danabot | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Banking-Malware/DanaBot[.]exe

Analysis

max time kernel
82s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Banking-Malware/DanaBot.exe

Score

10^/10

danabot banker botnet discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x00080000000236a4-5.dat	family_danabot

Blocklisted process makes network request 3 IoCs

flow	pid	Process
109	4116	rundll32.exe
138	4116	rundll32.exe
195	4116	rundll32.exe

Loads dropped DLL 3 IoCs

pid	Process
2020	regsvr32.exe
2020	regsvr32.exe
4116	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
94	raw.githubusercontent.com
95	raw.githubusercontent.com
96	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2120	448	WerFault.exe	112

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683426402843168"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{A37E0221-44E3-4775-A59F-D0DD252C9940}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{8B2AC250-3D23-47B3-9C45-BB1E4BDDF8C3}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 2020	448	DanaBot.exe	115
PID 448 wrote to memory of 2020	448	DanaBot.exe	115
PID 448 wrote to memory of 2020	448	DanaBot.exe	115
PID 2020 wrote to memory of 4116	2020	regsvr32.exe	119
PID 2020 wrote to memory of 4116	2020	regsvr32.exe	119
PID 2020 wrote to memory of 4116	2020	regsvr32.exe	119
PID 2348 wrote to memory of 4976	2348	msedge.exe	121
PID 2348 wrote to memory of 4976	2348	msedge.exe	121
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1536	2348	msedge.exe	122
PID 2348 wrote to memory of 1592	2348	msedge.exe	123
PID 2348 wrote to memory of 1592	2348	msedge.exe	123
PID 2348 wrote to memory of 1444	2348	msedge.exe	124
PID 2348 wrote to memory of 1444	2348	msedge.exe	124
PID 2348 wrote to memory of 1444	2348	msedge.exe	124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Banking-Malware/DanaBot.exe
1⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3888,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:1
1⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4148,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:1
1⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5412,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
1⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5444,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
1⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5896,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:8
1⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6044,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
1⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6196,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
1⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6576,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8
1⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=6884,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:8
1⤵
PID:3468

C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:448
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@448
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 460
  2⤵
  - Program crash
  PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 448 -ip 448
1⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ffa1f0bd198,0x7ffa1f0bd1a4,0x7ffa1f0bd1b0
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2476,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=2472 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1816,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2012,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4476,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4476,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4720,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4736,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4800,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4840,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5024,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5616,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5468,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6228,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5180,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5400,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6376,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6100,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6244,i,12911084029259398528,18386309474121673196,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffa1f0bd198,0x7ffa1f0bd1a4,0x7ffa1f0bd1b0
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2184,i,2810457007050691577,16280896308813586932,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1868,i,2810457007050691577,16280896308813586932,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    PID:2632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2364,i,2810457007050691577,16280896308813586932,262144 --variations-seed-version --mojo-platform-channel-handle=2592 /prefetch:8
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4512,i,2810457007050691577,16280896308813586932,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
    3⤵
    PID:5464
- - C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4512,i,2810457007050691577,16280896308813586932,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
    3⤵
    PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0b8f5914h74beh4609h8ddehce7fdbf25074
1⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:4956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x4ac
1⤵
PID:3228

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:5296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
31bf867ffc8f9b7dc3506cd1e1db32fa

SHA1
ce5d83993b39de4221d99837553468b4d256b6d4

SHA256
e428db40325ca697bea9e2d6a223f832b1e24f36b0979c22ed5fd9d9354734bb

SHA512
cc2faf0cda8e041b3228c7341328d924f910ee9964fb01980bc1b71e9a2f15bb3df9f178c7e7502daa5ab5587c89663c1702894fcde49df881ea386fa4bf8bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5c74117a-646d-4c83-a046-f46121be52e5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ca0eb232324323f71281143bb5e76d89

SHA1
ed98a8f46c6b2369ee2ae53e2d328484e550b9ad

SHA256
2276047ddb619593351d35a9aacaf2ce45f96be99259deb2436b2e7b3fb04b50

SHA512
07f035e3f87bf8614401311aad63d9edef7555c945569b33f27690a047df90ff38e4f960464abb856240fa0d533aa441f614d78d151f576cac1967cf4f9a886e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
fd2ae05af4cc842520fac76a76dd9d39

SHA1
c1ef9f10f84d52e099caf42e1d690df8d8bbcba2

SHA256
4f7ab6b37cdf087a59988a849b706c4a9e39788faab83fa41530ffa10291eb3f

SHA512
a0acbd091026e956572974d8cbc61da73e631e783db48fb681b242cd6b80a85881929a8515d6c20e77e25e462438223d226534aee097cd01a34727d1ecb17d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c6dfded11c0c518bb800a476330196c0

SHA1
f3a50aff2a02bc46a88bad575928ab1cb9b6208c

SHA256
5cfc5436009467d2f3fcbd1a54c0f110fdb7251ba697e6caba54790d39bf88ba

SHA512
881c232c15661c70937e029914b339667a8341325558e5247c328072b3c4b298fb1a25f2297fc781b2f0df59609f7379922fb3dbddd602447bf4a1fb484e2537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
5c499f81c7f70f2b0f8d1bf8bce1b745

SHA1
6bf95efd105485d2f0ad7143ce48f1948ecfdee8

SHA256
969e51eb79759d01c654e65af241790b66514d79b1f10e59500ddc42463bfc62

SHA512
272f96da48d84d0cd80eb4b6abd479cfb1c6273ef54ffc23b5bb0981bed5db2a2a6a0fbbdc6c889aefcf1213f222a5c90dd4e3ef292ee7308f3b8b74254c720c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
21KB

MD5
fa16148d44bf8b041138f564fe55c02d

SHA1
ca00280856cc29a928c8a3d2e43f22cade2f3a07

SHA256
5f6a1e303e87b3aa4ad0d1fbc5221523bad39cb2e88ca56897ea8e4e298f9351

SHA512
64000d43c2955ca3e72607b4294debd2b21be867d66709718c3b4e5be22148ccd26548749dc574ff8f8a5720637afc6dc38d1184c691ca35c5ee9c418c7858fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000010

Filesize
54KB

MD5
4bd96baf1b35ac34813a033ad2fa65fc

SHA1
3c9d816cd4260e7b1fea30a2ea1e2edaefe3841f

SHA256
5bfafb6104f8510da3baadeb7744412629e058906bf11478a7ab58f62bede226

SHA512
a6c90d553c83c8b5dbd59ab3aa7d9f989574066c31a25a7db3383f31cfbdb71326b33351865612cf0c9487301302c59d03cf7f4e86351e3ab6573ab2b7dd8539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000011

Filesize
29KB

MD5
b79c1ab17ea523192c4904bd25a0dba6

SHA1
fe3eb7086359a3b0c9c257a699617ea64c4cde4e

SHA256
6a77d6ea63d9280b620d283395fda5e313ef0729dcd1eff8d934e3c5ec4f1050

SHA512
38813c9a2b5fa8abe4f7e7708f73073649c775c8240e881709e7471a036ddf99caee69a8589cc2e500e47fb622d8165629e26db92882aad3c793bf8d255cca8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000012

Filesize
122KB

MD5
5736b5323893dc638a85d7fa2410699f

SHA1
51a8b3a9c28a28d20855d454a3470ce833ebb7bb

SHA256
d7eeb14a802fb5ee85dbc968e5138eb6206dc69330a2e1f5e0daf052f7f7f8b8

SHA512
02c1940f0c94c5c53b783e905935bbf9abab6eab56828e30e9c953f0d3bb054c5e4ddade194c513decbbf189a7062d17e2913a0dec70eaa68adadb82f62096ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000013

Filesize
33KB

MD5
40f8e7db46a4c8a0437c63f40b08db9b

SHA1
5cdb490818fd4b16a4c76be7f88499eaccb5fc90

SHA256
d3768179188a218aaab384e8a2efa4aa4adcbfdfcf88f7ad40f2500915338956

SHA512
26ad28acb871c666bc8f30384b7a8772e5bc6b16930f61e3bbd8fee360bddb982bbfc3c2d844504816d5c3e55bdccdb95f1227f4acfc55dd3652b020dfcbad6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000014

Filesize
70KB

MD5
d010c44248f14f599e8312d6dd7b28a6

SHA1
17d3652c229d05e7d2c4778b57e413fc132ebdfe

SHA256
2c5b75483b9b2ae97dc421791520e7f8c14439a637f8b68ee745912381692348

SHA512
efd2b25ea587c5e050faff7187499c06b029699f2aa6911aaa0a1a33ca4dd63f082fd801952f60effc2b8dd56d2669d302beb0fd08a60742e3ef6847e792b95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000015

Filesize
155KB

MD5
572d6c304a822066fbc1add8458d9696

SHA1
03c27df6ebb088f601f1ebe6a106342be47deab5

SHA256
034c4c2d136d8b033c9138136305b03318c7c4e4d9455841efa7bfd954865cae

SHA512
f23b49162ca7703a59818a4e98182c9db827d590f29be92b82dd510e42a272aa4e7e775840a81292baa2f151ae1270091d512065e0f0a4d85e22e23a0c8f10c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000016

Filesize
517KB

MD5
97de47d5180a994a04a584bb43642fd5

SHA1
62b936d311cefa18c786af526fec685a77a2b8be

SHA256
1bde73accd154d301de807363f116a997d6143d0fb948f7392a76778c6c8c630

SHA512
8f65de532ddbab4555081304f9e9de0ca7442f7c2298fbc63cadb3fa3e45e62b823fbe9dbda4effe71b49b5a9601327331cea49b84f6f904124e511d5eea5ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000017

Filesize
617KB

MD5
a4ade8256e0262edb5b3cd5144c27b59

SHA1
52ecd361463e1267685d328f776a4b81330905af

SHA256
a4d429a4663a256c7e164516efb2fe77ffb65e823e258ef9cc8ffc160bd20f70

SHA512
414ea7571299a8ffd82a1e26acd1e36d50d62ef0aebf370c8c488329c8d70c43f0d39fdffaf896d01e557071408a6db0cc23a14f47b33d666b2f1d64975e103e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000018

Filesize
118KB

MD5
5c8aa5a64fed9dfbbc13261567c5d890

SHA1
0c89ea5a55eb53d37a0a196f02af34bd2f140376

SHA256
98cbef7ed37298ede5c635e8b58b4f8d89b6c2211a4d10b6723118f0812b87e2

SHA512
46468f5f245a48c4d2bdea87015b1caeb56c86bf33bb3e0c94f4672b93d7dd46e618493e589d3bc231527b92b3909552e976f38fe6d159483cace94b88bb344f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000019

Filesize
126KB

MD5
b7bb1417196cf03f6f5e8f2fccef24a3

SHA1
6a7cb728021229535c8de84a312925c12af086fd

SHA256
1e49f746a9f53d701a1599f1b69c5c799c26ea21d51952908c6527c020da77da

SHA512
d816253da865ef911ea305f7b7dc49f0698ba6317ba1420c761eac655983a4f3cbe87db479440f267894d7b3137eef9fab24dbc205a5a6a6b49a0cc12293113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
1024KB

MD5
bd8ab4277f381b3ebd9b0d4248f1d36a

SHA1
1a19730976e7fcf103e6cb38a67208ae2d88f7bf

SHA256
0e081081b00eb8445cd1fdb5a6853133ee88a01ae5cdfb7e92406b9d9834788c

SHA512
8e539e003e959410aa898860c6fc991bffe833ddee338e0c934e50d39d445742983e039391225cea40b3f6818f4e0ec5b4a924c1f5ecd936a18ed3f54a5270ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
1024KB

MD5
b8546d92e7863c83d50a9dd218d22e02

SHA1
f19b37926751227ab945dcc645abd7884e833994

SHA256
ed6fe13e71bf9f724a69c7124a4e92fa5b3d86f49522e923a79fc375ebee00ae

SHA512
5a6472765daf34fe83efba8e2e8f8f5b169d6a7bd872dd6fba5e5b7917bf3a8db4617bb9f619cf9b57f4cf31cefa1397c9f26237fa204be23df865bbd07d4b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
672KB

MD5
9a25718c5a130144a556deb276b5b2b6

SHA1
db23f6cd078ce2e2ad5906f12b65b87a3d0b2405

SHA256
5ba62c83340c6960e97dda92cd0a53989fd88301216d10167202d574902b18fd

SHA512
52d166841127d5904e63a2c77549ae6050e8cef91db48e56a319b9c4a68e27aa25d45d1fb3afdb5f8b08d4641763c61da1d94154a6cd598025874cb27dc2ad7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bc8ceb24db6270f60763370592f95831

SHA1
d2da368936f4af09591fcfa4de87ecc04e0381de

SHA256
7933c66b0a25795145293fcbc7128c6ed3e93409b78e717add35fc0cc309ea52

SHA512
324d85becda8aedb1553a7a46b8eef9497ccd9fb437cd688bb316b97384c483fa69b67662d4f53eecdac1539ff0e53894e1befe7bdb9b239b984e6b0d28e38c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
8f361430c31674341292de8874d83f2e

SHA1
c18b46810c7b0e60b3cc56e91d231fd774a88e18

SHA256
1efdddec7030fa37a201ee7166ae3e150dbdbcf4eafb761241cdd89c61c64e22

SHA512
cecac2502c2b840caa9c854382e0ea7013833fa48f1a102700d31535fbc8a924182d180dc12915e6f8e28ef9356e87a962bb40a1a9f118bf26e9b3c27db29bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
bd40ac3372b4cc36c827cbf3b5f614d0

SHA1
934126169f2457f167230e285e37ceca03ca77f4

SHA256
c606ac96c27dd6175f2786be0ceb2f325f3f26dfa7d8f0559fe372da49a309f1

SHA512
359387c9ca67c1fd0f6efbf9f3c0dfdbc565323b31222564584960f049612865d4e77aa65df546f91ea3d8d2a58474fbb6217236beaba116e26ec071f32ddf01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
408c514330e55f837837e8b4e34e7302

SHA1
313221364b664c4cb7e82274c6dc1c273da35d60

SHA256
50ad03d5ce9476e029774573fbe731d3c6da019d26e31f362a29c8755ff6fcee

SHA512
d0e441538fd8902b5f51dee471d64691f26302507f1dff7674a7f3e9c93b29797876c16453e0c0266b8d04e30d46e2c2498b2993df169119e4d1271607fe9a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
582e8a7ad8a243a3658ba7df3b5988be

SHA1
e9616387eb0a29a4c86e5522274d49c0be497556

SHA256
0bd0cd0f91872a5e6d0fa8756b8dbfffde3134ba408d7ec089ee715925d6987b

SHA512
c05aa5964d10fabd0cb93be27761248f54be6ab1a5219a2928a340136664909423d963593738e3b8500dea58b059f498184003a4888d79166c7b8bcbdbaac26f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
88bf3832fa12ea356df4b7c440581016

SHA1
35bc6135f1a937fd2c4d1b6dd17e270d866b354d

SHA256
020ffa8e1a29249128044901ef1561f803093f8912db61adf38fdd028ca0f269

SHA512
509dd44d3b01db6244a70ed488bb16e394a73ff986f34885b0f838655c7c19022b0f0512245a59a63ba4eeaa2c44d87fa768525b6db1dd209f1eee7f444c49da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e05d3504cc6c52e7219749505a685f9c

SHA1
854509e095c68df13518e0d4811a325a63aa93b1

SHA256
a9d46440e459c90f023d77b3f7950350c7025c6c57465ce6e938b9fb6be9d1d5

SHA512
ff0d81d51b0efdab80a00b3582e50eba631161aa4ac970424611b9cb00a1c0f2d37d7b7efecdcea822f8f364b6b273b0b556f976a1554db8c965f48f5ed5b4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b35bb1c9862df9a5a5ea3fb43b07e457

SHA1
f64e8292c341ec5900a59e2a24e653ab41cbfc81

SHA256
0376ec5d28ef0fb7047494baddfc1533fe730c68351441c549ac669fa6cafacd

SHA512
dea90b5abdcca2c8344534631dc4855107614b2765289847ce29bfe343a0a1e201dd97ea2d6f8edd959c030db4fb717109c0ac6c65aa16e5a821534a70013b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e283b033542dce6b4d2d65c9fc9a02fa

SHA1
61bab4eb34b1ba5063836be4d79f76211be47314

SHA256
d759c9dbcadcd80a946a4e0a831aa7cba0bfba476d360206bde4686dece9582d

SHA512
509016d0d794ee98fe73ab209d5d4608b30e6d924e04d11269861b8607b3e80a7e28b21013475871de510d28c858ba276f0aded8c2c2b3112a5cfba9cfce7103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a9e6978d773f2b943824d04cb796220e

SHA1
3326929f806af3267f145f45124fb16893794349

SHA256
900f11ee73c29c96f32fc8f9d905f54a905b0680f2dca17d12a5d98456819883

SHA512
65130a982966fca8dad8de9ae5886fcc94c187c3ef0fdc2856b2e085161e75a801743bec221c5fb77804f4a7a9e1c4e6b87e71a9ea98fd6461d7b0d946dae1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
f1c918f033008dad6819716b5664c751

SHA1
a83fcfadce2511f01ca4254996e133b80adecafd

SHA256
8f3398ea37369d92cc9b90a0d2fc6be0429fdd2bf570c171ae9908a02208ee63

SHA512
ac20ce792a560c609bb79a2093c293505d7185f99fb3990644a3c67c00ebd3895b0bdfa24885431998f0d7b236aa28b148405f6bc0483d2f14d6e85224c41e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
3f1e457b889399aaeeb37fbb70835d97

SHA1
2467e923f7cb62fa767ecd5432f2ad574100112a

SHA256
dac249040c4a98cfdc49235ee172081bd2be6ee4016a7b2953b7f636ec331abd

SHA512
fc4b7d3926e1d3b80cdb0237fd6cdf9816d3eca478760e399f729102311ba6c29b53e59d62115243ea99968843b6f27f62ac85a7d6ed67d34f859557b21ffe0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
517d2de5cc548048b64d0cec7a4abc17

SHA1
03dcfb3fa89234264c388d86f030e9be4b5393ef

SHA256
364c764c0ae5206ab21e39ece68322d7d17dd3c63855832d86bd426b5c67f63f

SHA512
d8a854c7fe86290280d4944c4280768397159f852db7eac0609e7901a1d1da558f3d6160dfb049516c6ebf17d553ea44b2218d4cad795660e39717a34279ba75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
de8c3c8bd781fc4ad61dff529bb527dc

SHA1
e75ea7d096ec3d73e474dedb505e7ba2ae9de052

SHA256
c358a8f067050e864a4f7b5ace4b87df3f878d61dd87c163cf9167484c75a128

SHA512
8f0fb3e3dba6ad62002638250c194a3ec7327b8c8fe8a71baba40027363002a400032b98c837a05cc384ecc1e9e707bea79471d7f14536ed85ccdc602f4152c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5902fb52c7e50136fefdf0241fde663a

SHA1
4c0c5145086e5c869b8da44092ec0205a75efda8

SHA256
fcc48a2623d0ca87491269981894ef276787af4d316b99b127f0a034a4cba78e

SHA512
8c4f09d9992da9a8e485963e7962e6a1954f257969c61c4eb5c7e21fa5c4a292382d6c55fdedab0deba2bc323ed6d6a3ade73b470eebc12293a29d662c696aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens

Filesize
28KB

MD5
2ab963a9d95973b9b2a2726616127e17

SHA1
8da5503720ffe3f1a928ed13ced1deafc4940388

SHA256
be64bb3000369aae846965ee2ee80b8a6bd1067137434daab66ac5caebf86413

SHA512
0f8b03998abce721d8baf0a3a6e02e1fad2dc0b6b5647f32d0d3a8e2ae64fd69279638eed892574fe7d0eccf9fe094772fce494b9203871c3b300e1793a2d7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
59301de32f7ccb0220d633d46c346851

SHA1
ed2d2493d7d9844b0c2a532aa0a6b0428be44f08

SHA256
abc326a89422e1d6888e30089fd40a3674af467393d0192ed9d9e65a5cf945af

SHA512
942a22181b4085a671c299d26a3f4900e718c40fd6c5bf497b391205f2cda14dd8bcdc415b6523e5d4464bec4fb10f82b1303d337fae232ff7cb8c36ccd2cb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
60KB

MD5
4c70bee29f729f1d9a40a53a30c346e0

SHA1
22e4b6dd25e6cef3b30aa121461fb0190c8cf9eb

SHA256
abffb8e3a312994c991d897a3984a341421d10af6a277ad46cd8c48ca7a299f1

SHA512
56db89251e9fa73652ef951af28cf8a4803cf1c3fc0bd95c2ced7facd8d21a377577689105de0c2d02fb58292b92de91957b69f2bd0290dceb98315109eec9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
6c78c65ab6c5679409ee2a3a9b97fa12

SHA1
e50052ef1b5eae37ff25f02ab695c6e7e7c7df62

SHA256
0eb8cfd3281d415eacfb333d14a1fd14899308979aa03b02162b27aff6d04cf5

SHA512
b7500f027e73e4feade45c1555ad7f8a98c216f13747a743be89b5fe7d7e1fe6ccbfdeb8cdb7d7783a47f9eb0f0764145610434bab51963ac79000a928e7b57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
65KB

MD5
55785f5a07891204dae4a2d519defc3c

SHA1
fe513eb52466fa19f700d8653f4c1c9e6c288f61

SHA256
73053668ab901c75b28871b73fc3dcfa73b4ba62e58a7291f6dfaf7ac889a4b8

SHA512
68559d828dfe931313b594066aec25443b58c3bac4aff6a7e2d8ca3217b1ad2beb2ccfc72d723f2010888227fed34aebade9bec7d2a159c32a3f622bdef77f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
60KB

MD5
2f9470e275b2b5c1226b079cbf1f4596

SHA1
b46cffcbbfaa01cfa0974adba63c12391c9f4614

SHA256
1ac8a0c80441165fdb9320fda5a6d22675b5e2842722a5ac852089c0d4e45ec7

SHA512
86954b47bf503461768323296f322f9bbc5cbab28a09918fd3b151af402b5861a920b3cafd826270031c2aaa10d07f5ab3cb0fba78abaee5b50b2bc30f919d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
10e46fa57f530fd5c2f54e67d298e115

SHA1
b9e517414c4bc33dfe78b8ab478964cc28dd74df

SHA256
21a2ae46167e776dcb77dd5850a1b35252b2a64327214bf8844e432f7545ce01

SHA512
c0ba233585cd013a86cdeb870ae7a8dc43bf7b1f99470f925c64bc77da5a9678ae9c00569d21c9db1cd17fb0ce43e62cd971aa271be680920dfcde8824e75d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
aade96e4e332d52471aa8d91369846d8

SHA1
9c475fb53d6c3c621e77daea0ad61276fe40ffc9

SHA256
1f110804fdd1ba9cbbced6c90e4054665836426959759edbe9c65ef6a39d40e2

SHA512
8304921d1f6c5dbec35f544592b4a91dfa2802804d38b25f761692ecfa575137d5a4bdd9cfbcc97fca05d8066ff6a6313c2d3d449edcad56b57dae538c989955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
memory/448-11-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/448-12-0x0000000002AB0000-0x0000000002D3D000-memory.dmp

Filesize
2.6MB

Download
memory/448-13-0x0000000000400000-0x000000000069A000-memory.dmp

Filesize
2.6MB

Download
memory/448-2-0x0000000002AB0000-0x0000000002D3D000-memory.dmp

Filesize
2.6MB

Download
memory/448-3-0x0000000000400000-0x000000000069A000-memory.dmp

Filesize
2.6MB

Download
memory/448-1-0x0000000002820000-0x0000000002AA8000-memory.dmp

Filesize
2.5MB

Download
memory/2020-8-0x00000000020D0000-0x000000000233B000-memory.dmp

Filesize
2.4MB

Download
memory/2020-9-0x0000000000C70000-0x0000000000C71000-memory.dmp

Filesize
4KB

Download
memory/4116-75-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/4116-112-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download