc13750b4dce993d575bc08cd325fb1ad527

SHA256
e515d27f30d78436782921665c9734ce5c1eaaf700e7be653817a098440bb931

SHA512
b9f9fcd733f8d232922b1ced29fe2cd42c1ec8c06c52cc09678d36af692a9fbd641716ab7fe12ab42abd984c347ab69078ecba006909fd091509779ecaf46118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a0e6843a172c55ce3c48408c5270ad45

SHA1
9e240e4be915f39595097302685b01cfbd397b07

SHA256
fb72943f154f4e9a22a4efbe97936aceb991ad7cf614eb94f664dc47d1714126

SHA512
6e9176afd22e242c2f2f9d838c1b97f9ac976fef24448bdbc93d055c5c2da93d21da534ed6f5cfe90123e173be9761976f41c2c1a60b7b41a2e2076a57b30d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aa79b81c438d56b03336faf38eae68ca

SHA1
c61ea18f1fe32f171609b916e34555401411997e

SHA256
5f972850603ac974e8b315c3e41bed0afd46ac9fb4b19cea328e928189836632

SHA512
e91d67ac82315d60b103811f27f760d1aa9d528c77cfecf506dd7856ec876017488873a718e8962a19ca55d34c1e2398974b2874497f212f583aeff2d336fe7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3daba2328b432c222b64c77e8829247

SHA1
bc86c22508c56a410fd473862ef1369c032ff75a

SHA256
d83db0294ac9c92d70d020bba44fb8102d4dd0e71ecab8e027547e0db9fb0f81

SHA512
29a1dd43727542d33b972abaa77b16ffea2a0a86926586496449b96da9598bb34bf103f98d167a43bf60cd9d45d36287b55b537ca4e0384bf21384eb08a05808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b87ed24f7cdf6e01d21b26fca7fef26

SHA1
b193db0ad3195cb3cedaf9ad1b553b484c961799

SHA256
aeeb5bf03666ce18012d9d76944a1a0e20fc5b8b7ca8536b990ac6008f50cae5

SHA512
47d0ce47a3dc860752ef0ecb6ad86eeac86e1df3e08ea31bb4bc813df6fa10e888897565cd1badc3839bb82750592c07d1cda9df0ce107032c034b0cc6b3bd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03e97609bedb24db780ff51fbb7f33a6

SHA1
79abd0b6b3a4a6ec960a194493a2fc07af3280a5

SHA256
3fdb82b003fcd2b98583a186c6d41cabb10fdfa0e65436387cb779a6f93e54d5

SHA512
08fae8f9e3da50a3cb050d28bdeff93250f56379011fc6808027357ad19bd1ef2f0f72161e213f29dc61cf3641635437bd3dba159634ce9f762671055c2e3f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03e7d095daf668e08a5126bbdcee6710

SHA1
6b9fd29e529a86a00853f5f137815e3ed773e78b

SHA256
059cbe84a85d1c1f36ecf7a87ca675a704bada28b766efab8a932ca80a3fd8e1

SHA512
502a35644e1e4442e3b5b47110f543fa19852aced8244173e1dcd2384e338ada0fa549a8ca37c413a0d3ffb1822010ca479ba2fa33b72b56cfa7855d6a0581f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a8229f1e4c05bd8ac1e2488c80f6a04

SHA1
88a3828810e4da85d3d32f3600753a5534ad0e39

SHA256
dfadab80c8205905f75909c88ee6699cccca51833f38832de3a24c2d48ef8a7b

SHA512
0431ed365eb61175220c1214669deb0cbc5ce319b3600a5178f610e9aa68729af104a4554c3a3c96882afe9c5c74374a0766d3593c5d194a8caae30075235571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dad1adea426710e5aae4f02c956ab3f3

SHA1
4100725c34167c4a492709bb6e4f02c3e51c6285

SHA256
d79ed29723a40cd3f3049a9319f4ec471746e102e7a96a9dcafc3bb316d52785

SHA512
9694c5e9f2675446e76ae2d8f78e1f856cd32012700c8831afb10ee42986d54243a6f5fb44aae66692bbea0dede2dc521916355d10f6057fc5ec9cddcdd61ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad96ec3a32b5cd85a9d3a6c4253805f9

SHA1
0f15214ca6edc4589c96a36986b85314c5d304f9

SHA256
70e6e1e5998f0315f754e277680bdfc5af816bf5f300fcbe475f6c8924e93f22

SHA512
50f128feade29c5ad2a1534755f77ca4114bd7e01b56140f509bd97b5c77e7daf61d6807621842ce1846cb83f1ae8b217298a61cf3d852d41d89ae8188f3b02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86d041a1618ebf7cc9ed0c1acb7ec2be

SHA1
fac8fe81698f2d77d6d56a5d9a93b1056eb65dbb

SHA256
03650ecf51caae26e8ef3a009a67e13ae2aa1e1490a505217426aa79be8d54af

SHA512
fdac394b2cd5bef7d7ce604febd2d4b2378af70b5f9301c2a8fbc90865bd383ef5a474eff35c79b9af4b5e01e32258470bd196ff46641cd5fd0f968946cac7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc316c35571c7ea95b927b48ba2b0bbc

SHA1
82160cde01ddbb8620775c3190017cbde2b3125d

SHA256
bfa7f30fd1c2a3e6d891be27aaed54efec67b803c77d4f6cbd486b25f30ae2de

SHA512
c4f5f0682b2a07433ef0ad57640f0efdc2fb6dd7c74a33b0c1dc0067ddd5b712798823dde07183aac68ddc11f705f737c9a027fafe1ce07ab3c0ddbe6804b9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db2377e9187282b9b9a590f9e4d1776c

SHA1
55e4c0ff7fa77388afe4a19f703ee4c3f218ec2c

SHA256
703be7785c9308633131447abb9cfc01a39dc9e87a4980b9be966d8b37da1724

SHA512
e544058a0876fdd413cd4ba10f574c0dbada5b22fa25ab10980bbda0be97dc388b12f6861cf4c3b745674eab1b7a1e250433119f80e2e8729cb6a36b848c16e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ed6c67ed1b337a770662a5f297cf8cf

SHA1
dce2f5e20ab97358652b503e6b96a427eebeb42c

SHA256
289d55c531c0adb2d9b813f50db4ef98f3872938a8a732a99b3e9bd280c3340d

SHA512
ccf27499e17a84086417db3b2882fea14907b0d12a58ce33a37853787c8b501f8740da9f01ac366a52b991bcd981cad45d678a7a0e2febdddd56f17da73c2a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a626652f261bf93ed3a0f3990a16561a

SHA1
7bdb294a579082e651c00cd556761260f00aa453

SHA256
3029521706637e1b7601a3874d7d9d3a50da0f34de5bcccd59267b70ca3fe749

SHA512
b283adfbb54909cd0c58ec603b5a10fbcfbfb6a3b0a41e6ca32e7c4c6a7a2c9833f17c6a69c575b541b58569175dab809f7210e37099e67ce20b15ad35f15b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
461d5a86466925ca4b3b81f41d7dc246

SHA1
9a9624b033bf3ce559be4e2f4f628b555bbdd4e4

SHA256
d533d6d9a2db026f56c9a118b0d83ec8a87fcaf62a2ccc15be29bc0c0a8347a2

SHA512
ab49d15908fdceaaa81c6a601243a2dd04c33f7ef0297bc3724b04040a30f02d59ee2b1d0a72caae4c421a706240d59a8d2c6b7518d9eefb05a2578aafed45a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
065ad762c257cfa3f4bdd07312d32910

SHA1
689de8b9c61494c914fb033f74c2d6757e22272f

SHA256
ac2b833f2d6f71f787aa9cb685651f41237d1fc2f0c487d850ae8253431b66bb

SHA512
f8a28235bba1fc0393db2dc1f6480d44e1d99b10666f1fe528a753380999e314b83d06d503e3a097a39772167cc499dfefeb03667bfc07e2338309827fc71fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46e019b2b7c537ae3845d2ff2a9d10a8

SHA1
0c786fa8c13eb0b1d7784b308aaae01c3cd54585

SHA256
37e8a70ca39e94b574472d420a018f019f9907c907c6b1245f1ba05e272284e4

SHA512
03eb287407fc0d03212944088aa0323b75d65eee532a7ed641ea7a242b8893645b63df69ba4bd3bf4b776edfc4b84e822d6217819050f42d7d9e16482b2c6b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
915faf685f8353f89d37072ed700e957

SHA1
81f1de9563baaef7f9db66e492993d6c08cc4be8

SHA256
6d3f2e8e966d7c9945e0e86f87557496654295b025145cbd501d0d7a44c52a43

SHA512
80668e4c1cbfb1897a2ae06c7ac54f0eae7eff61cac043293338efa30fb7c78c26c64d5de7d6be7d661cfebd88869aaf9524169bd8f4baf5adc81a1940a373b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bee0bd8a9345824ad5382ca60694c3bf

SHA1
a71abf9c9becc9191b6dda1797726bc5ba563368

SHA256
3652e3a813e7e0d28f6a3cd854e371d0c36127c48ce095da4c194ac633a83bec

SHA512
fbef06f6ef1352de322c3cd9917db63908ed6c88aa71d4d6288d278ccd97c3d7ce78cd6e87ba37d02ea50c4577de8b27105dd2fcc430b3fcec56f175cd300626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78d1517d3e51db946d038d7e8e7b0825

SHA1
a9ebb14a6aafe11955153c200736e2c78a7ac2bf

SHA256
5dce2dc95f8117eb9db84d6d04a11fb18d7f628e65fcc908e70e6ca083aff743

SHA512
5b0339ee4155b60dacf8dfd46301f0355f8f3b19d85787513fa94c1e9f7d2044831c8441dc01bfae53f6df3f87b0888ce34cf4a58a480c489803f09e5c00639d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad992eec2ab731d42a11adcf43e0ad0d

SHA1
8dc5d9913f00a5993dc215e4a850fd7bcbd2dbde

SHA256
0c0dd79ff48439bd39af58568c4d710cff566aa4d6bcdeb488b6c64b375be2f1

SHA512
e8715ed67241a49fc66e63d2d05ac2769a026834e51a8f2e3925d6ce21112defcbf8fbef4b74f4bf1717239a68692edc151ae58479f4b47fc9f3fb9059d5c981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfab223b04bcf9dfaf472bc708b9b536

SHA1
78f1e3db3735bf3bb8c1c6c26a7e8a95ed205afc

SHA256
1f40104376c1346634034d24c7f2f84928850e3a13bfe594ab46edade6eb9603

SHA512
65d0962158fa41c28ac3002af8824be2bc0edf96fe0a13a22c1d28dc48ec2ef207ce24e74da8547909d31b08fed226f5fb5a4ffbc5a3b1e07809db604f3b3e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a41fc.TMP

Filesize
1KB

MD5
a29e76a452605b9cea47a4f6ae395544

SHA1
c19226e82c9d2822ab122433a250a7604e2872e0

SHA256
6a80b635f8e860022b0041006fd15ace6b57fbefab6d0519808250da1f98e30e

SHA512
24a965af54f149e9652d2a5aaf0e607c186d6c728cc771519483d72716d8ccb8463f3d61a46444af8579d2ad838c58df196ffdea32249b1e56c96e8f1587255a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b089c4dfd46f7dfeb2e2ea5f35fc56b0

SHA1
b4ce4694f80bb714ec5ac28b87cc63a06e5f05dc

SHA256
c564b94236a56966346e3618568a2933c72ffcc0f6e824b0f6cff5f31c574776

SHA512
38c6a1af65bd920952407ad6b93afc7dbfad5fbb13e86ce40b4856e88d2d8bacebdd0f15745d5d1d72d0e243cad6f4c1a0ba94242ce61369c68c607b85e72529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4942bd352b81403d72327074d7b8a1f1

SHA1
0206f6d8123ca1fa876798d5e72727f3b3fd7226

SHA256
9d79d41c9ce56aece515856a9e66cd439e531ba31b3b65a4dcb6b0a24388f929

SHA512
675d4beea330614a0bb3d7f4c775196a4f628b6e909ae66a471ec749a9e35af9cef24e00550a5679dc355c2c82ddf836b8678b1b29624d142f3b30e3b72453f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0d5ec8da6f4d88d262c26d86b3363fab

SHA1
81c43dcc014fe4209b273fc7c742ee1e9a5daffc

SHA256
9aba214bcb990f3aa4b18ca04de9e7e55ad56954a9655561ad10bd02e6580ec6

SHA512
3dd3c762769e0c871302722a237e338b94e06c786888e420fdfb127313a742b6d754b87e0dedcbf0def52c9b1a2c80ed114d7c26b12c7da6f89213cc7ed7726f

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 186596.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\blueman-2.4.3.tar.gz

Filesize
3.3MB

MD5
f6df540d22c5b5a54290d0446cdbe95a

SHA1
fde961459cb2ab348ba2d97e92cb57b874ac3c4c

SHA256
a6a4077102c9cf3d4b1642bec6942026da0788a5c39c069d81d9b7bcfa2bfd50

SHA512
d2a34e527f7a8e33a8377556050ba7a752b8923342e7c3540fdb42758f8609c06863066c923f4ee0a77f82c0683f5325a7536a92d8aeb755f8c3d86e3cb350b6

Download Submit
C:\Users\Admin\Downloads\blueman-2.4.3.tar.xz

Filesize
1.5MB

MD5
b1dfd6fae23e579c85b36f5c589f0386

SHA1
9cdd81db4ca3ec97742c1fa357b1f0bc0b1fbf11

SHA256
bdfc49909742cb79288f8a11d6f666b75c2713b91c085e6d0dd329434793fe85

SHA512
387e51d143b90ee34d156595f83d032930e427baee4065cb07809b8273f4da641893caa4113cc034c81bfacdb9b2caffb316b6d8738a44aba90ca6941aefc13f

Download Submit
C:\Users\Admin\Downloads\blueman-2.4.3.zip

Filesize
2.3MB

MD5
0935b529dd1ec843af657b8218fc7e34

SHA1
fa91887607aa9c2df984614605dd839daa471ba6

SHA256
7105385b8d2400237b4a68ea47364743ad70a87197d16740463cdd429fda91ca

SHA512
1012ef6ae5233c6d5e1e648eb524aa144b04a7ec48f40587d7fd65a3576070773d7af390d49772030189fadd2339fc2b0d1a30efaa634b5e676eb41c81b2cc0a

Download Submit
memory/1764-1498-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/1796-1457-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/2160-1455-0x0000000002360000-0x00000000025CB000-memory.dmp

Filesize
2.4MB

Download
memory/3748-1509-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download