danabot | hxxps://github[.]com/skerkour/black-hat-rust

Analysis

max time kernel
281s
max time network
281s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/skerkour/black-hat-rust

Score

10^/10

danabot banker botnet discovery evasion ransomware trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x0008000000023d1c-1034.dat	family_danabot

Blocklisted process makes network request 5 IoCs

flow	pid	Process
115	2088	rundll32.exe
130	2088	rundll32.exe
186	2088	rundll32.exe
188	2088	rundll32.exe
204	2088	rundll32.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4784	DanaBot.exe
3440	$uckyLocker.exe
4572	$uckyLocker.exe

Loads dropped DLL 3 IoCs

pid	Process
2224	regsvr32.exe
2088	rundll32.exe
2088	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
35	raw.githubusercontent.com
79	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2900	4784	WerFault.exe	133

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765540613566495"	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 673428.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 808676.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1100	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe
3516	msedge.exe
3516	msedge.exe
3844	identity_helper.exe
3844	identity_helper.exe
1964	msedge.exe
1964	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
4992	msedge.exe
4992	msedge.exe
4812	msedge.exe
4812	msedge.exe
2316	chrome.exe
2316	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1100	POWERPNT.EXE
1100	POWERPNT.EXE
1100	POWERPNT.EXE
1100	POWERPNT.EXE
1100	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 2868	3516	msedge.exe	83
PID 3516 wrote to memory of 2868	3516	msedge.exe	83
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 4460	3516	msedge.exe	85
PID 3516 wrote to memory of 2876	3516	msedge.exe	86
PID 3516 wrote to memory of 2876	3516	msedge.exe	86
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87
PID 3516 wrote to memory of 3096	3516	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/skerkour/black-hat-rust
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4784
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@4784
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2224
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 464
    3⤵
    - Program crash
    PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:3440
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4784 -ip 4784
1⤵
PID:4288

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Desktop\StopNew.potx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0x11c,0x120,0x98,0x124,0x7ffbf03fcc40,0x7ffbf03fcc4c,0x7ffbf03fcc58
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3440,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4660,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3584,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:5556

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1767e6ff7415f8ea5eb0750b38d0b96a

SHA1
c6c51e4d76818030917efb47427d26452acc9a23

SHA256
7b727339b6068e6bb6605e86a313e81d74a4817d39d94a3dbce056ae47bda7df

SHA512
c6f95c47a21c882b696c5b7f152079fed2a0dc688be962041701572df9ae93b21765ba52b719af237ab09005abeb22620a48d2fbedf4a2c95b0b8ceaf9b45203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8117f1a74efef36ec0b05b55b966986a

SHA1
4d5ece8e9f4dedd0b362339fcfca51e5688bb4bf

SHA256
867bb739f2bf2ccaeba0b02c3c6f52cc29f3f4b3a818e962042e8a5d6efe0547

SHA512
1d6a553aa9556c2bdcb6cbb877ed2ce89d02014dc6b505289bfa976ca970d0b4f02f56a2c88350db762697a3bde1d274277a0115057c0cacad85a37a9b1fc2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f67d883a57baca39cdd732477604dd1a

SHA1
03d321180376288176ff1ece625be590c009f8b0

SHA256
6d72a6d847d1659a2cec926e189fb25e6054bd95bed99a2196843976bfd01b87

SHA512
50ee19210695a2558a36a767d0ce17bbf42ae4a3c8accc1e2ca0b325492fdbb32637b4b430a6929a2c85e3d2406d32f2764bc2b6db2b2d3585f734e1d2bc9f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e3bf2bfbb28df11650a5f62bc1517f8

SHA1
b689bf0d591362cad988c8d04b6c1b15596cb663

SHA256
2a667f9f047ea8db82c24a53e6f9227a8359df3c7ea731aa5133255ce7054c15

SHA512
124f8acffe33ee2047956108bcbd683210bccc18e76639ce696f4a96804f8e1047cbc32755d538ef14502ceb08e2a6a475703a7b0e44f99d52a25d71384fe755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a12d4a986082832c3fe549c799447a42

SHA1
68732cd50b1e0ba1b27386efa2adc2722d882cd8

SHA256
5e18b9061283e70e28cc8b3a06a818e6e07e22bd75e08d72dc468b06b4e53d63

SHA512
145498e4f3989df75979d745233237a0934a20f2f2565a07a9de9401af0fd85bcc2643f332171eb2afe97efe69bc4c8aaeed0f7d6a3e35cb5b600aa4bafb5437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ad16d0ab4e3999ec402b9b9589c7fdb9

SHA1
e09c911e7262619cf4031481febbcba499022176

SHA256
26945d26745509abfd5e1e2270ea73b8092e0fb0a833db2c20d652bb89cd5755

SHA512
9d437dc4f3425ff50d9c226d7524ea9422f887b48d44bc5e6596bd571026f61faaf23865645de10f25576d190ee5607b73120d8c4a873c145071a48f50229f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7831826c-7521-4202-af59-0624ab09c541.tmp

Filesize
496B

MD5
fa20ec95c18bb7da9683c8cd0c284bae

SHA1
d450bef7a631798b3ba92838956f04266fda9beb

SHA256
fce9682560b24b578cbc91706f0df426a3f274239191f55ec578b386e6a42738

SHA512
44a8337fa2a8300d38965074807a4555b6f348681cad05074d53ce5e060d1efcbe698965a74ebb7a7b2827cd6ae30aac6ac9009d3174800835c04580ced55e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
677b5f16743b7946786c0c54b18736a1

SHA1
c67b69b3eb442767e13ae2d3ace2f9b9003ca47a

SHA256
112c220934402426039009e7bd1cec6eb97dd6c13c4b3715dcad84b0d9f8c4dc

SHA512
04ef2dd240158d61285aeca7ab9d39a37fa2fd5a73e5d3ad46defecaced08d6793f943d4959a841f2303c405e0a0ddc0a0760eee40513e8129f21ea5f10a8a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b485f6234afedb00c6573e99ebabfa9e

SHA1
219840820e1721227d9ca5173c28236e9e3a559f

SHA256
ffedf4a52df9cd9cc8a81d59588daa262eb675772de37141a52ad62a3594d322

SHA512
aa19c0aa5643f802f88668ff03ae64940a4d45b5aae43577db4d38076f1d42ce3b889f23f6f9058263b5d64361bc5cd3b4b4c0ba22fbc4b3859b7a97e4399c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
945B

MD5
ad8c5892918ad1fc17f10291d770eb5e

SHA1
fc721d8538b7050481a9786a909d215afe07543a

SHA256
a855cc1765b5fe8a0c88e6d373863c965f48ffd8e625eec8a8d808150279f74d

SHA512
2e402a375ccb8e75a27d7ee6a5c738bb3029e5c7a70b0a976d0e773bdcab3e530f9f8eb2c418e359b80fbe31ddbdb07d75320915a4460cc895074e9a2e81e370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43bea1016dd64ac1aa01e9be0b26e6b6

SHA1
685a19ab137d1e744b1853bef1eb9ecb40bdf5dc

SHA256
fc4bb4566ba6b5456ca8ea5b624563c03b98b8114e1bbc892dd17959fbf3ca58

SHA512
7bf0ec51b328a76516a3d6510ef1a1e1217e5affca2b71435d1870fee6b44ebae1d8dff5840a70ca15359c611e536ab6767495558d3931febcbf265f28752ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ddab37ec0c02e5b4a40b4a04a3186e1

SHA1
6d47406e04f5d67e835ca326b2ec349fe563b6c1

SHA256
9e3859a8a5cf26f4d5453a90c2b8dbd119eb66afa9645f0e571153a55ffa3ad1

SHA512
2f7096a385f6f79a17d35265bd2f6ef7b841f2d98c2eab386c89fa595cf1656d340ee429a04a7a011a48ac69f56480536dbd83b148e520c76d4b01bd4190454c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93cfcb4019b6a7e419119657f26dd4b9

SHA1
c9937d9f8663b69b88f78dc70cc5a3bfa21331eb

SHA256
9e96e54b8872361661b8b6e3e8e0ec73e72a0ddfe880e32f6d5520acd38724c2

SHA512
97f0267e72f867ed3e4011c2c1f8794ac0d0aa2680aa3a5b281ff1bedad952036483b6f9259c0d7dc80bc558a3601c577a39eff507e59ec796fdd29eee44353b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdf982d87407ebf96a6aab4c0fc53424

SHA1
5fcd395897d3cf11efcac03b27b7d6252d963c10

SHA256
d5aff4fb55a5002b1280b4941642a86543a50a9350c3ff9df0f9181e00324445

SHA512
61df62a0f5111854613c5f77604c37518a7f40f0a0f39fff31dfce9d67457883938bd2c8147be5e8b9f5027198acd4b6e9a29e3f644e5bd68ec960c3f2aea09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5225fa02dd6ad3d3f5259967155e8db1

SHA1
aa62ffdd06bf6b30fa1a341894590f2f63282e63

SHA256
d1c60e9c10079347dc3707885717ba69455802bed9bcf5de0e6c94c510fa9ec2

SHA512
4bc870f3fa35581ddf03f5cc7ba8a702de2b07f673796db9ab9ef7060f95ad4111f9e3b7cf688d5e62f39881faa93025cbe993aa4a2edd70b849ae72a5fe0eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da966d88340b383efb4ed179a797b44a

SHA1
f75d03afd75efaa36d579e26b505f89f448e1463

SHA256
9831a2af97fb99c02ddd1cd2e3cc421a7bdd4da0d6b24e6456cfb6b7f94d293e

SHA512
133b88ee3e097350af509faaa41fffa509f98d15cd4380a28b3ef216230194b23c0d23ae24346afcc82e3f13ed30cb9e8995ce7eb78e4466dc19753e985b6edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49cb9fca6d226b28cd268162ae321560

SHA1
668618558760834233dd992b449e339769e4d4e4

SHA256
4764fa52624e83b46405cf8935ba3e39d34bf3e3c97a5911c024c8fc7d13a443

SHA512
2360d36bf6a8ed5482ee54508047504226d54eb349270b38d4c35f04ff74d1be951743f372e9aef5d763fd06e731877c15a00631782c1d823a4588f95b5824c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e58b228e7156f828a5fc50c849bc31e7

SHA1
e760b6aa8a4696993d3aa44e42dafba99bb23989

SHA256
92040577f2ca5bc0ada9e8684601dc4e5d0df53ec1577bca1c81d4e7ace26ff6

SHA512
57e9f90d3271e6fb2a957aeccf5f32279539c670a1ed94f6ca9916385367f005f4e25565046af28d589c9a7d32006f4087ec9475fb57118bb990c076bae36044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75bb60e65c1e46cbba48cbb5ebcdd81a

SHA1
890adabdea9deaf9a55bc30331b4b2db60f7857d

SHA256
272ccde972d87ac65120fc915e6b6cf559af75ceca2e1bd299e44242fa03876c

SHA512
0d005ef2599021ec89f160a86e134f7e3cd4734395728555edd0d7d51c2aa9fc5f9db9d99d31094253377535a2845cdc1a3d089cb743d93cfa35a2fcda33f8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ef8ba2160cee1f547bc34bba3f11c50

SHA1
0f0a49f9de4ca6526495fb01265cbfbe4157f7ef

SHA256
1a9a9886ca039d5a35c1ac387f704dcdf0bee4ec43decf50174ff173de66715f

SHA512
f74444355d61b998b702f69ca4e1c3d6b7b398486bf661b4f5bea29c74206b721975671fa5f1a8f0577fac2a75e0b0bb7072830ab4f684c86dce1dc64dc7bee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b31894188f3241f8b517d3f1edec652

SHA1
070c957766bf9cbb710867abd6828916a038ac10

SHA256
0479dea2b7e0ccfa96e52ea391f8493a9c101a7a755eac93cfb9c9bbedab0c20

SHA512
318934138b4401ac168a011bc7c52f8fe88537d14c630542cb3bd8b2c47d98c11cfff27cccb4d1afbf491bfe5e51b638fe34570fd631a8a45ca455c46825a579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b91f14215f72955fb9ea99fefd94f28a

SHA1
1db5ff93a9eb88678c5294f11b64e8c184351947

SHA256
6e7c9a1e3166ff2003dcf74a3627c8dd654c4dd09e721d44d573319ef7570850

SHA512
08f14d5205863527b8a56c554c21e58ccac6ad36be9c0a843bf48dfba2a06f4815785bd70df1536ebcb569b6f80bf0fbec02ab3084d2f482fc0807e851e497e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64ca1ca12fedbd725e52c23c17cbc981

SHA1
cf9d5f9b340eda988fc23f60b7525f62b76c05b6

SHA256
67656c5ae38bb1caf1bb9466b1ea0bf1aec6403f759d3d8e2a708f6876df08bd

SHA512
4c83de1c2f38f3d8c1b551bae24a254d53dba3fb06d6384933575edff1bfbe209aaadc438bcce3a03c7e2953e093ddbc82b85e026f61eceb9e219d6ea087d3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c120c1c7b9d1c5971710decc5950562

SHA1
c546b2f83580114432b1050a816ebf37f71590a8

SHA256
766c146df6ac6600408fd88654be5a216a181242e4be80b966f9d8361cfa81f4

SHA512
d075c3ca4b48517244ce5b70d7d7de42c2e25fc1b95a75a348fa39e8d41cbc76b5ffc5d6a6f7627f45af9daef956e19e11ffef55359570ba5d844064578f6269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a548571d81a1720e396b40359c9c536c

SHA1
cbf645c3e95e573c1edd79b0c7a434ad9d7d2c88

SHA256
4bcebc554d8c6336bf7b75e52548458ecf26cbac68d281de0f1492961a2fea73

SHA512
0c56d9a071ccc0c385738c09d6a9fc187004d7376ac71b5087d5ddb7ccbb07b52e15769b83b63ae247b693f4c0a00f98fa758081926bcef8b2d044265462701d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4191aabdff9a5d0fdc1ff7da784b23d0

SHA1
382f1818c14835a302bde24d29b6541cb8256930

SHA256
0b705f7e40d1fcb56caae4e75959a4e6c84c3fc0a229f5ddc37844b88ba2e2da

SHA512
e9fba19a19ab59df933f8be842ca2f1a6aa45cfe8e201c66cef5b537008ca0248fa01eee9107556b46a6ac6ad122621cc4951cd6d810e1d53af8cb8bc205c25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f445c865aa5492e6c276850d57fbc73c

SHA1
47d7d6ddfaea6e37a59ec3006f3c8dbbf1ebf598

SHA256
3dbddb4bf72eb0f5404561a424b82b96a9d7ae4c9fd11a755d050fa9e23273dc

SHA512
c3f2aea047184607653a89e7add262105babbd03c9793512253e048622edc90c9489523ba74d45bdfb11f8636d3b6cc1e737c89f6c05db927b13b2d7fc755e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4417d0bf1e50821a949b07f937eb7c88

SHA1
f322d8e2d03b6d10c2264a9c428d91dc975c2323

SHA256
bdc032cc1afdadde885f79980e7a1d1bb2cd9719274e5257d5a2373490e3d5e8

SHA512
6e47a54a8d0106e15039f708c30255a392cf6e2092ebd4325c874e1f1c59e1100f5580eb9d345d2538fdf038858b448bd4c44f9d7b8b97bb96f19942f2c16752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
995e5c769b9a3033c48287939f5a3130

SHA1
4288df5d8ff1f2b354a60ffd9c024aebe80ca122

SHA256
9ded69197aba1737ad55e4188d5c62a580c4f25c65f04e0be90fd5dbe9f1ccf8

SHA512
38601a598ef4a2ebfeb68e2c388fbfbdd7aa9223cf4f3930038f6b6b15a408acb80155ceac0514c023c3f914f49d75159b73f43ebe1ba8c3e6605fa06f10e0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe8f9ff05352ef8b7ce473fc1ad784a9

SHA1
0cecc3a207cc21fc89c63091168d466b2ac0cf93

SHA256
a6c276f144f39ccc90b46822b90fa48ecd0ecd9e5cda776c89b8b81f9afb52b9

SHA512
1d817fac13774c44cb4d2d9b1ee40ca9508019dbebee800d44f11951639500943ea501d05f8efc2d2448cd4ff31d668644074577669577d450bcaa389cebeabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
49a113ddfa1501dae1f3d333d26df1e5

SHA1
94382501da01ca87b6bf8f5432e518691bf4615c

SHA256
531c6f95ff26ca13fc5e56a743f2514e0c8af1c97a1ec15be4747179951e62a4

SHA512
a76d8e2cab815b10bf2208b395f58014db64c624b917e5add6d3ee3d2bb1be382e0b2c409a356aef3202814a1c94e5c29d18e4bf048ae04efd2c6f3a011342e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8546dacccf31a68dacee82b5bf66c2d6

SHA1
42cea9e15eb1ae2fa80e883252e2c9d3760a0dfa

SHA256
4dc81785f19cee37f23a0354891eae09a73aed4a4c50ab3c4c21ae6951d9ec43

SHA512
bc4e15171dece6405ab539de0fe854e1f00a3c3d3c495736fd050755f8921e76f67f7a97250283c00ff099ab667d3036102a501ebaddc0b1f5a0dc1418354cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eed4.TMP

Filesize
1KB

MD5
8690af6313745cd95394e55e9aee379e

SHA1
5e672a89c6e4f7fa7eb5b5c413790d48d09e7f25

SHA256
057f45d8db554610c86d8a163286adad0969f36111fcbac5bf09c484ca330bb1

SHA512
1aedb2b4d218793547e83d5b8c0a465a0f729a9ec8ddb0fd9c3ba2b32bf16631ad888e9b6b989d379b9e735688b7cf4f2345240a985d5da15df3485d8f4019f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b93d5440-e1e3-44a6-b448-673d64a4c391.tmp

Filesize
1KB

MD5
945a3218243135cc279504bc54d05c5d

SHA1
d3225875726d9cc93434ee99719024d032eed850

SHA256
74f03d783acf0c342f172fea9f9d604db31f3c525c02e6b5a67eb9ae2995103c

SHA512
4823282ae22a648e3a7ec685b34fb2b492747c3fbbfedd4827180df69b26b2c67076d56d3c0094900af025db7234ecaf57ece1937a2866de90cdc3253c18d710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea731f0e-af74-447b-ae2c-2e0ac0b095a3.tmp

Filesize
1KB

MD5
9bb1d58137f95d0992fbb505f2e9c852

SHA1
5bbfb83d33aae58d9623c1a3951efb8a1cba8515

SHA256
94b60c1f26459f10e6da1aad06a606ad6e59103fab8efc2bb7704526617d2d52

SHA512
2356b524715a6cc194433e633b49b362c21f005e3445a1d14e26b9fa4a69b2fdba82632d96db5219533e4c0136159291ff4fe6f44299a0b0385feee76d03a249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9f422bce3fdd5d5cdf38cf6765dfb65

SHA1
d538f82c64c1adb3e37688acbd0d4a29764acb63

SHA256
86fd41978495226fd6097e42b2a0e4f1f394de01c92f1174e04f1c8dfe9c3895

SHA512
2f7c6c71549b920ab6591d7c5efb4179266ecb4b8de299f010473f2d7e48d58e72f92b222406dc5d7f1b9c3999198ee3797fc28eb61a09c97848e1f86384dd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f3cbb89a9a50ef3afafaec005c74bdc

SHA1
8b4c3b9f0eff373fb9c4870a731bed52385ab356

SHA256
a1445548cf08b29ca5a8aed463fb735892cf3bec80ebcce0b15b748fcdd45a08

SHA512
fd3540502e0b206ae9d9911ede758a44afd0c771978e54293a0713bc665c266e19a163d5641e37a832105c3b63243bfa934d566a4d1d4c313d57c2a2211c8388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a482ee54fdbc891429c65825af634776

SHA1
f7e12e51d94af2f8d83b038b1799726101ba62a2

SHA256
aabdce1f8650d9fdca652f799486a3a4f5a200bfcc44a2702222afe637c66d61

SHA512
0d48feee0f69e2b8850815f561600f7d3ba99dd7802bc8efd71ccf2abbfeb67da8fe93aac161d5709be70df9748b468d7fd0f9b9a610cc1229454299ed9571a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
894f0fee15c3a1ecb7de4a4a5ea8a375

SHA1
5863e337133d1b7dff7674a3573991b245950c50

SHA256
b37d766bafdb1e8e2c34e716e97714ecf5279bb99d6f15126edc924e58128345

SHA512
73752731535060f1a1d4cedb12ad7e8bcecc016eda4d5338d250a3dd3ffdda08997dd47d5ad8fad1fe266aa9b445597d439a9ba688913c808faed6cf644fddca

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Desktop\READ_IT.txt

Filesize
108B

MD5
d845190db42d07b1f4a34292d8f335c7

SHA1
fa97f5c6d4aa832a0a1451730e8ba2a32b2f9339

SHA256
6bd70f8e5afcaf2bac76a5e40649be7ad4d59fb10d37e4f18ed3b1027b714b9a

SHA512
9d9310f6885084665a54cba5c33ce55d2de89978b82d59c70746f1e9ca2abdd094713e562f802f5e723654824ab872b9ab453cb32e279b5960edc196f683a08c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 673428.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 808676.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
memory/1100-1056-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp

Filesize
64KB

Download
memory/1100-1053-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp

Filesize
64KB

Download
memory/1100-1052-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp

Filesize
64KB

Download
memory/1100-1054-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp

Filesize
64KB

Download
memory/1100-1055-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp

Filesize
64KB

Download
memory/1100-1057-0x00007FFBCEA70000-0x00007FFBCEA80000-memory.dmp

Filesize
64KB

Download
memory/1100-1058-0x00007FFBCEA70000-0x00007FFBCEA80000-memory.dmp

Filesize
64KB

Download
memory/2088-1071-0x0000000002370000-0x00000000025DB000-memory.dmp

Filesize
2.4MB

Download
memory/2088-1549-0x0000000002370000-0x00000000025DB000-memory.dmp

Filesize
2.4MB

Download
memory/2088-1038-0x0000000002370000-0x00000000025DB000-memory.dmp

Filesize
2.4MB

Download
memory/3440-1595-0x0000000004E60000-0x0000000004E6A000-memory.dmp

Filesize
40KB

Download
memory/3440-1594-0x0000000004E90000-0x0000000004F22000-memory.dmp

Filesize
584KB

Download
memory/3440-1593-0x00000000053A0000-0x0000000005944000-memory.dmp

Filesize
5.6MB

Download
memory/3440-1592-0x00000000003E0000-0x000000000044E000-memory.dmp

Filesize
440KB

Download
memory/4784-1039-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download