61a433daaaa4698cf96d4a78237d99556a3a7d22091f833f850f184b7bcea78a

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Size

683KB
MD5

d303b0321e658aab9c8594d4a9a47e30
SHA1

1d12fee4b6791451d2368155998c9229678f0741
SHA256

61a433daaaa4698cf96d4a78237d99556a3a7d22091f833f850f184b7bcea78a
SHA512

a32f2faa21cc76bb2ab77e2e82cb10294c185cdca013cc77ad6ee394d86ae01f1fc531fc7888bb10dcf52ee90f9d4b9ca934cf0b6ea495909bd30b580c3fd08b
SSDEEP

12288:G5TtW0xVQASIn+taO5cxJNSOZlInsF338u9+a7ZBpdNO/6JWrVJ:G5E0xCdIn+taO5cxPSOTwW3sNCcrVJ

Score

9^/10

adware credential_access discovery persistence spyware stealer upx

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023472-25.dat	acprotect
behavioral2/files/0x0007000000023476-103.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
1732	Dashlane.exe
4348	DashlanePlugin.exe

Loads dropped DLL 64 IoCs

pid	Process
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023472-25.dat	upx
behavioral2/memory/3160-86-0x0000000003820000-0x0000000003832000-memory.dmp	upx
behavioral2/memory/3160-107-0x0000000002390000-0x00000000023A2000-memory.dmp	upx
behavioral2/files/0x0007000000023476-103.dat	upx
behavioral2/memory/3160-93-0x0000000003820000-0x0000000003832000-memory.dmp	upx
behavioral2/memory/3160-30-0x0000000002390000-0x00000000023A2000-memory.dmp	upx
behavioral2/memory/3160-27-0x0000000002390000-0x00000000023A2000-memory.dmp	upx
behavioral2/memory/3160-178-0x0000000002390000-0x00000000023A2000-memory.dmp	upx
behavioral2/memory/3160-349-0x0000000003820000-0x0000000003832000-memory.dmp	upx
behavioral2/memory/3160-350-0x0000000003820000-0x0000000003832000-memory.dmp	upx
behavioral2/memory/3160-351-0x0000000003820000-0x0000000003832000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dashlane = "\"C:\\Users\\Admin\\AppData\\Roaming\\Dashlane\\Dashlane.exe\" autoLaunchAtStartup"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DashlanePlugin = "\"C:\\Users\\Admin\\AppData\\Roaming\\Dashlane\\DashlanePlugin.exe\" ws"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\ = "Dashlane BHO"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\NoExplorer = "1"	regsvr32.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Dashlane\Dashlane_launcher.exe	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 26 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DashlanePlugin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Dashlane.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Kills process with taskkill 20 IoCs

evasion

pid	Process
1804	taskkill.exe
3148	taskkill.exe
2184	taskkill.exe
4552	taskkill.exe
332	taskkill.exe
4876	taskkill.exe
2700	taskkill.exe
4292	taskkill.exe
1760	taskkill.exe
2492	taskkill.exe
1248	taskkill.exe
2448	taskkill.exe
4996	taskkill.exe
4628	taskkill.exe
4364	taskkill.exe
372	taskkill.exe
1064	taskkill.exe
3632	taskkill.exe
372	taskkill.exe
3488	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Dashlane	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Dashlane\InstallInformation\DashlaneLauncherInstallLocation = "C:\\Program Files (x86)\\Dashlane\\Dashlane_launcher.exe"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F05E0524-ED06-43A7-BB08-04FEF67C7D11}	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\CommandBar\CommandBarEnabled = "1"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FormSuggest Passwords = "no"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Dashlane"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F05E0524-ED06-43A7-BB08-04FEF67C7D11}\AppPath = "C:\\Program Files (x86)\\Dashlane"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FormSuggest PW Ask = "no"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FormSuggest Passwords = "no"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FormSuggest Use FormSuggest = "no"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\CommandBar	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Dashlane\InstallInformation	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}\Policy = "3"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F05E0524-ED06-43A7-BB08-04FEF67C7D11}\Policy = "3"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F05E0524-ED06-43A7-BB08-04FEF67C7D11}\AppName = "Dashlane_launcher.exe"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{669695BC-A811-4A9D-8CDF-BA8C795F261C} = "Dashlane Toolbar"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}\AppName = "Dashlane.exe"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Dashlane\InstallInformation\AnonymousInstallerId2 = "948009622889185236451011280"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Use FormSuggest = "no"	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Dashlane\InstallInformation\	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Dashlane\InstallInformation\	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FormSuggest PW Ask = "no"	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Dashlanei.dll\AppID = "{9F384869-F6AD-41E9-8BD2-CF54BE338D1E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KWIEButton	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B306D9-AFE7-4214-B21B-6A72B8899EAB}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7021CDB5-DDDA-462D-A71D-26DCAF16F068}\TypeLib\ = "{1909EB10-122A-4F75-ADC6-1183A9052286}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\ = "Dashlane BHO"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40354A83-504E-4611-ACAE-3D137F6F595E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B306D9-AFE7-4214-B21B-6A72B8899EAB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dashlane\shell\open	Dashlane.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{492BFE4F-5464-4AD2-9591-8A58E0130A57}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A690EAC-22C8-48AD-8BDB-2192D5EF5D28}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KWIEBar.KWIEBarBand\ = "Dashlane Toolbar"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ = "Dashlane Toolbar"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KwiftBHO.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KWIEButton\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3EFB921-6704-4934-8114-8AEAFB53EF8D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3EFB921-6704-4934-8114-8AEAFB53EF8D}\TypeLib\ = "{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7021CDB5-DDDA-462D-A71D-26DCAF16F068}\ = "IKWIEButton"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KWIEButton.1\CLSID\ = "{40354A83-504E-4611-ACAE-3D137F6F595E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}\TypeLib\ = "{1909EB10-122A-4F75-ADC6-1183A9052286}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\ProgID\ = "Kwift_plugin_IE.KwiftBHO.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KWIEButton.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3EFB921-6704-4934-8114-8AEAFB53EF8D}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dashlane\shell	Dashlane.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KWIEButton\ = "KWIEButton Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1909EB10-122A-4F75-ADC6-1183A9052286}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dashlane\URL Protocol	Dashlane.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{492BFE4F-5464-4AD2-9591-8A58E0130A57}\TypeLib\ = "{1909EB10-122A-4F75-ADC6-1183A9052286}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{492BFE4F-5464-4AD2-9591-8A58E0130A57}\ = "IKWIEMouseController"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B306D9-AFE7-4214-B21B-6A72B8899EAB}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7021CDB5-DDDA-462D-A71D-26DCAF16F068}\TypeLib\ = "{1909EB10-122A-4F75-ADC6-1183A9052286}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3EFB921-6704-4934-8114-8AEAFB53EF8D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1909EB10-122A-4F75-ADC6-1183A9052286}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{492BFE4F-5464-4AD2-9591-8A58E0130A57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{64B306D9-AFE7-4214-B21B-6A72B8899EAB}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{492BFE4F-5464-4AD2-9591-8A58E0130A57}\ = "IKWIEMouseController"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64B306D9-AFE7-4214-B21B-6A72B8899EAB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8ED3DCFF-13FD-4469-BAF8-3E3D572452B7}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KWIEButton.1\ = "KWIEButton Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40354A83-504E-4611-ACAE-3D137F6F595E}\ = "KWIEButton Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40354A83-504E-4611-ACAE-3D137F6F595E}\AppID = "{9F384869-F6AD-41E9-8BD2-CF54BE338D1E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7021CDB5-DDDA-462D-A71D-26DCAF16F068}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KWIEBar.KWIEBarBand\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\TypeLib\ = "{37686C62-D497-42E3-BAAB-78D89A74E151}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3EFB921-6704-4934-8114-8AEAFB53EF8D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KwiftBHO.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40354A83-504E-4611-ACAE-3D137F6F595E}\TypeLib\ = "{1909EB10-122A-4F75-ADC6-1183A9052286}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7021CDB5-DDDA-462D-A71D-26DCAF16F068}\TypeLib\Version = "1.0"	regsvr32.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1732	Dashlane.exe
4348	DashlanePlugin.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeDebugPrivilege	3148	taskkill.exe
Token: SeDebugPrivilege	3632	taskkill.exe
Token: SeDebugPrivilege	2448	taskkill.exe
Token: SeDebugPrivilege	4996	taskkill.exe
Token: SeDebugPrivilege	2184	taskkill.exe
Token: SeDebugPrivilege	372	taskkill.exe
Token: SeDebugPrivilege	4628	taskkill.exe
Token: SeDebugPrivilege	4364	taskkill.exe
Token: SeDebugPrivilege	4876	taskkill.exe
Token: SeDebugPrivilege	4292	taskkill.exe
Token: SeDebugPrivilege	1760	taskkill.exe
Token: SeDebugPrivilege	3488	taskkill.exe
Token: SeDebugPrivilege	332	taskkill.exe
Token: SeDebugPrivilege	4552	taskkill.exe
Token: SeDebugPrivilege	2492	taskkill.exe
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	1248	taskkill.exe
Token: SeDebugPrivilege	2700	taskkill.exe
Token: SeDebugPrivilege	372	taskkill.exe
Token: SeDebugPrivilege	1064	taskkill.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
1732	Dashlane.exe
4348	DashlanePlugin.exe
4348	DashlanePlugin.exe
4348	DashlanePlugin.exe
4348	DashlanePlugin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 2612	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	98
PID 3160 wrote to memory of 2612	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	98
PID 3160 wrote to memory of 2612	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	98
PID 3160 wrote to memory of 4896	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	99
PID 3160 wrote to memory of 4896	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	99
PID 3160 wrote to memory of 4896	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	99
PID 3160 wrote to memory of 3148	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	144
PID 3160 wrote to memory of 3148	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	144
PID 3160 wrote to memory of 3148	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	144
PID 3160 wrote to memory of 3632	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	102
PID 3160 wrote to memory of 3632	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	102
PID 3160 wrote to memory of 3632	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	102
PID 3160 wrote to memory of 2448	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	104
PID 3160 wrote to memory of 2448	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	104
PID 3160 wrote to memory of 2448	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	104
PID 3160 wrote to memory of 4996	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	106
PID 3160 wrote to memory of 4996	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	106
PID 3160 wrote to memory of 4996	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	106
PID 3160 wrote to memory of 2184	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	108
PID 3160 wrote to memory of 2184	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	108
PID 3160 wrote to memory of 2184	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	108
PID 3160 wrote to memory of 372	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	137
PID 3160 wrote to memory of 372	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	137
PID 3160 wrote to memory of 372	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	137
PID 3160 wrote to memory of 4628	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	112
PID 3160 wrote to memory of 4628	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	112
PID 3160 wrote to memory of 4628	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	112
PID 3160 wrote to memory of 4364	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	114
PID 3160 wrote to memory of 4364	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	114
PID 3160 wrote to memory of 4364	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	114
PID 3160 wrote to memory of 4876	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	116
PID 3160 wrote to memory of 4876	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	116
PID 3160 wrote to memory of 4876	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	116
PID 3160 wrote to memory of 4292	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	118
PID 3160 wrote to memory of 4292	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	118
PID 3160 wrote to memory of 4292	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	118
PID 3160 wrote to memory of 1760	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	120
PID 3160 wrote to memory of 1760	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	120
PID 3160 wrote to memory of 1760	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	120
PID 3160 wrote to memory of 3488	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	122
PID 3160 wrote to memory of 3488	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	122
PID 3160 wrote to memory of 3488	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	122
PID 3160 wrote to memory of 332	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	124
PID 3160 wrote to memory of 332	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	124
PID 3160 wrote to memory of 332	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	124
PID 3160 wrote to memory of 4552	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	127
PID 3160 wrote to memory of 4552	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	127
PID 3160 wrote to memory of 4552	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	127
PID 3160 wrote to memory of 2492	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	129
PID 3160 wrote to memory of 2492	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	129
PID 3160 wrote to memory of 2492	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	129
PID 3160 wrote to memory of 1804	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	131
PID 3160 wrote to memory of 1804	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	131
PID 3160 wrote to memory of 1804	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	131
PID 3160 wrote to memory of 1248	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	133
PID 3160 wrote to memory of 1248	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	133
PID 3160 wrote to memory of 1248	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	133
PID 3160 wrote to memory of 2700	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	135
PID 3160 wrote to memory of 2700	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	135
PID 3160 wrote to memory of 2700	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	135
PID 3160 wrote to memory of 372	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	137
PID 3160 wrote to memory of 372	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	137
PID 3160 wrote to memory of 372	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	137
PID 3160 wrote to memory of 1064	3160	d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe	139

C:\Users\Admin\AppData\Local\Temp\d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d303b0321e658aab9c8594d4a9a47e30_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Dashlane\ie\Dashlanei.dll"
  2⤵
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2612
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\Dashlane\ie\KWIEBar.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4896
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3148
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq Dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3632
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlaneplugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2448
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq DashlanePlugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4996
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2184
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq Dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:372
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlaneplugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4628
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq DashlanePlugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4364
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq Dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4876
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4292
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1760
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq Dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3488
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlaneplugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:332
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq DashlanePlugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2492
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq Dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1804
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlaneplugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1248
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq DashlanePlugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2700
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq DashlanePlugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:372
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /FI "IMAGENAME eq dashlaneplugin.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1064
- C:\Windows\SysWOW64\explorer.exe
  "explorer.exe" "C:\Users\Admin\AppData\Roaming\Dashlane\Dashlane.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1300

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4384
- C:\Users\Admin\AppData\Roaming\Dashlane\Dashlane.exe
  "C:\Users\Admin\AppData\Roaming\Dashlane\Dashlane.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1732
- - C:\Users\Admin\AppData\Roaming\Dashlane\DashlanePlugin.exe
    "C:\Users\Admin\AppData\Roaming\Dashlane\DashlanePlugin.exe " ws
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:4348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Dashlane\applicationData\Application\applicationSettings.aes

Filesize
548B

MD5
83c3dcc017c38b1f9bb06ea9d42fa8ff

SHA1
55696075df3fb0ebdd60fe06559129f11b3eb1da

SHA256
088f9e50bb97bfe3445b248aeebaa2c4cf4dcd273ec09d3962c6e892aa083226

SHA512
fdb01d06fd3b1377f7304703952eb5bf0f91406fec767fa87b4f51843dc5556988a8797ed0c1a9c0f8234112d284f5ec816e66224e62886bb37c1ae8f10fdeef

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\archive_dlls_8_0_0_.7z

Filesize
19.9MB

MD5
ae282cd106b9617838c31890d4b3d37c

SHA1
d66598c1f7231e5879371b5dd4d3499b1bfd82fc

SHA256
1506f5c827e50934d42c08700144c418e1c12a4bceb5782a1440bc16b02c110b

SHA512
4132c0551f195fbb0124e4e6476373c57e7366bddc9ba614a62eae78fddb505313985ee160fe03c458bd67cf161f64dcc16bb8f20ecd188d25211a970746c762

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\archive_full_8_0_0_.7z

Filesize
8.4MB

MD5
81ee80633017a45128f83489038edfa9

SHA1
61577fd28d2e33ebe0ba5aad62b229391897b02f

SHA256
b8be4042494283bcc417bc2feab39b3369dc3340f77b077b22acf97bf3b85973

SHA512
4846e6fac06d1c8818c287757e209fcbd06f5a6107206fd1c2869d392696946f764be219104fef3f6daec530a0267f3157edff733e5465a7d6d87685b3651575

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe

Filesize
467KB

MD5
493b00b45d661e001bf6eb388ea66a8d

SHA1
801457645cff1fb34a7649765607cc444df9d1de

SHA256
5e7c516e39f694605f44efddda582d549e0e4321b20269bc2273d68be3f32a74

SHA512
8417db372a786ae8e740db8c987eb83ad057929596f9211290c99695922cfb53e8fea8f6219a09704f0dab6b3143615bb5b9afb46b4f4b95fdea0355e05e4a40

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\DashlanePlugin.exe

Filesize
524KB

MD5
1803976258863141b1ef229da00de924

SHA1
dbe371ab31e7525e0dc0956018e0685ee65ff5ca

SHA256
8169417da2b12c9efdbe6efb94fb90aabdbc708d251bc7bb5ee70051123e2ca5

SHA512
cfb2404bac6c6ec193e7414d8b5e28a0de5cb70a6f20f226bf9130c9dffee61d46ebcc32419e6f995afed05973fa9bfdca58651919fe57010ab17aedc6f0d6e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\MainIco.ico

Filesize
176KB

MD5
5c73a5137e69562155a8e17a458c71f8

SHA1
684c6e58722149f7515c553aae87484ef5535bd3

SHA256
216e583f5d5c15288f4301b78c63a5fc31573aa1d1a5fc8b7cb075a1cc5caae6

SHA512
2c5f8ddc98a6f5c5bdf6bffd2f8458b2aeddb8f8ac09b744d968d71fb0c46f4877a473cdeb6769fd055984b75eadc400edb3a1bc41255342e3f1b95ec35d5721

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Microsoft.VC90.CRT.manifest

Filesize
1KB

MD5
587dbe91cf548669e8c8ec8f6d56ce47

SHA1
6fb31347347c7d8bacae4a4cb6b113c7648a2700

SHA256
0c838c4262f99f27495a7c2a1bf4ec8f482d1c9bc2493c3c19b9360f1a06b8eb

SHA512
f8fcb135a7c2d678fe7afc3f593987d5681b9ee868b18233f38bc863365649709b5105124d53cbb50e79574d3b9e5a2e31a9966f578f542cdc4e72223879d431

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\msvcm90.dll

Filesize
220KB

MD5
d34a527493f39af4491b3e909dc697ca

SHA1
afee32fcd9ce160680371357a072f58c5f790d48

SHA256
7a74da389fbd10a710c294c2e914dc6f18e05f028f07958a2fa53ac44f0e4b90

SHA512
0dabc5455eb02601d7c40a9c49b3ade750b1118934ef3785fb314fa313437bc02b243571aba25f1661a69dcea36838530c12762a2e6602d14a9b03770a82cca6

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\msvcp90.dll

Filesize
556KB

MD5
4c39358ebdd2ffcd9132a30e1ec31e16

SHA1
70ac82988285f9f7069faa9a0612aeba7fb001c4

SHA256
06918cf99ad26cd6cf106881c0d5bdb212dc0bac4549805c9f5906e3d03d152c

SHA512
eb5348d2f258767281fe954d45999bd6eb7af61411ea3a5c63fcdafc83e487cee51e1dfe2d86590243b21f6a135e0dd5116e66b0f22cf0937bd147e54a1df391

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\msvcr90.dll

Filesize
637KB

MD5
cdbe9690cf2b8409facad94fac9479c9

SHA1
4bcdfe2c1b354645314a4ce26b55b2b1a0212db9

SHA256
8e7fe1a1f3550c479ffd86a77bc9d10686d47f8727025bb891d8f4f0259354c8

SHA512
9c84ed9a66ce20a22e14fa00c1a0db716133f7b2450a3c0d20b1dcf74e030337c4c6a4953e40e10fc94706dc607236e773ba8999b21bd6e072ab24a487e8f942

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\locale\en\translations-pending.json

Filesize
235KB

MD5
6b18f189fd02a3cd2d038a6905e698db

SHA1
49d2b4fbdf078889bc086086f040944075e24403

SHA256
b07a35e78abc2bac8da601f8c35d1ecb2a75786d6657d1dac332da0756942106

SHA512
cf13a8cf2657516e9559c24ebe1337ebbd0fdca2ca4400c9aab5bef85d0d3fe5dc9624db70079c9344bcce269930a8d11916ce9975839dfeda5e2796ebdf5542

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\AppCards\IDs\editView\edit_list-driverlicence_default.png

Filesize
553B

MD5
9c15df6e494b649957a7c7160bfe4d8d

SHA1
aa927df3383a671679265d193c185138a113c332

SHA256
6d20cb224034653939fba8ddc9ee4b92f0ee19f0add419b7ca9bd06f8bf83708

SHA512
185c6e87096b585af850fc3e23ae6a04d66c2a96b163c88ddd5ecad596f946b6f610b2fb89e7b08f5be0272516438e9a4560fd6d72556f23283cf93ef7cfd0e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\AppCards\IDs\editView\[email protected]

Filesize
960B

MD5
c0a5ea981d75b188fba0fb5ede102e14

SHA1
052520606b65f404f4b0839cfb0f54bb8a1d5059

SHA256
7b631cb3fa732d8f1f8695b451462feaff97914d35660610380732d5c08022b4

SHA512
636ee96717407cc3d110bb06e8feaf1da0e6687e59226614c65d9edab5070c38fefbb23a9d38a4ae9f91320e15acb3e27bd16e8623b236c86d4f7d4e0b072ed9

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\AppCards\Payments\card_design_account.png

Filesize
715B

MD5
a7b927b1e95b9dfb3890347dbd98ec23

SHA1
79c68d0086b36d917d5b5f3aced3fa2198ddc47c

SHA256
6753ab0e657d13a96370e76accff4ca1c444e74e2f28a0470624b7e21c595c97

SHA512
1313f3813efc56b499d7260fa8c6a5a03c2c23af73941a0cd681f3a3f9342ba39975dc04fc14ad86dcdc52a6b511ac4bb26afe9db5666c394416df0ca426edfa

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\AppCards\Payments\card_design_folder_paypal.png

Filesize
716B

MD5
7b9324fef8a395af247a7be2da3d7e82

SHA1
5530b09a3fd4cfcb3e81ac351e8ed975e871e4c6

SHA256
9ad11e24f34315241357f1c44a892073eaf4826150bd2ce609faa882fe86e595

SHA512
ba8870a099c5ba048371134ed7f3b32872467007ed301c9314925fc76ac2423f40ca9d010768961d6e2f0bfe360b8a36a4a73b3f001f988f71afcc3ae9b8f7f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\AppCards\arrow_right.png

Filesize
1KB

MD5
defd55c50fd18457f22cb9107621ef6a

SHA1
ab6d2b2f0a82b97155f5b69ee09b46a621fcee19

SHA256
57346d086fcccdb024185a478f93644785ae695503775348681538a3fa8e44f6

SHA512
6d718838c9d998f0a5a2f5d9934aca5229993848a441c733d5b3e308d0158046147675bc68b5020e69584671e9e094450e1986e4956d78752d1fb82fee19b651

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWComboBox\Icons\flags\au.png

Filesize
673B

MD5
2fba49c88880e9ffcff947015cb7ab9c

SHA1
20361b7e4d3cf488c5e6330b6abdb1efcaa9e866

SHA256
a7f9683bc4240ef940ee3d4aaf127515add30d25b0b2179a6cdec23944635603

SHA512
6d826ac84a3ba2f845a1092c75a4416f170fca0e74122de5d031095942d51f2c1b53604589a8960a3d48319f3040361d9b66f1733de19a5fd2b18f07fe6a29ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWLineEdit\inputtext-disabled.png

Filesize
1KB

MD5
06ee16459ef06368e5a047e0576dc77e

SHA1
ca5d5eb62fce751a80c1bf79a4e9b1c54c24a6e7

SHA256
103b34b7b32a72a865f977c641e3a7224c91da99aa24f088117f0b4d4320e093

SHA512
b11c12cabe47260ac58d004025b5a08c9377d1cd6b3ffba9b9ec196d4d9b065ad445d89eea1bc6ff00f6d33a056c3e2856805fcb270c07240d37bf1c5adbe62b

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWLineEdit\inputtext-error.png

Filesize
1KB

MD5
ce2d2db973a80390d5bf34e3d6a7ddcb

SHA1
e23e9820b1471c385c13836eadfc0bfab1423a8e

SHA256
bd36f80f502318527baafa71e20baf3947e16781857d245323408fc15acaf6a6

SHA512
596317e660610705f279850bd90b3f3db48144d42d686075b702f5bca8ac05875a9570933556640e83bcedb55bdccb536a99d4b05b8206e6972430958e62edb9

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWLineEdit\inputtext.png

Filesize
1KB

MD5
cc4c37e520db2513abf06de66d8b2d06

SHA1
e0420d006d0555333c0e1ae8521457f139502e0a

SHA256
22cf20196eee738b8c480b3c8f5e439e819db741e03e93f02ad237a6ad9aed44

SHA512
3cc813786dd4a4fe6eafe9970702894113ac93597d73d0baf19ca799b9afb6ba6fe14188c955f446d4bff58598bbd8f2b5946557cff523dda7721cead8fbd830

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWLineEdit\searchLineEditClose.png

Filesize
339B

MD5
a1c78cad24eb6fe64450f832b6951a99

SHA1
fb83203ad32ea71be4f960bf1720af59ede0feba

SHA256
230f3585d90c95aab6ccc42e57f3cb35c5e683cbee2546f5f527f207469544cf

SHA512
4eddc5bb7318c7f8ff67fa337a829bc41e147656cbb409d9f5da036d5250f645a862324866b0f2511b2d627692c51143cf13eaf8a08984916908d0343fe21954

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\WindowTitleBar\close_dark_hover.png

Filesize
187B

MD5
c0a1dca47e39425489e5bad0f63116d2

SHA1
d505430a20d00ba55ec2f946ab7eca0c2229fc91

SHA256
99ea5f77d754f8d504ce227740c61913ef92cffee76b281323bfab865216b562

SHA512
75eb6a200f0140b86f58666d7c0dde04690323bf069c88d7285c13706fd3d7d9f8b1f4499c4113cef74256330c7491c27cfe3e8ecb6c0a22b4e86427582921df

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\WindowTitleBar\close_dark_pressed.png

Filesize
187B

MD5
5e63b92dbb682992f8f3dfe3375179ef

SHA1
6a2ca95fd9d8c49ffb6009c35d7de7572174a616

SHA256
47fab4f68ac8a4698c7ac13da3a43bc31b4678d9d7b0dbfe721ab482567d2d1d

SHA512
9eb6fa8f81bb3bd8c6981313df6877dcef7db4058a7f0802cedaa47634ef01a8f8d2dda8758993a9222e9d3e0fecc5afeee5bab6a0dfc5cf843007b105bec4b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\cancel.png

Filesize
1KB

MD5
07631b52133732c8a90eb5816075c447

SHA1
4df6b7a994e08564c9cc235413ba5329b9c3eb0e

SHA256
9280922ed73eb82cfaf820318fc4c284bf2ae9537292a4c612134cf7a2b0ec66

SHA512
a8226276793dfeeee9dba9def67e8cc2c07a012d0c6f9275ff639b1f1a7ece30f07897fa86192dd4a6b262503ecba1e7625beb5bc71c445006735437f813c8eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\edit.png

Filesize
1KB

MD5
fedfbc36322117f31d207e85496e5801

SHA1
6d774eee00d8b1fc6a3d3bb4ecc920ba93bf5101

SHA256
64b77d8ba73d2d7a4cf1254b6e66bd05c65720c8dd4f3630b919e937cf408eeb

SHA512
bc8b94d10921e5a68eb059a3f82e7c3ef4b8121dce3859bb034e85cbb000f36dd9f3f5864d7a3801590513e2f181fe66a4b53f1b145e8ad517e40620190b2219

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\infoicon_white.png

Filesize
422B

MD5
c8678fcf9ae396c3091a3c360daed8a3

SHA1
587a75420bef8247872d535d93b215ecb0772694

SHA256
460091897447a60c58f22fac359f5a6cd9f3409789e706c3c0c8c4393f6a3373

SHA512
a71ea57ac72ef6f1d740262d36b6d631c9238f2e8b6b0e580dd7ed689fdea4799eb8815fc236ef654037d778eaf2e1d1ac14811724543e7416f5047fa1dbb5f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\next.png

Filesize
205B

MD5
c7656ddee269f24796a768a77c60a225

SHA1
d09775f557560b9d7ae62b9656ccc25a2d16c001

SHA256
f7debd27b9f37d52f596e3b330c2df34b15ba85062f56ba6274a90986c3bd2ac

SHA512
5ad39853a387e5aaf10939ebedffc2f32d3118965b0ff51eef27dd584fc7f816f72dd41aea264374d2787cf93ef8a6e63ea95ec46d07621a5d01a227c0aead57

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\resend.png

Filesize
1KB

MD5
9caf383625ab2f1d0bbd98f0ebdcb7d4

SHA1
77e861ec39a557c5a08bff66f9c5333604887f35

SHA256
e782ee98731365eafb2578050b28d9883b3177e607e9d0d07b7340209b03b454

SHA512
4fe186c1974915364f4947cf2e5697bb4dff8975b2605703eef366de0f57e886de2fecedf85c199fbfd3dabce7bec24a9f2c335ee1ed1dd9f316225e4439c764

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\resend_pressed.png

Filesize
1KB

MD5
01cb5acdece276176d4cb86ef3f9645e

SHA1
4f3db317fffb99a11978424173e7de3f6d06baf4

SHA256
9390e502b6abdfde7cbeb5fb59d5b6bd867a56cab298cd65dc01478fa9c51cdb

SHA512
3742d7b1a54c3ca4661ded6fdfa9f9735adab1fca696c77a4908b327577ac0f5a0da640a765505840b7d5825ed9fa746e9bb3449548e94a03bc193621ae5bd6a

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWPushButton\Icons\share2.png

Filesize
1KB

MD5
2989db111bc947aee9b7ad7e87db8584

SHA1
1ff0b4f007ade1aadbc0c43e7fff0bd09f08f6f5

SHA256
3de3f494b4fa7dff145147ed4cad5ca39100beeba467ccd026ab0a2be85ca2e9

SHA512
30eb40095ff25dec60799956bdc3b408fc1f34905de8f34ac0b70c18a73395ac68d12a768297e30a6535f025b5ee98026970dcc06ec5dd95737b3a4ffe624303

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\GettingStartedLite\gs_info_black.png

Filesize
1KB

MD5
53456df7896c616a5368d566f2a7e509

SHA1
68b465b7eb1a2eed80707b42333129a21dd452cf

SHA256
731f4addcc01b1d7945e17d805b580843c8d93f49e6d09f46ff4240e82291f1e

SHA512
6ff34f362409a165eea197b42621c6c1056bd5d74b9edb9993184a49f305ef2985d4875dae4dc38f007e5e1a43424a0909284fa2da6e3880e8727f002c3f7aec

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\LoginView\U2F\listarrow_error.png

Filesize
695B

MD5
68589eb5cef67d8cf4c4ce091e7ee3aa

SHA1
a39fec791b24c06a577f4c3ebadc2f8cef312921

SHA256
3fb5c478922795d4fe0c34ab5e809d543820fe1a3cc7d9e008a0f48e5d1f7992

SHA512
a891bc2a5a83299cad0fbc6d05da6f8a98fe516c4f1845150d9771969aa1a094ab9c2a5dc5241f0de63879dabe4382cfdb06f2277a22987a6eb4ddfb3824c448

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\MainWindow\Services\arrow_down.png

Filesize
1KB

MD5
97232ed7a212dce45e8d999cf3d17b60

SHA1
196dfd1fbf03e4fa86a9dceb1cc01b66e3d1bcf7

SHA256
668a6f074a18876408e7048888880e05553192d7822c54572f447167c7fd4af3

SHA512
3dd7018a9d86b0340eaf2b6ded899dd1ae73adb662da9dd59c51859294600bf53a8088fd68ba9bf55124207af654fe30234e15b3729cedc241e19cfbad428792

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\NewResources\Popups\expiration_notice_15days.png

Filesize
38KB

MD5
9fb8ff65d183a43bfa7187929892290f

SHA1
10cdeda0883ebd76c61d8a0fa6520204e37a3ed8

SHA256
b59a8ff677c8561ffd62942562e289dd83ec0843c5bc3c5117e3e9adfdcb06d4

SHA512
a9c106aa530f4cf387badf97e9ba6e396498a22e4a94906d0add2d2f61fa75895a025c19ff0745ec72533b916b6afe5c401611ff6f8e242cb63d1e163308fffe

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\applicationIcon.png

Filesize
8KB

MD5
e362e33bf37b85be30ce1276032f6856

SHA1
3f9fe654308cbccdeda4462ea722a4a3bb5a97c9

SHA256
1576afa00aae665300774bb53a5db1bf49b7b089dfe6ec1e9ad7256fe65f8bbd

SHA512
4fff6da299d8b775d9ba342818d52a7235a571009b0bd60c6e52339768b534c976d1b476617b9c2708818cd78123ac1537f647a8f249d5c7394af6e5dd5c8865

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\mainWindow\Credentials\checked.png

Filesize
1KB

MD5
ea546f5c65407e021b31ac1183ffb89e

SHA1
e848b6b7fc64759b1d1a6168eb30f87bd1c2b558

SHA256
c5ffe390833d026cf73664ef6797714f6f3b2e375deec285bfe6c0cbafbe9522

SHA512
6b35d8b76cbe34460f15044347a685401fa95c4a02b835eaee5ada0b4266bcec0a05c12d1e25ba58c20c782019eae26ee94febcb3836a3f183b4677bebe7dfd6

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\mainWindow\Credentials\unchecked.png

Filesize
1KB

MD5
eec844cbc43ca55a8bc0121f667a8a8f

SHA1
b694377993ae1369d662e307f5ea0c0f01491a55

SHA256
0db6a844b80067cecddd2530636a0bd42d9a4cbf3760bc605dc99bd4d91099b0

SHA512
72c10485c50d0622ab43850861f4628d057a4bbec3955d0b121993fcf5cf3fa73c69991a955f94a1553c0270e6e18b34d5dcba9f6b3e651e6e320c9054e2b473

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\mainWindow\Credentials\unsafe_icon.png

Filesize
1KB

MD5
8c72a20f30a6dab9042249e974a5b944

SHA1
6601c3783af82345a8617728e3c0753d1eafe43c

SHA256
d03502bfe1835b33f1b3811115e2d7a9fc4dce6a2999c4e73003e023a4530f55

SHA512
1940ca3ddb46b7de8544314ee8816820ca580f87d48ed2fefb1e39d7dc910539842bba598e1f9534c7d87aa36b9a51527588ed708bb5069fcf5a99ddbcd0fcdf

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\mainWindow\SecuredNotes\green.png

Filesize
1KB

MD5
111088d6e4c277995b83c46cd9838b36

SHA1
4e3e5de5b0fc13de15ed5bef0c58ba6aa40f8234

SHA256
862282ed1fbf50e2e257e3e81f4f3fdf7c2effc6a5070d3c6d8c9ebcb787ae93

SHA512
56870ca2c7b81ed7553ea92e567e445a93e0a21586f979e61cab69d7d813411f68c4bc2eea747d015263b9c4352b33a3a674d7065f090f376b3483547e9db6c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\mainWindow\SecuredNotes\unlocked_small.png

Filesize
1KB

MD5
c68cdd15ee1d95d390ffad5bc2e547cc

SHA1
7b38d3ef87a4f2d0ffbfa95af8eb1533730d5239

SHA256
bd8a6a37a2effd7e09a37aa39ca97d3b1aa7ae404f86709f9bdb37299e1cfb75

SHA512
e5d44db53b5282c0de0e7bafa06815ff7409c2e2b9acdd418c5666a7f51f3538faf0f922d89ffaea8f5653e5e365e8cf7af5fa40fbe398d0d59bda4bbe2811a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\notifications\notifications_login_icon.png

Filesize
1KB

MD5
b1afbd0911732066b114a4a084e0f207

SHA1
1cf801e369d5bef4337037efc0e485b015dc8aa7

SHA256
6fb72ccfb07cf5c362bb49216c54d055f432c372a0a241f115f20c28ef71647e

SHA512
2451cc6db6ac4971d0cc60104db4ffede61d6c71d0a38bf5bae8fa2098d47de944d7fc3bea218a55f12819941d1456a613946cbe8f64ea0e26855a917e57d470

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\notifications\notifications_settings_icon.png

Filesize
1KB

MD5
c7bf6611010cb0bbae2a3d02ed27aff6

SHA1
e32ac979e7c8e303fe784f7bae640a4036263026

SHA256
6d412060ab079712059689b9bdf1ee99544e268070262305b780dd5cf14eb7b7

SHA512
5469ac94edd20abcefb20bacb401a276cbf6916930055caf1ff5f49ca38287eb4dcdcc16a76bdcbf8daadb0b9d98973105f655dfb21fd3c4a93f0a68037f5b49

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\passwordImportWindow\Chrome.png

Filesize
5KB

MD5
f592b80f5e0f070f75c24d4d5bd916db

SHA1
2d5e457faa0b049e33ef562d30bea4be247da21c

SHA256
60118b8e97d308995ef535ecf7daf0f9639d2a4f100f17daf4c1f516ca4d8d44

SHA512
238ca906e39c2f93633a82748d1ebaa1b428f26e6526f9ebdac5751094dc92bb13e9704dd15655641ac6f25a457829de8b1a7ea036fc0fd4fbd61c8cb21cbd58

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\passwordImportWindow\Firefox.png

Filesize
6KB

MD5
44927513d7eff5e62aae94be8dd0ae3f

SHA1
a2feb48f2c0de3f56c8ac4399b87d371617266e1

SHA256
8888a6ba40d57a778d354041635e5bddab1f30d02cc89d18aa88c3f931107ea2

SHA512
9355b2ee86613f5877d0dc17bce16ed3a3b1559f2081ee3e98f76efc2382720215134f19e41014c14b42790a57566bf7a47e048ccc0370f1929881bc894dd044

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\passwordImportWindow\Generic CSV File.png

Filesize
4KB

MD5
88859e0c0ce1200865929832b21121bf

SHA1
de9a7014e3f18b78a430b895363aff77a1c2e0a1

SHA256
26a2ff978601e88d42ef0fb94fe2df3e40301c62f0a8cc40ef454a8691ce73fa

SHA512
1fb24e147db1dc63caf14d8abffc6b49ae75b3297915c12912a9e0a2124a4f673e1bb52e37fafa1d26b6ef468db9b3887790942b08728e3b6112a506352befc0

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\passwordImportWindow\Internet Explorer.png

Filesize
6KB

MD5
69b4b3ba142228ef1f745a2811ec3720

SHA1
354604cb7d85b1de30bcbea7bdb55b9bb804d8ad

SHA256
d31f90c355725b81def80e983c915c7aafa59f40ee3185a151ff6b157fd10c7f

SHA512
a491ccbe633dcf20e19bf7bf76bd45c8461b82d4868bddae29b6e1586ce14b560c170ae0ebf795991836c4fc7faacbd5d2b285ed9a1ffa777c9de3c42245d287

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\searchIcons\FiscalStatementBackground_en.png

Filesize
3KB

MD5
1e1d7c51819ff84012f520e0a2655dc6

SHA1
4afa642ac18db2f1ed011a2d48fdb5355897f845

SHA256
11f6d0afe08eebb1ffe94fd3d1381de1d42327315984d9aa6e64ba735973c6bc

SHA512
d3fc576217c56ef7b54369785c988981bc6f7805c2746bab21a7cd397486405fc84c688f4c9ce59a24370ec7bf0821084844e1bce7a75f83ea37e2d184408552

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\searchIcons\IDCardBackground_en.png

Filesize
4KB

MD5
78844509745a31637ac91104dc4abfa6

SHA1
e716a02675075902acb2134f56040bf3fa4d87c5

SHA256
f0db82f479c1da9e4886b832074c5460f1c92dbb9e58ba815717d76444925bf8

SHA512
d115e2668b49f368213ca2840cd56b7b4adaf08c9208079e677b97491d0f0dcf495c83b0139edd76098924e01e10f56e180865a58bbc817ae019427ef2d2cada

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\application\searchIcons\payment.png

Filesize
2KB

MD5
07cdd40eea7bb0c886d1e95d43ce92f8

SHA1
b73b7e6b189c9a4c51025e828cc3bf35ddbeb469

SHA256
0bac95b978c07d61ad34758146d68db624b34ae41e324f6717e446bdc6d3b081

SHA512
cd41ac4216f1c071b7113d9688eb78da05e445c9e3fa3835dc62099359e01b6de526e6d7c59927abffdefc6454d9f8c7449032afcd2b090195a0bc1b7b1925ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\commun\warning_icon-orange.png

Filesize
1KB

MD5
1aba313818ccc746522a212aed699b37

SHA1
5c0c94145f9070da97c3e0eaccd4befea14e4e23

SHA256
b4580901afb6e4c93cece1cc15668693bdb3ba0693f418bbff191aaf38bdeba5

SHA512
1e07ca1bcb2452f8f4d772625fc096a7678168cc4016238221ad48387eb9f63924947f4720410d1c910d9d189d24d7b965bf3ab9cd77f97dcdac19dc1f9219c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.6.6.23032\ressources\default-passwords.png

Filesize
297B

MD5
2e8035bf559489b6cb27ea1ddd1e60fa

SHA1
206471d03d9acf46ca7d249a47e4538f2484c6c2

SHA256
64a1e55041cfd4192fc24951be619d41bfd2f98fc422800f5d695ff269fc97c4

SHA512
f300ad19f451c0eca3dc2f049e9246670e171ac6b7e1b3d950574f3ed6be1c9f681dc434cd79966a638d59a4c49eb774289635868e3de5a1b5145978b0140ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dashlaneInstallLog.txt

Filesize
2KB

MD5
65e712ffc6f53338ce1fb8a1d81433c9

SHA1
1aaa226bf786a4743c80c9ecd3a8be1411110a25

SHA256
f1c509384d9a380d6a25b4464e99b73027143ffb6ad1d89ed8f3318cee310fb4

SHA512
fdc80a2cf67d5b5fd38987520f12e889e7c63283d533c8b5584dc507b4e3e024ebe2e99e7ecee6fdfe2d078ed18d26236aa48a0e0ab84bfa5118700fe1feb9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dashlaneInstallLog.txt

Filesize
707B

MD5
65a501bbc7e8830bde1ab3079d713351

SHA1
b1e214e1e2d42d7499673b35d3f99ee15f5ecfdd

SHA256
e6c3e5e8db2a1d576b252aa7b69804309bb86214a8fbda1172b1c7e80b744ee1

SHA512
e70c2ff65e714e3dbaedaef9c37255b4a775f52d8f670d6757961aad15dcf6627357e49ccc00e3b53475d87c568fe28b4becca1b3e069fa975de7f9f0576a4d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\dashlaneInstallLog.txt

Filesize
3KB

MD5
8f47b4c9b5db796d8508a3442011ff56

SHA1
0318510fa2369c1d28009165e5b258de9bd5d8f8

SHA256
367d819adf1315f97079781a254f8c814bb8cd1c37c6695efb4690a3c635d070

SHA512
ab30cbafd5318271ab758a033fb0f0e2ba8051154a9646292dca3c483fbc6ada3ffd31aab5e143db3990a9dbd9e019310f557263a811f3d92d99ea5321b47c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\dashlaneInstallLog.txt

Filesize
4KB

MD5
6423147c2c48b1768855fff883d87754

SHA1
575f9ef02ea29a07d8a38cdf752bae0e5d763b8e

SHA256
17f2814b00f166271573b3f78c85e5dd3258084b745dc460a63efd6238204dc4

SHA512
3ac603f635fd8f5382d8356037bfb60ed3d3da804b30347637ae997e7b33f395641445f03de4c3a8e1974692be9472546a35e6d80d99f6d64171d6e183ee760b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dashlaneInstallLog.txt

Filesize
1KB

MD5
f0e158b5cf368de5f9eeec708bd9d2a8

SHA1
adfea8cb115863c939a67c903f6057b1777a709e

SHA256
ad7a28b9778fc19cf41129dbc700e2873356a0479746705922b3e302e2450928

SHA512
b28ff43208472f4551251e2f3e3d95ae46f3fa028b7162af42ae834bac15363f3b24ff564ddd37c977e26a42921fb510f752e26550d656d37c94862188e46af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\dashlaneRequest_7.0.4_2.txt

Filesize
20B

MD5
25dcccbf1db0d4bfaa67ffd829a1dc56

SHA1
aeaf62ba94a48a9a1c8b516b1af5fbc3190d142c

SHA256
02c045b5a38b1e9a01bf15ab6d48d526dc60a726bf041fe32d153b4ffd71e761

SHA512
752bc992a9da5dd810f99d3b4315f2dafb6a541771466152a4dfa3ad53e468e0207bdaf22aea26317c81cd80937c5dd5a6f1bb813da8ba0cd1f46c5adc98cfea

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwTmpSizes_0_0_.txt

Filesize
27B

MD5
a5403e6202ebac62aa15d2dda3295866

SHA1
2e52e4fe03157f023164275c82586e1d577b247f

SHA256
a674fea5c23ecd7be2c3c76444a4be3b5eba21a6436c936e060e13cbfa5c7e32

SHA512
02005e4c89a54e8fd9692dc6dd722a0ecff613d6ef676bec3390fccc3c139b6f1cc63050452db12f37b7c60915d91e00f43c6d251cc7ba42bf1d89de29baeb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\CheckInstalledKB_15-02-17_3_1.dll

Filesize
78KB

MD5
d2098d2c2d7d35c0d3c396ef6206b867

SHA1
10d7bcdf07c9b3fb784dc0d6a6983d6846422e9d

SHA256
92d2e4031540c2db9938f257e4c25fd61f3d8fce9397a6a7a83a6604a40c0c8c

SHA512
61a2b45382feaae5ac75f2a9a250d2c2098918c2f89f53eb0ecfedcb63f7db87b72d27ab3c3602e62f6ec7a8bddce287cd49fa74688eeb6387ca4cbdc796436f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\Processes_2015_02_11_2_2.dll

Filesize
56KB

MD5
0dc4361cc10bf4609baae53cca018a58

SHA1
b69e3ddb534f4ad10b6a532c9125b372ac73abc9

SHA256
d8d618d75d0c01c39bfc0827d1414c2aeed299cf541d3387322d0fd91bfd06a7

SHA512
1745d39ebcdb898fa752e2015356131e53bc064e79dad04c9b2917aa237088110291d8ca813e67ea71aa6c03614194a9c52285bfe7f18abe5c8b862b8520c293

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\System.dll

Filesize
11KB

MD5
b56556a129ab99dee768c15dd7fcfa2a

SHA1
3bacd77144ee06732fc0e595c7f1635382c9b6ba

SHA256
72830b70d5758a90713b4f0f5c7138a4fe5b78a82a25ede01d6adb5e55e96798

SHA512
8b5899f8c14bb2b5de0cc6e6a8b2bdfe6f6161f4cc80c9f01fa49155f3ac72022d3a27ec7a7cc0dff7b699974df688cff1cdc61496d04f21119c9a7b06e41511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\System_1.dll

Filesize
11KB

MD5
2ae993a2ffec0c137eb51c8832691bcb

SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1

SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\UserInfo_1.dll

Filesize
4KB

MD5
d1e37112390e6bcca8362788d61becf5

SHA1
d97888f0f69d34de202e7c68b8ff5b2c2fec4c5f

SHA256
77b40d42606d48f817b901f1e5abea114b4288b344b8c193bf3e3c52e469a926

SHA512
04121e5241ad14890095a6cf5e698979820fa97d911918b9b77f2064a713e20f4827f72c057d5da1789bc340d63f391872fe5dfbb79e6c33d3995f82c37fa51f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\UserMgr_2.dll

Filesize
55KB

MD5
74813d238f84d5c0f5328bd7ba79537a

SHA1
5aeecd94f0902bad1572fd2cceada9ad44af6725

SHA256
54a9ab4ac127d950ad293a71f5a496af3ab09b70aa73839fd0f1c9cbaf35f70e

SHA512
ac7fb85c6375bc3e0e76b535550b604cbad31e69696030314f34e41d3bb5c04411ec826c89885c30556649961d45061f501db6a37a23bb419e4f1e7cea34deff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\inetc_17-05-09_2.dll

Filesize
35KB

MD5
51843d1334d3d9e751622541bbc76131

SHA1
a900d1d1ce76187ebc5b743c08de7f77a6a2ce7e

SHA256
af1bc66bcf117b5ba88ed3be3676928eb527c98c50156405ddebe73db1f26e82

SHA512
db2326f56811efb67b2c1a7855a2fdf4145bdacaa1cc3bdadfc586eba4b39eaef4ea95ea4e67fe0d3659dc37ce74da7f18479b016bfa4b602649ef5b61f90a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\nsExec_2.dll

Filesize
6KB

MD5
b648c78981c02c434d6a04d4422a6198

SHA1
74d99eed1eae76c7f43454c01cdb7030e5772fc2

SHA256
3e3d516d4f28948a474704d5dc9907dbe39e3b3f98e7299f536337278c59c5c9

SHA512
219c88c0ef9fd6e3be34c56d8458443e695badd27861d74c486143306a94b8318e6593bf4da81421e88e4539b238557dd4fe1f5bedf3ecec59727917099e90d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\nsRandom_1.dll

Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\nsis7z_2.dll

Filesize
170KB

MD5
46e29660c591067e77276fa960625f57

SHA1
3c3206ec4415de4f09a2066a658fa12621e2ed74

SHA256
51f3274fcaf2ef42860f97bed95f407abc60ab31f81a42b38fb2ea1d9b0a434f

SHA512
ed7f9babcaa6244eb8f42350a522f75b5078b2854919e281215a4a4ef62ec4bb731a457f5da3a615419a575986eb96517a6c5238f65b2173138c7fd4ff122d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8ED4.tmp\version_1.dll

Filesize
6KB

MD5
ebc5bb904cdac1c67ada3fa733229966

SHA1
3c6abfa0ddef7f3289f38326077a5041389b15d2

SHA256
3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

SHA512
fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\archive_redist_8_0_0_.7z

Filesize
11.7MB

MD5
16392c287f970eea46ecfd7074518a55

SHA1
d9c191612d933dfc8a3ece2dfde09403af1d10c3

SHA256
8ed607798b06f44a973e3a820bc8498436aa30efdd4750fbe9a78e0aadc10652

SHA512
18870893a9fc9a518791ad9ff97c8903273cdc82af6fdaa2313e5f04277f9809a1e11085e1f56cf3b6e091c0a473cf9223b14e9f06ea375b3e67d01f45663892

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\bin\Dashlanei.dll

Filesize
936KB

MD5
4427843bcfbde307c56cf7db0a8ebda1

SHA1
78e1b10e248a439908649f59aec7296019bd8e93

SHA256
44edf55183d4b660fea934b27ac2a2aa568a0c6342787bb6183bb124eee41367

SHA512
19003211b891e544f4e2cc3454d34efd769455f78f7e837d57c2c7322b49e168e7cd1dbdde964e8c0d7e1280d75a23e1372c0572bb96dcd9ff2532223e03b698

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane_launcher.exe

Filesize
13KB

MD5
c6db6429d15b13ca926c34c08dd8d78c

SHA1
c9aa1130766801b37dfe751fe59ca65f414e4e53

SHA256
57fab69729b74dab3a345795fc1884452b878d0a68b18c57aa554867c5055621

SHA512
879ec1f2f0dd7110e9e7996634e13d3f326f29eb7b25ae06fd4b3c887811884a8416fbe817c2060b1a9fe106ea3553e502a2b404ca6426cbc894874c2f2199f1

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\bin\IEInstaller.bat

Filesize
157B

MD5
a65b5abc1d905ac98440bd05a382ecd8

SHA1
75dee2b1f3ce09d0b75ceff1e01c149474ac5719

SHA256
9905977128d7348155af549fa71fabf1c1665789f1ad008462079b3ef246d1c7

SHA512
715609f7eff21cac0720ee635b6228e4406455c25cf7922a16dca44b7288928e5fd8819727837006c25510484f551e7f9950ed4f5f4a2e04fa73a8859fb06a0b

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\bin\KWIEBar.dll

Filesize
132KB

MD5
c8a61df1696d96bcc89a8fd7ead90026

SHA1
873b276eaa1e88eb3ae7dda2575cd54f12e39d90

SHA256
4325a64ecd99c1542344e92f90d89626d13f49a93d1b32a0a264cf0ad0067ac8

SHA512
111df42829373700897b1915d8bed75ad018f45e0fc4e238222555f2d81404b20e27d16b340e93168c65a6f631f23468eddbb0c1ab361561042da20ebf4e7d6a

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\bin\x64\Dashlanei.dll

Filesize
371KB

MD5
bf7fb086f733b8fed1f5f8fc1433d195

SHA1
adc548076ffb65d75ff3954db896a12f430b6df0

SHA256
82de1213e10f86ce08837a95ab142c590d6c3cc5a12a17af7456be03b2d34025

SHA512
44bb116a130fa34665a6717d169c5232ae9fb9f82c0fa8ba21986cb2477aa9fde6a93028cf2b7615a7b31092d09d5498e54817b6e55ad76769e8abddb706565f

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\bin\x64\KWIEBar.dll

Filesize
159KB

MD5
86cb4aa35e3d5c72e0b59b07033ccb00

SHA1
60a9406a883f3612374cebbfc1fded366aac162a

SHA256
fb368df48380d61525f472d146ba5a1d4507b10d74e58b340739c5f1c7012697

SHA512
f6acdde7067d898226ec53db13610ee47e601ea738744d3a991e1129184b5a4e39ad1454d783564cbbd1192a67d777b6cfd032cadeef693c6f6b065a67845685

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\config\dashlaneconfig.json

Filesize
537B

MD5
a199d22e4371671cfe12b3c354f2f3c7

SHA1
21fb025a4e412ef390e53188abc63383b5f219cd

SHA256
6b3c1658795c00794906d64fdec14a1a66fffb8918ea30f2f9fc3ed0c405e7ca

SHA512
55efa075ed7a5e949ec95491cc996f9918947a53893adc91dcbb8717343dc0f5330757c43e24da7bbc7e082c1757c0f33bab65460e986bcd52edf3e883534d0e

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\procdump.exe

Filesize
503KB

MD5
6b8e0f1c220c29d16f86df4fe501c016

SHA1
f6b2ac3a5bcdd89d15348320323c14039a4139c0

SHA256
5bb9d3e420db31bb07be5aeec68625a48d40f7d2476c417e75e02e4dee161a6e

SHA512
7fefb76617fbb48360200957147fea610a6f11c0f53011517bf39132139882668a990cc731b800f98f692ed94d9d934254399f14cf4fc800299eb338ee0fb390

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWComboBox\Icons\flags\re.png

Filesize
545B

MD5
c1cf1874c3305e5663547a48f6ad2d8c

SHA1
0f67f12d76a0543772a3259a3b38935381349e01

SHA256
79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842

SHA512
c00e202e083f703e39cafbb86f3e3f6b330359906e3a6c7a6a78364d6adeb489f8b8ab1b2d6a1b8d9ef1a17702cfc8fc17219cf1aae3e5a7c18833f028037843

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GenericControls\KWComboBox\Icons\flags\sj.png

Filesize
512B

MD5
559ce5baaee373db8da150a5066c1062

SHA1
ee80e5f63c986d04f46bff10f639113c88107ced

SHA256
f8dc302371c809ebda3e9183c606264601f8dd851d2b1878fd25f0f6abe2988c

SHA512
c0ca7595cdd2dcef0385ccb1c0d15bb74accaea63b9531233bddf14c1791ffc9712dff660292706cfa269a975d29d7a189885cd09046ac6d8ed39a57ec9557ca

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GettingStarted\1password.png

Filesize
5KB

MD5
5ece6049b9bd46913ed316b2b994ca1d

SHA1
de74ebaaa4f593f014fa4c7ec7f44840d9d677a5

SHA256
94ab773b0818ec5f8cfb6d6c57286a91c6d6af47cde293eb0dbe4ee3c7032b22

SHA512
780cf546fa72e6a24efb76e826fb164b57756228fb20b2ba7af6ac671a0bfc404d6fd6615783b0914d060af128f1d8ce411fd79d0eb262193ba84de34af597ab

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GettingStarted\keepass.png

Filesize
5KB

MD5
ab671a220c3bda65b8c2325a026b29e3

SHA1
2f7bf7c08dabb6fcf0d7dccf5c39babc775704a9

SHA256
2c286dbfb45c85888e794336ca3551368166d107e79b41f74523bb2e012faa75

SHA512
c807a37d4436768f10fb087ce46e59f3704e5a7698934b5473af67d084b0a1c543f75b727ee8e4363fd0de1c8aa7eafac44f958b52a1b232d95be68a51a100c6

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GettingStarted\lastpass.png

Filesize
5KB

MD5
2caf189379df5bea478dd900242723e8

SHA1
2bc6cdaa32a4b47ec4d1ff730cb9fecf0d5f7740

SHA256
fbc509ec3618a4ce5cca338467c965060ad10b8d3256537e8afa1f0511a2b53f

SHA512
5d441f558ed384bddaa66b0c8e7775640b5b78c406bde42f17efdc2de51f9d7b53afbac0ffa4e9f4d9f16aad9effae4e2739e8c9a5fc42df63ef7a9ae7e759fd

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GettingStarted\passwordwallet.png

Filesize
5KB

MD5
9490d7db2e076b8355d17c9d3ec5e97d

SHA1
9b539d53033325ea7d9e17fd8edc395caa22656d

SHA256
e79ef61b48a76b814d75063919404c98a630a139369bc73b03ae5f824c57466e

SHA512
e62c4bfad950e70af7c51a93cf73cab4fbfd38c2228a8b9c5f2d65d8e91f28225bd07a23a38d8defc5ec6c7a91416d8605fbde57fc0a7965397fe0b725532595

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\GettingStarted\roboform.png

Filesize
5KB

MD5
072180c24522e4393b70053b901a3108

SHA1
2567420ec88b6975c7b7dd87cbe75aaaa11b65a7

SHA256
d95391b9f2a51e1dd9b4500cfe24e4f6efbd7901e4b457f1c4f514f8cbcf9e77

SHA512
071718bad06b0b938493825461300e4635fe3f01d1573218a31a8590e6c9acbf81606581a99ab68051b30cdac0b78464b1c81a3ccbdf9d29f8c58393ac4f4fe4

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\MainWindow\Services\Payments\paypal-grid-selected.png

Filesize
741B

MD5
c7c94271c8c1d6263e1b1e0947fe3c87

SHA1
dcfb60a919d5398ff3c98d291c656c875a73864e

SHA256
1d1a7af787b264a44cd8f517051b9bf922202cb5f37ab766e855e2e7b5c4746c

SHA512
c65481da4af9ef4a18844dcf14eaed14c7eeb1ace5b51d6d9e96188109d414647688282e1e4a41bfcfc783d1a2375ae9ce21fa5079b7ebb9cc19a85f66a6d945

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\4.6.6.23032\ressources\NewResources\Popups\passwordChangerSuccess.png

Filesize
3KB

MD5
5f469fa32e7e6c8353c989b53d3001b8

SHA1
663ea131bc9005eb06f7c028128c956832c872d7

SHA256
d53726c188b54bc269ae67fd846b1586ac108421cf851f623799116211163cde

SHA512
0eb43c85d213a8e71b00c12793904617e74953fa610de1186d424bb25d3e9b6ecfba622a175520f81051f903ae0b2cdf2a1712389ec65d1103422e4ff12a22dd

Download Submit
C:\Users\Admin\AppData\Roaming\Dashlane\dashlaneconfig_init2.json

Filesize
618B

MD5
baad19a3914c5da11fa6c861c262a99b

SHA1
4cf79118b79f8e486e4f27378453b3f635d9bada

SHA256
2718d5d52597b08ff58a0c3873679fa498c62fba4c03470a3db58e3f7e9e51ea

SHA512
5d6a6f6732ccece220ef353502905bdb07882c399068dd9b85f8d30a56a420822c5a57ba48f743175109a36a14145b4c5a7c701d216451748a46480e9bdba392

Download Submit
memory/1732-6712-0x000000006ECE0000-0x000000006F432000-memory.dmp

Filesize
7.3MB

Download
memory/2612-6368-0x000000006E300000-0x000000006F0F1000-memory.dmp

Filesize
13.9MB

Download
memory/3160-27-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-89-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-350-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-57-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-58-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-59-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-351-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-62-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-352-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-86-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-109-0x0000000003820000-0x000000000382C000-memory.dmp

Filesize
48KB

Download
memory/3160-107-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-105-0x0000000003820000-0x000000000382C000-memory.dmp

Filesize
48KB

Download
memory/3160-95-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-93-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-349-0x0000000003820000-0x0000000003832000-memory.dmp

Filesize
72KB

Download
memory/3160-6366-0x0000000005B70000-0x0000000005B8E000-memory.dmp

Filesize
120KB

Download
memory/3160-30-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-248-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-247-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-367-0x0000000003820000-0x000000000382C000-memory.dmp

Filesize
48KB

Download
memory/3160-368-0x0000000003820000-0x000000000382C000-memory.dmp

Filesize
48KB

Download
memory/3160-6431-0x0000000006230000-0x0000000006242000-memory.dmp

Filesize
72KB

Download
memory/3160-178-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-249-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-250-0x0000000002390000-0x00000000023A2000-memory.dmp

Filesize
72KB

Download
memory/3160-6737-0x00000000056E0000-0x00000000056F2000-memory.dmp

Filesize
72KB

Download
memory/3160-404-0x0000000005B70000-0x0000000005BA0000-memory.dmp

Filesize
192KB

Download
memory/3160-7022-0x0000000003820000-0x0000000003826000-memory.dmp

Filesize
24KB

Download
memory/4896-6370-0x000000006E6B0000-0x000000006F4A1000-memory.dmp

Filesize
13.9MB

Download