Analysis
-
max time kernel
275s -
max time network
278s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20-09-2024 19:55
Errors
General
-
Target
https://app.mediafire.com/4wqu980yyqesd
Malware Config
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Signatures
-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot x86 payload 1 IoCs
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Renames multiple (149) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request 5 IoCs
-
Downloads MZ/PE file
-
Drops startup file 1 IoCs
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 25 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 63 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 40 IoCs
-
Suspicious use of SetWindowsHookEx 44 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.mediafire.com/4wqu980yyqesd1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6592 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@14283⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f04⤵
- Blocklisted process makes network request
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 4883⤵
- Program crash
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7452 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8112 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\CryptoWall.exe"C:\Users\Admin\Downloads\CryptoWall.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\syswow64\explorer.exe"3⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\svchost.exe-k netsvcs4⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7796 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1691501234600731562,16181387447627651105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\RedBoot.exe"C:\Users\Admin\Downloads\RedBoot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\54128066\protect.exe"C:\Users\Admin\54128066\protect.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\54128066\assembler.exe"C:\Users\Admin\54128066\assembler.exe" -f bin "C:\Users\Admin\54128066\boot.asm" -o "C:\Users\Admin\54128066\boot.bin"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\54128066\overwrite.exe"C:\Users\Admin\54128066\overwrite.exe" "C:\Users\Admin\54128066\boot.bin"3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\FtLauncher.rar"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C981C4F453E97386A2FA853795953836 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=04EA7C1D69C8E45D06616C89987C9B8A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=04EA7C1D69C8E45D06616C89987C9B8A --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A19EFBE0579AC89F261500A21F78A4D --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8212E4B8B4A06668CFCDFFBA6CECEA32 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=591868B5BC111F23938A7EF59AF6A342 --mojo-platform-channel-handle=2380 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\FtLauncher.rar"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=690F9CBA2D28A01C62EAB4673A91E72C --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3BC60702F13156DA8B86E240185D95E6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3BC60702F13156DA8B86E240185D95E6 --renderer-client-id=2 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job /prefetch:13⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F42392F6E3DD4081D77925B14208F7A8 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C30AC2F2752D5EAFA6F23A8E2674433C --mojo-platform-channel-handle=1872 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DC92513683E895C6D26F6420047D0BF0 --mojo-platform-channel-handle=2504 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1428 -ip 14281⤵
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 1482⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2684 -ip 26841⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3908855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5442fc07744c868b8d4b583fdac1e4b9a
SHA17065c8073ab5b53f65afcc90b8a5ec7272d386f7
SHA25653494862b33a08ba3141160097a7a0df4d53384606666dbfb2eb117e9eb7c8f0
SHA5122bec66d1293aee05f35eb21c87dddd2db080a40d954301c016576fbea219b9d5baef38b7b5e69301f4f624c008e3f3572c969c3711cdac0eebf7c3c6d514d253
-
Filesize
292B
MD5c1dee29cb8fb2de171a14414ecca3822
SHA163aa3dd7a00c3d35bac6d69ef262b8611b3fbd0c
SHA256314dce781f41a097698f999f0ce785580b2d45aa761abca8c6c12d36547b09d1
SHA5126907f9df5e619393c1c2888f886131e94eef949305463cfe86ba432dba0e41e08c49248e6d638e3fecfb3f1a1a538cd63e1459b9462a77a595f688bb6fb31d21
-
Filesize
128KB
MD58a92c748811fa97a0782785d553a41fd
SHA191f9fcec97cbcb3b152bb1ef53d1166efc44987f
SHA256f95cd4ae28d5b9286f1de0dd7a0c50ecd59919506d34886f217152b557d76cfb
SHA5123b8b3201780e2c7a4973d5640b683e22d63d2a955da381282d8af37c1a5a035b28ccae33737664f94e2d552b3ee2eb5350b5f6505283cef9394df96a2b2fa261
-
Filesize
145KB
MD50ca92e00a9ce4375a3638046691b4bc9
SHA15a157e36bc4f2d9e92603360272114bdc0c05a6f
SHA256d4438f7c878c75f83cb468efcf7c34f76c7db8e04a90a40314785addf2227151
SHA512bf22570e1899f239c117a4e3bd1f46f6e656ee3615490c45157c8dfc18bc3021f6b7a75afba908c2c31850c4f5db7fb56e08059eeb36552720a7aa5d9f7c23c7
-
Filesize
39KB
MD5cc0ea204b4c89a14b3ff0032a53c73bf
SHA190c4293fc89e92470512e243092e104cf129826e
SHA2567042ba3310685865c5039816d883994114fe47bfb7e06950ba4e8fba68b24324
SHA512548bf0ce28da9bba5b7de64eb1f8663ef3c58efd75ed04c2ff00d76abc4b71475c473e3684e3441db7710b8e4fe99aff89ad4e0538558872a254339333813ecd
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
15KB
MD5d5688b64fbd4e51cc65101de680095e0
SHA1f3c1352f27a7702bd0b4332abb31fd4e899d6465
SHA25648cf64f379a506c61a7f5e66973827228f65dc9141d2081ce49c39ad39252de8
SHA5122ef70a66dbe361c215b08a70375517c886f1ef052290bd3a363f1325d9c3e94b27e2daae3631dee05936ded30e402fbc866baefd8d14fc8269f443262ed8b7c6
-
Filesize
71KB
MD5051fa1122c72eb291c1c4e2c60f45491
SHA146d1aa281764808c42c0d3edd3d01e8c242bd218
SHA256ad433435e1b9a6bb5b8ff819b66d251cb462a950f9f87b7f3447457f74895399
SHA512b747f9dadab4770f6915435d7125cae3533f26879cf8f85c6c7343b679d1897699c8b0cebaa1238fe15b229eefbaf023d86d8edcf8dc024354f58e6c5852a04c
-
Filesize
83KB
MD5edc172e6dbbb2b15dc5f4648103705d2
SHA192c0978a99dce39614a17d09cb295d4513567ded
SHA256d6de9aab4ace832fc13704780f9d7ee1507d5693e363ea0191913ff6736ccb05
SHA512d2ba03a80d2f52d38cbd414f38ccfc671824fd106be14a13550d9c3725ec55b0c32c028cd4c19b509843bd38cf52a727eae427577b6fe84255429af207ecc1e4
-
Filesize
21KB
MD5660c3b546f2a131de50b69b91f26c636
SHA170f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA5126be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2
-
Filesize
108KB
MD537047cef8a93360ca3afca551307201e
SHA1b751bcd6c02dd9d97582427edb366a2ebaf09e80
SHA2567ab98d805bdd53a3d2a2b7de1474e782adf6fa292aa733078cb723e35f0b0556
SHA512252890b3001fe9408472c78b7c17bcaebe036a495150d6bff26451132ca30e4e8440633a838d2587ca000d3c02e3e78c45ed75178b14d8f13dd7bd6577e13bd6
-
Filesize
62KB
MD56b04ab52540bdc8a646d6e42255a6c4b
SHA14cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA25633353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA5124f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730
-
Filesize
31KB
MD5c03ff64e7985603de96e7f84ec7dd438
SHA1dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA2560db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
2KB
MD559f9601a80e48be1cb4b88437e502dab
SHA19931b2e8ebd4acc298254af78a070c333c54e846
SHA2563f4323d5c086c1a66b2ab17326df5d48a7e017038a94e9dddde7a9ce772cd924
SHA512b7a9268db6eba62f7e7a5dc84e52e02382b833c4b79d2224c4974b7d720df9d3e8e299b0830fb5cd35810edc3a9997ee27f0415ac24980680ea36ebb06a79652
-
Filesize
3KB
MD5fc177520e00fa01580facc134de4f0e6
SHA19967586b4d69a34b8728b79d5f9e06618c349ad9
SHA256a131e9c747c845a90e205db92c995adda7973ee96bc31d58f45c1dabd67cc80e
SHA512f93efb7465b771554e58763685921bd4f75a555d76d445ced7355de03cc8e2489516e1bfe8feb1309936a88df3a7b3160e78579adc3ba9b80d183969f55bb79d
-
Filesize
2KB
MD512862a450d5a126932c5c079b7046d65
SHA1ac5f093fe5f504481802cdc74984e7a3c202c9a0
SHA25623f0ea6d68478d8a44df54df3de9b95d122c7dd694af178686a40cc8fdc14515
SHA512a6c4b6c6ee62074a9ebb0dabbf0265679bfea7aa0a8ae5773f6c217aa13eedaa45bd5d389c2123c9c34cf1a5095d0d3cbed629c787883b3b060827c3e641ef9b
-
Filesize
6KB
MD51147d7c28408847be804a4fc47d6ca9b
SHA165514f1a5c27f93f3e63f22a7df17a1fd4413fef
SHA256cd5ab6233c4d392987a99de41ba44da77445e41dff9b3a9068f9446318857972
SHA512c7b1dd9fe24f874fba77773094c4be5931cd20abc48365e9a684a05ac58e585ca7f1c0f97d42ca424623b83fb45f373a38f9f233c2b54f149ca2c805dd79057c
-
Filesize
11KB
MD558d45b3e7c92551fcb19b4551a453677
SHA126cc7e4a7bc67cd2d1fef49fd8f2bb31fb9a1fd4
SHA25618e3062618a1215d97965db664fb22bc1b050d597e534ebb629dec493d4a63ff
SHA51292637f812efa82b17f4f6bf21ebb54a2a4acfc91e9da1eec90aedcf3f24d0e8b1477483fa216890d9f4738ec2d95c0c8a2f996318fb436f2d392d659095b63bf
-
Filesize
12KB
MD54ddc4689fc27a1d4211d1cd96d849171
SHA19a81585d83f35a5da87969c8a76658d0230383e4
SHA25666ff60408393cc850977e6aaf7184fb8ba71e16c280a24e923cf0156bc5dd548
SHA512d3446abc2fdee54a70f5ebb36bc8f0947ee87c8b29e59d4a3af7395bba627225e245bf61958b9d374537ede3c96056de47e5d5e45124a1fa30928bd6ee5e71f7
-
Filesize
13KB
MD5ddb94fb82d3a663453dd86d511871804
SHA1ae817c730d3b4e05e8406beaaa5395f89f2edddd
SHA256c750e5eb6025e8bf089f13fe54f6c09f2b437788f5b0228cf470ad279c22329e
SHA51237da1abf19c3a3607842fea28f747f016f19e3a4edbcb46d8a19a66bc8c739c9715bc93ecc9f0b7780ab0a096420fd01f5b6ff2105f4045da4c21c075b0478cb
-
Filesize
14KB
MD5132b225a1903b8cde576c9786cf46beb
SHA1a73e9b2efe3053eef53c85842769aeb2c3a8cfb2
SHA2560913746721d4e8fb4b9308e626a185e7d9f79b1541e01b6b1c27396854489a72
SHA5121f4c58a03949cbcbe790fc9a0f4e4157ffe6c3c0b3ad63913ba1e4add9222bb295c8055cb563679593da654cb7fd66dace1a15c8986b9683cd07fd8fa4e27471
-
Filesize
14KB
MD539bdcf4c2c9e648154969caf6bc765ce
SHA13bd6b1935df4a38fc94eb6af33c3a08c76069b6a
SHA25682bdcff652f0b789da0612b78c5b563f91d2298e118d571b275b0776617ae5ce
SHA512cfa27e129caa0bc393eed9caf4b5b80546cea6a143fafecb41131f92f888b8eedff97a197e4390c159c2b28ec4be1e2f59f0f137655de4859aba1e9d9da88bbe
-
Filesize
15KB
MD56e2b6dd6918ef513e05862ad611c4bc8
SHA1107d82d0c3e1619d6a7bfed148c73855afbdb603
SHA256673fce123e58b39306dd29bf875d22be5dc95fde1b8d14e24ddde3711647c976
SHA512fc99c99513c70dbaff3b49b40cdaf324b619c5ec8ccb98d9d3d1bb0015a83dc1942f6852bfc009468133a792a24a13c5a574024c21f5956f006c583e5c875e3a
-
Filesize
15KB
MD5784511de78d3627e946b1cf992321387
SHA117f6769cf13dd1811bdcd345467d4bdc89581b77
SHA256570922c42adc5857552d86229772f6ffb09f2165fe4c51d3ef86bb44f4552765
SHA512763261224210a575143e9280e52f6b1f52be5365a3ca91b49345b6360073402353b891b4722f6df18b3b3549b2699c13269ce6eaec67a35762c70a62f7310292
-
Filesize
5KB
MD51a11fbac7296dcc904c254e77b70d322
SHA18decc16dfc3e7ce8da4036b4cbe7134f7602c402
SHA25679aa9c985bdf2e8db2bcccd930dd789567ed391f3627b2d24065052f1005ed70
SHA51242c9ea66fee0041619363d6aaa7fb24a1e8b175d0309987013cbcdb3d700598453ce17bbe5d0e77a91e3899d67d1eb6016356ff5f759fb7cdfb0981dea06d4d4
-
Filesize
8KB
MD596593d66a5af48096eabe9a3b948b85f
SHA13271df801d29f50e4f48d92dac76ca40a46ebac3
SHA25675a0059af20a35cb5a764a6b1622b0e693d521240df409756f9d8bdf9b63d8e1
SHA512dfb79454035ff3f797085cbf55ae7071cdd3082bc81c20bfa6a8053ad633faa5dd35a0b037ac41dbe4f18a1eeb1399bc55c0f9a6622945ea4640935f2bb9b4cf
-
Filesize
13KB
MD57463a65a669a77c3e3541e8213cd192a
SHA138dfd38c06658f118ed8f8c72a8c8445035b710a
SHA25666fe1d1c3d6ee80108f0f6b627254d2fb5115b3ba80482c0465a2967c46f12df
SHA5126de56c2f14d1dc512100569493ad0ac9c6977926b92c70b0ed91509769cebf0bd15ccb4807b3782855e79c2f6945f96705076c79726062b67cdb388dbffe221a
-
Filesize
15KB
MD5df497c4f7a54ef1dc320be219054b9f1
SHA1a0319cd2430012c68c3f4e8f00a0beb25cf0f756
SHA256dfe181442f942f3782357b944206e60f07b9e218b0f5da14b7c86d15fd1f69ea
SHA51244c89b65368f76bafa551d28f289109bf0b66d7e62d8ef1c5ac2a08a72fc276e7a60ac610f7c70aee2bd1254eb6695ec020b6a862bbbe59eb6c4aae9ba105713
-
Filesize
13KB
MD52c98b780dba19aed3bdf190abc7bd4a0
SHA12dfe8acbb47d31fd292df1c9b01c367994e0fc95
SHA256e9ec8849ab79b69b18b41632070c08b15a600417c91089c3590023fea424bf99
SHA512d2a1ece40d1e47b3b36654d68d899bc9bcfbe82712a40cfa713a2473e16a220cceefab06875bbff7c4b9417858c0032347fd30709d0fe0452ff13a00ed40ea0d
-
Filesize
15KB
MD5fa0475adef01b800eb836f384dec2e51
SHA16bffdbe4868d67da14340f1b4e5839e37fd29763
SHA256f22eae821c09df16190e9dfcd0ec2c8c470ce3051ef89fcaf77d251d854a99b8
SHA512bfb98b153220f2284be1a833cb045e4d95cd0252a77b080d4e7efcefa047fac4b83dd0afb62aca9fcb7ac42a7891ad5c2c5059a8532bb114cdf5477458e63b24
-
Filesize
5KB
MD5954612b51971e265e699dfb35af94335
SHA1d1a150e15d6164c077add1650ae3bc5996f47fe6
SHA256406fc716bcb1ec951fb2c3a67d1bdd8da641ee59a5d5f5eefad3b39aa6a4f8d5
SHA51218c77272b6f138aa69c960a797ef6a3f7dd68ac0df38d43b329fb539fbe1a8b8f5d8246012eba5f107b9a4a10924ea043ab531d4552864ad082da46cac78641f
-
Filesize
5KB
MD5aa62eca074ccb001ae84169c9422c6ee
SHA12890f8101414175765bb2fff67551b32738bdf2f
SHA2564fb4954d99a1cfc7f0e4c69aac87379db2daf743041556e7c7488448b424654f
SHA5125ab1ff35423cfff7507d3421a0a023ad1620225b51be125b496665cb9eeaf98d63eb85634eac87b2266cbb929edd29cbc1121843b9bbdc3cc328bd4ab0d477d3
-
Filesize
6KB
MD553100664d821d3056c93e580c54a0ef6
SHA149269eaa1a749159a1a5a02c0bab81adf7721837
SHA256e451aaecefc48fa63eb6f5a24e41ac68936d40897250ac1bcd63a297ad58c7ad
SHA512de4d5dba281e85cdacb95adfb292de9a1a4666e2f718368e46af5efa18b3b29b9aa33fa6834eb627b745cbee6ede3572b875761fefb48c963f1181b7e166f51a
-
Filesize
6KB
MD5d0a5c85695691629c7eb49cdb3e54144
SHA1c7cdd59707545401149c96472ef1d5e89c8ca3a9
SHA25612fdcdfa086d7942cc96552829e775cd0c531ee2a8d656f304cc1f2b36010a28
SHA5121b81061b2239edf3ea178518f8b4c0875105540b058363cb747874ec8ec5fa51b8aa5a3dcbe6d6374cd0adec1ee8068d7689b34c585d25198516bf998a6ad7d1
-
Filesize
6KB
MD5c317159ac85ae242316dcc730d776bd5
SHA1c9187228ca2ed2bfe349fe11c571bed4f2d30164
SHA256ed25888e5c3108ab1db5271c8a1dcd3f4e87421fa88093d6b7cd1ab4a3ca9f02
SHA512445dcd29f92684b1906330edce97f22a9fcfe4a444fd998a65712ee02e9679f30fb862f28a6a207d571692a072232b8a8e84a0205368d49a70ef1a6b718c8d30
-
Filesize
6KB
MD5ecdc018332be498e9e49a676aea1f433
SHA11d53350a48939897b2a3445980ce5ab323cd1dcb
SHA256ff0206754a5e5bb17f60427003378c4ed6f8bafa4967a48c96c45038c71b8ca0
SHA512433dd2004c0c7db314e86bf66703e4ef9684637688ae0dcfc0398848572df825d80748b125924971050d1ea4b42b1adf6f373b89327c9635128c940febdb3c1c
-
Filesize
6KB
MD51ecc7d92c5a81bcd9672cbb976694f41
SHA1fd18d6cf22001dc77ceccb907ddfa76833f0e0da
SHA256bc3b6112be4023c22201af07447d856f7fb1f7d12ebddce90bf20d3fb0e7b2a7
SHA512d9dcf9ccb4171d6c48bf46e147e109643bd64d4f4ffbc6c6c0e9f0b7c8c28d0d22f4695de96c7ee00245b3daacd3dd0316ed956fefa7083b92a2f877b92ffba9
-
Filesize
4KB
MD567c8ef55d41d99f4c78c319cd5ba1c84
SHA17b0a19ffefb25b3d1ccba10668b72270bfe770cb
SHA2568c9cb00139feb9cae650abec40ddba39faabe3d00fc02d755552099d2ed1faf8
SHA512247f9452f305324542c301d57c0fcb6c199d4e67b7bef8a5ec7028219e0ffad1001dc094aea644a9536922ee2bfda3538ba8d2c611707a67b3d4d51c6bd2781f
-
Filesize
6KB
MD51471c4f093b2c963aeac450458de9bf2
SHA1fa033cbdc93a304ceaa2f2aa381ef7b22dc46dc9
SHA256ddbb7b979b4ab1aad7b3654bfdb16cfcf7fefeb69b22e0dc47e94dfb9df0c94f
SHA5129008e073e8e66963f77bc504eb712ad7cab404fb9f4f8edb499e1bb45179849f8050a287c399fb8ea79eb771a5f6bb9785dbd5c80b8c77be7125dd69f89515c8
-
Filesize
4KB
MD5537ce380d54a25ceb8ab5e53e690bf3b
SHA13f9ce36996e0abe8e2817ecc8eae53a2ce833d1f
SHA256fe341571c0135df79f2fd4da3f97446e4927a4c2b3d6540bc2161ddf77071f41
SHA51240186f376fc3db44f87640a535b6ce199ebfb8d016db749cc25a3a5855a4db9218e01b044c6cef5cd0eb54105dfe4ad36d2bf35f9b6a77f30ae2850ab9d0073a
-
Filesize
6KB
MD5a09b09627edb5367fdbb6e941df39ab3
SHA1a89a5fa9b8118dbe3e93b1cc89aaa44a44cf7c2c
SHA2566657039632a18d34b91064282f2d6248882f42e184d74b3a630a1946b47eceab
SHA512d98eb415685d63a7155def0877a0e210fff4e51af507ff54daa9f21b6c545f051e9e528227bf170a550566bab3bd22fe9b533d6522adc812058a6dfa26501323
-
Filesize
704B
MD54375708a723025502550665cbbf5b2d9
SHA1c33538349d58cb51ca949bfb1e5c975d804322d7
SHA2567fd281c462ee257b2b933dba6628f1a62c5ce3d1a03883e9457c7875380245e0
SHA51240dccafb2587ddb80bbfbfdf25d0be10b5e1294ff54c9a03f991176dd542fc08280908bdb342981e9585fe64c7e51369fa2c1e2171b747eff28224d5ed47e2a7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5becae255250c3d51d95ef4e53806a6ca
SHA16bbe278a11bdda1bdbb9421886304e849dda1bed
SHA256b5bb6c120811f7bbd7679c1fb4c320b5595553d899fd0b01b3ddaf4fbef7da6f
SHA512a4c9d8f8af63dfd5cc92309fbe5eec8d7854fff00c6bfa2de6c5079f6c526e860f9c0cbb03f0fc01efe81de56575a84942e23c825f3790516b31aab9e9107058
-
Filesize
10KB
MD5a857c0f1be0a142c70f990c14a00b976
SHA196df16692933ab296e64375528064655cf50cf6c
SHA2563ebd1b8e4de55cb266c5059e4ced1151b797833b3565b462f76fedbc1e56aa72
SHA512428ab8fd76e1e8a9968ac9933ba851064a15c53c3e5b4906995d7e85ba0cd022da184525035ff129eb2e1aeee26926309b2998c81f20fe1b68d9c2d6e78337a9
-
Filesize
11KB
MD53f931258f6324c4fd8c7a35477f087ca
SHA18597c90b821615c82a4193a6d822067fdc88d1cb
SHA25693a5514d8a4d7c1143d078bfdf0fcc09f096b2888d0dd84f47a551c82e30d631
SHA5126e24a1e57314a81a04160302391a94f167f28260122f5d6e099c0942eb181cb53ac3b3d2ac9017a065f0436a95661956677a461b984e959c8a31672c191db4b2
-
Filesize
10KB
MD52e226eeb749013f322ed67b60ed194e3
SHA10209264137434dada06cebf48245a1f3f01235df
SHA25684058fdb7afaa33e48bc6fe2e96c82553172979e705b64054fe4b80b668ff95a
SHA5129ce3ff32b69739206de736064dab157745005fada3f4b8287be886bb1792feca417b0e66359f49dd36124b73896c7266c6f68bc1e51c9c8d6fa854476ef2c746
-
Filesize
11KB
MD5436f763e6debf42697032cd56682abd0
SHA1cf458a3673968d829cb03b3e6b9d6ebd720d4af5
SHA2567711ce266bb712c8ccaa3bc8f1b5a4e1c1af1fcfb2063ffe4bfc1e394416c138
SHA51201631578e649076c3c561462694b8fd5f2d3e2e350990d65af68049318972c4405356be156390a2a5524be74c10d168b5ab690745883d53dcdfc91a751497234
-
Filesize
11KB
MD508d5e8448f0eda482be9ed7e38f489bc
SHA18bffcb3833c7f5d74148003bd9dfe1e751edfae1
SHA256c911cf72bdc9df71e691841a70d50dcd32179d57e10bceb9876d3e422aba815e
SHA512cae3d8e939a2f2daf5988db0243515787ef4361d3bc7969a91adf4307fe1c09486077d1f613a6da05cee66df3836f228e5862e623ba4bc23f7db3ceb75cf9c32
-
Filesize
10KB
MD5663619ddeea04ef01b1d9a22d464e9b1
SHA1f3c3ef1ec8217412d405bbd030761765646eaa37
SHA25601914fc4ab92b0575f5a46278f831a20410854f432653ac36358aa2945557e04
SHA51206e3c612882a9a370613e9b8bc2f939933bcd2caa2504816984e64c0c4180b6773aab004486bf0f5b3d6acdf1c4721bd03f542587dc3a5060b2aa3977ddd2ef7
-
Filesize
23KB
MD5c32f700916f15c4926b54ce66f8d54f6
SHA1a7b2df360ee03d10d708c1350045bde17bdb4aea
SHA2567e216be2af134173765aeaffe3872bb09c98daccfbdb5dec2d469ffa6a1f74a2
SHA51200c41031b6d9fd05bba4e5f8ce3132130275a51f001c1c4773fb0414eaa583606fac7f0cb2dbef7dda50d5685c9d0e44158ecd3f69fb2d1484f006cae66713e2
-
Filesize
2.4MB
MD57e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1fc500153dba682e53776bef53123086f00c0e041
SHA256abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA5120318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24
-
Filesize
368KB
MD56fac9e154225c8984b1546c6a4629d27
SHA13e0c4deeb6e7b13498038ff1312c6a3f96e23f24
SHA2568411c4a330b8ebdfefc3ef87066369d67022607571490c6a54d6c848525aadc8
SHA512ac00e2bf243c67dea784168b4c8c2ae9c65f05af90f180a908064005169db09bca29e00c04b2d7639e10aea4cdd7d4fce9f6c2d6c326a1b8409c432321e3ad68
-
Filesize
2.7MB
MD548d8f7bbb500af66baa765279ce58045
SHA12cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd
-
Filesize
1.2MB
MD5e0340f456f76993fc047bc715dfdae6a
SHA1d47f6f7e553c4bc44a2fe88c2054de901390b2d7
SHA2561001a8c7f33185217e6e1bdbb8dba9780d475da944684fb4bf1fc04809525887
SHA512cac10c675d81630eefca49b2ac4cc83f3eb29115ee28a560db4d6c33f70bf24980e48bb48ce20375349736e3e6b23a1ca504b9367917328853fffc5539626bbc
-
Filesize
132KB
MD5919034c8efb9678f96b47a20fa6199f2
SHA1747070c74d0400cffeb28fbea17b64297f14cfbd
SHA256e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734
SHA512745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
6.7MB
-
Filesize
6.7MB
-
Filesize
2.4MB
-
Filesize
2.4MB
-
Filesize
2.4MB
-
Filesize
148KB
-
Filesize
148KB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
620KB
-
Filesize
148KB
-
Filesize
148KB
-
Filesize
248KB