Analysis Overview
Threat Level: Known bad
The file https://github.com/skerkour/black-hat-rust was found to be: Known bad.
Malicious Activity Summary
Danabot x86 payload
Danabot family
Danabot
Disables Task Manager via registry modification
Blocklisted process makes network request
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
NTFS ADS
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy WMI provider
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 05:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 05:23
Reported
2024-11-20 05:28
Platform
win10v2004-20241007-en
Max time kernel
281s
Max time network
281s
Command Line
Signatures
Danabot
Danabot family
Danabot x86 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\DanaBot.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765540613566495" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 673428.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 808676.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/skerkour/black-hat-rust
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@4784
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4784 -ip 4784
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 464
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Desktop\StopNew.potx"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17086625320601781421,11210474432316968568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 /prefetch:8
C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0x11c,0x120,0x98,0x124,0x7ffbf03fcc40,0x7ffbf03fcc4c,0x7ffbf03fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3440,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4660,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4048 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3584,i,8781671093668876398,13928874601813946376,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 149.255.35.125:443 | tcp | |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 92.123.26.202:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.117.150:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 202.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| FR | 51.77.7.204:443 | tcp | |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| FR | 51.77.7.204:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_3516_GLPJKMKBIUQVBDUO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93cfcb4019b6a7e419119657f26dd4b9 |
| SHA1 | c9937d9f8663b69b88f78dc70cc5a3bfa21331eb |
| SHA256 | 9e96e54b8872361661b8b6e3e8e0ec73e72a0ddfe880e32f6d5520acd38724c2 |
| SHA512 | 97f0267e72f867ed3e4011c2c1f8794ac0d0aa2680aa3a5b281ff1bedad952036483b6f9259c0d7dc80bc558a3601c577a39eff507e59ec796fdd29eee44353b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f3cbb89a9a50ef3afafaec005c74bdc |
| SHA1 | 8b4c3b9f0eff373fb9c4870a731bed52385ab356 |
| SHA256 | a1445548cf08b29ca5a8aed463fb735892cf3bec80ebcce0b15b748fcdd45a08 |
| SHA512 | fd3540502e0b206ae9d9911ede758a44afd0c771978e54293a0713bc665c266e19a163d5641e37a832105c3b63243bfa934d566a4d1d4c313d57c2a2211c8388 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da966d88340b383efb4ed179a797b44a |
| SHA1 | f75d03afd75efaa36d579e26b505f89f448e1463 |
| SHA256 | 9831a2af97fb99c02ddd1cd2e3cc421a7bdd4da0d6b24e6456cfb6b7f94d293e |
| SHA512 | 133b88ee3e097350af509faaa41fffa509f98d15cd4380a28b3ef216230194b23c0d23ae24346afcc82e3f13ed30cb9e8995ce7eb78e4466dc19753e985b6edb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eed4.TMP
| MD5 | 8690af6313745cd95394e55e9aee379e |
| SHA1 | 5e672a89c6e4f7fa7eb5b5c413790d48d09e7f25 |
| SHA256 | 057f45d8db554610c86d8a163286adad0969f36111fcbac5bf09c484ca330bb1 |
| SHA512 | 1aedb2b4d218793547e83d5b8c0a465a0f729a9ec8ddb0fd9c3ba2b32bf16631ad888e9b6b989d379b9e735688b7cf4f2345240a985d5da15df3485d8f4019f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fe8f9ff05352ef8b7ce473fc1ad784a9 |
| SHA1 | 0cecc3a207cc21fc89c63091168d466b2ac0cf93 |
| SHA256 | a6c276f144f39ccc90b46822b90fa48ecd0ecd9e5cda776c89b8b81f9afb52b9 |
| SHA512 | 1d817fac13774c44cb4d2d9b1ee40ca9508019dbebee800d44f11951639500943ea501d05f8efc2d2448cd4ff31d668644074577669577d450bcaa389cebeabf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cdf982d87407ebf96a6aab4c0fc53424 |
| SHA1 | 5fcd395897d3cf11efcac03b27b7d6252d963c10 |
| SHA256 | d5aff4fb55a5002b1280b4941642a86543a50a9350c3ff9df0f9181e00324445 |
| SHA512 | 61df62a0f5111854613c5f77604c37518a7f40f0a0f39fff31dfce9d67457883938bd2c8147be5e8b9f5027198acd4b6e9a29e3f644e5bd68ec960c3f2aea09d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b93d5440-e1e3-44a6-b448-673d64a4c391.tmp
| MD5 | 945a3218243135cc279504bc54d05c5d |
| SHA1 | d3225875726d9cc93434ee99719024d032eed850 |
| SHA256 | 74f03d783acf0c342f172fea9f9d604db31f3c525c02e6b5a67eb9ae2995103c |
| SHA512 | 4823282ae22a648e3a7ec685b34fb2b492747c3fbbfedd4827180df69b26b2c67076d56d3c0094900af025db7234ecaf57ece1937a2866de90cdc3253c18d710 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b485f6234afedb00c6573e99ebabfa9e |
| SHA1 | 219840820e1721227d9ca5173c28236e9e3a559f |
| SHA256 | ffedf4a52df9cd9cc8a81d59588daa262eb675772de37141a52ad62a3594d322 |
| SHA512 | aa19c0aa5643f802f88668ff03ae64940a4d45b5aae43577db4d38076f1d42ce3b889f23f6f9058263b5d64361bc5cd3b4b4c0ba22fbc4b3859b7a97e4399c55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 49a113ddfa1501dae1f3d333d26df1e5 |
| SHA1 | 94382501da01ca87b6bf8f5432e518691bf4615c |
| SHA256 | 531c6f95ff26ca13fc5e56a743f2514e0c8af1c97a1ec15be4747179951e62a4 |
| SHA512 | a76d8e2cab815b10bf2208b395f58014db64c624b917e5add6d3ee3d2bb1be382e0b2c409a356aef3202814a1c94e5c29d18e4bf048ae04efd2c6f3a011342e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea731f0e-af74-447b-ae2c-2e0ac0b095a3.tmp
| MD5 | 9bb1d58137f95d0992fbb505f2e9c852 |
| SHA1 | 5bbfb83d33aae58d9623c1a3951efb8a1cba8515 |
| SHA256 | 94b60c1f26459f10e6da1aad06a606ad6e59103fab8efc2bb7704526617d2d52 |
| SHA512 | 2356b524715a6cc194433e633b49b362c21f005e3445a1d14e26b9fa4a69b2fdba82632d96db5219533e4c0136159291ff4fe6f44299a0b0385feee76d03a249 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b31894188f3241f8b517d3f1edec652 |
| SHA1 | 070c957766bf9cbb710867abd6828916a038ac10 |
| SHA256 | 0479dea2b7e0ccfa96e52ea391f8493a9c101a7a755eac93cfb9c9bbedab0c20 |
| SHA512 | 318934138b4401ac168a011bc7c52f8fe88537d14c630542cb3bd8b2c47d98c11cfff27cccb4d1afbf491bfe5e51b638fe34570fd631a8a45ca455c46825a579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7831826c-7521-4202-af59-0624ab09c541.tmp
| MD5 | fa20ec95c18bb7da9683c8cd0c284bae |
| SHA1 | d450bef7a631798b3ba92838956f04266fda9beb |
| SHA256 | fce9682560b24b578cbc91706f0df426a3f274239191f55ec578b386e6a42738 |
| SHA512 | 44a8337fa2a8300d38965074807a4555b6f348681cad05074d53ce5e060d1efcbe698965a74ebb7a7b2827cd6ae30aac6ac9009d3174800835c04580ced55e3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ef8ba2160cee1f547bc34bba3f11c50 |
| SHA1 | 0f0a49f9de4ca6526495fb01265cbfbe4157f7ef |
| SHA256 | 1a9a9886ca039d5a35c1ac387f704dcdf0bee4ec43decf50174ff173de66715f |
| SHA512 | f74444355d61b998b702f69ca4e1c3d6b7b398486bf661b4f5bea29c74206b721975671fa5f1a8f0577fac2a75e0b0bb7072830ab4f684c86dce1dc64dc7bee5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c120c1c7b9d1c5971710decc5950562 |
| SHA1 | c546b2f83580114432b1050a816ebf37f71590a8 |
| SHA256 | 766c146df6ac6600408fd88654be5a216a181242e4be80b966f9d8361cfa81f4 |
| SHA512 | d075c3ca4b48517244ce5b70d7d7de42c2e25fc1b95a75a348fa39e8d41cbc76b5ffc5d6a6f7627f45af9daef956e19e11ffef55359570ba5d844064578f6269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b91f14215f72955fb9ea99fefd94f28a |
| SHA1 | 1db5ff93a9eb88678c5294f11b64e8c184351947 |
| SHA256 | 6e7c9a1e3166ff2003dcf74a3627c8dd654c4dd09e721d44d573319ef7570850 |
| SHA512 | 08f14d5205863527b8a56c554c21e58ccac6ad36be9c0a843bf48dfba2a06f4815785bd70df1536ebcb569b6f80bf0fbec02ab3084d2f482fc0807e851e497e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e58b228e7156f828a5fc50c849bc31e7 |
| SHA1 | e760b6aa8a4696993d3aa44e42dafba99bb23989 |
| SHA256 | 92040577f2ca5bc0ada9e8684601dc4e5d0df53ec1577bca1c81d4e7ace26ff6 |
| SHA512 | 57e9f90d3271e6fb2a957aeccf5f32279539c670a1ed94f6ca9916385367f005f4e25565046af28d589c9a7d32006f4087ec9475fb57118bb990c076bae36044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43bea1016dd64ac1aa01e9be0b26e6b6 |
| SHA1 | 685a19ab137d1e744b1853bef1eb9ecb40bdf5dc |
| SHA256 | fc4bb4566ba6b5456ca8ea5b624563c03b98b8114e1bbc892dd17959fbf3ca58 |
| SHA512 | 7bf0ec51b328a76516a3d6510ef1a1e1217e5affca2b71435d1870fee6b44ebae1d8dff5840a70ca15359c611e536ab6767495558d3931febcbf265f28752ee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64ca1ca12fedbd725e52c23c17cbc981 |
| SHA1 | cf9d5f9b340eda988fc23f60b7525f62b76c05b6 |
| SHA256 | 67656c5ae38bb1caf1bb9466b1ea0bf1aec6403f759d3d8e2a708f6876df08bd |
| SHA512 | 4c83de1c2f38f3d8c1b551bae24a254d53dba3fb06d6384933575edff1bfbe209aaadc438bcce3a03c7e2953e093ddbc82b85e026f61eceb9e219d6ea087d3e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a548571d81a1720e396b40359c9c536c |
| SHA1 | cbf645c3e95e573c1edd79b0c7a434ad9d7d2c88 |
| SHA256 | 4bcebc554d8c6336bf7b75e52548458ecf26cbac68d281de0f1492961a2fea73 |
| SHA512 | 0c56d9a071ccc0c385738c09d6a9fc187004d7376ac71b5087d5ddb7ccbb07b52e15769b83b63ae247b693f4c0a00f98fa758081926bcef8b2d044265462701d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ddab37ec0c02e5b4a40b4a04a3186e1 |
| SHA1 | 6d47406e04f5d67e835ca326b2ec349fe563b6c1 |
| SHA256 | 9e3859a8a5cf26f4d5453a90c2b8dbd119eb66afa9645f0e571153a55ffa3ad1 |
| SHA512 | 2f7096a385f6f79a17d35265bd2f6ef7b841f2d98c2eab386c89fa595cf1656d340ee429a04a7a011a48ac69f56480536dbd83b148e520c76d4b01bd4190454c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f445c865aa5492e6c276850d57fbc73c |
| SHA1 | 47d7d6ddfaea6e37a59ec3006f3c8dbbf1ebf598 |
| SHA256 | 3dbddb4bf72eb0f5404561a424b82b96a9d7ae4c9fd11a755d050fa9e23273dc |
| SHA512 | c3f2aea047184607653a89e7add262105babbd03c9793512253e048622edc90c9489523ba74d45bdfb11f8636d3b6cc1e737c89f6c05db927b13b2d7fc755e1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5225fa02dd6ad3d3f5259967155e8db1 |
| SHA1 | aa62ffdd06bf6b30fa1a341894590f2f63282e63 |
| SHA256 | d1c60e9c10079347dc3707885717ba69455802bed9bcf5de0e6c94c510fa9ec2 |
| SHA512 | 4bc870f3fa35581ddf03f5cc7ba8a702de2b07f673796db9ab9ef7060f95ad4111f9e3b7cf688d5e62f39881faa93025cbe993aa4a2edd70b849ae72a5fe0eac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4191aabdff9a5d0fdc1ff7da784b23d0 |
| SHA1 | 382f1818c14835a302bde24d29b6541cb8256930 |
| SHA256 | 0b705f7e40d1fcb56caae4e75959a4e6c84c3fc0a229f5ddc37844b88ba2e2da |
| SHA512 | e9fba19a19ab59df933f8be842ca2f1a6aa45cfe8e201c66cef5b537008ca0248fa01eee9107556b46a6ac6ad122621cc4951cd6d810e1d53af8cb8bc205c25c |
C:\Users\Admin\Downloads\Unconfirmed 673428.crdownload
| MD5 | 48d8f7bbb500af66baa765279ce58045 |
| SHA1 | 2cdb5fdeee4e9c7bd2e5f744150521963487eb71 |
| SHA256 | db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1 |
| SHA512 | aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ad8c5892918ad1fc17f10291d770eb5e |
| SHA1 | fc721d8538b7050481a9786a909d215afe07543a |
| SHA256 | a855cc1765b5fe8a0c88e6d373863c965f48ffd8e625eec8a8d808150279f74d |
| SHA512 | 2e402a375ccb8e75a27d7ee6a5c738bb3029e5c7a70b0a976d0e773bdcab3e530f9f8eb2c418e359b80fbe31ddbdb07d75320915a4460cc895074e9a2e81e370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4417d0bf1e50821a949b07f937eb7c88 |
| SHA1 | f322d8e2d03b6d10c2264a9c428d91dc975c2323 |
| SHA256 | bdc032cc1afdadde885f79980e7a1d1bb2cd9719274e5257d5a2373490e3d5e8 |
| SHA512 | 6e47a54a8d0106e15039f708c30255a392cf6e2092ebd4325c874e1f1c59e1100f5580eb9d345d2538fdf038858b448bd4c44f9d7b8b97bb96f19942f2c16752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 677b5f16743b7946786c0c54b18736a1 |
| SHA1 | c67b69b3eb442767e13ae2d3ace2f9b9003ca47a |
| SHA256 | 112c220934402426039009e7bd1cec6eb97dd6c13c4b3715dcad84b0d9f8c4dc |
| SHA512 | 04ef2dd240158d61285aeca7ab9d39a37fa2fd5a73e5d3ad46defecaced08d6793f943d4959a841f2303c405e0a0ddc0a0760eee40513e8129f21ea5f10a8a9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a482ee54fdbc891429c65825af634776 |
| SHA1 | f7e12e51d94af2f8d83b038b1799726101ba62a2 |
| SHA256 | aabdce1f8650d9fdca652f799486a3a4f5a200bfcc44a2702222afe637c66d61 |
| SHA512 | 0d48feee0f69e2b8850815f561600f7d3ba99dd7802bc8efd71ccf2abbfeb67da8fe93aac161d5709be70df9748b468d7fd0f9b9a610cc1229454299ed9571a9 |
C:\Users\Admin\DOWNLO~1\DanaBot.dll
| MD5 | 7e76f7a5c55a5bc5f5e2d7a9e886782b |
| SHA1 | fc500153dba682e53776bef53123086f00c0e041 |
| SHA256 | abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3 |
| SHA512 | 0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24 |
memory/2088-1038-0x0000000002370000-0x00000000025DB000-memory.dmp
memory/4784-1039-0x0000000000400000-0x0000000000AAD000-memory.dmp
memory/1100-1052-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp
memory/1100-1054-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp
memory/1100-1053-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp
memory/1100-1055-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp
memory/1100-1056-0x00007FFBD0C50000-0x00007FFBD0C60000-memory.dmp
memory/1100-1057-0x00007FFBCEA70000-0x00007FFBCEA80000-memory.dmp
memory/1100-1058-0x00007FFBCEA70000-0x00007FFBCEA80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 894f0fee15c3a1ecb7de4a4a5ea8a375 |
| SHA1 | 5863e337133d1b7dff7674a3573991b245950c50 |
| SHA256 | b37d766bafdb1e8e2c34e716e97714ecf5279bb99d6f15126edc924e58128345 |
| SHA512 | 73752731535060f1a1d4cedb12ad7e8bcecc016eda4d5338d250a3dd3ffdda08997dd47d5ad8fad1fe266aa9b445597d439a9ba688913c808faed6cf644fddca |
memory/2088-1071-0x0000000002370000-0x00000000025DB000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9f422bce3fdd5d5cdf38cf6765dfb65 |
| SHA1 | d538f82c64c1adb3e37688acbd0d4a29764acb63 |
| SHA256 | 86fd41978495226fd6097e42b2a0e4f1f394de01c92f1174e04f1c8dfe9c3895 |
| SHA512 | 2f7c6c71549b920ab6591d7c5efb4179266ecb4b8de299f010473f2d7e48d58e72f92b222406dc5d7f1b9c3999198ee3797fc28eb61a09c97848e1f86384dd99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49cb9fca6d226b28cd268162ae321560 |
| SHA1 | 668618558760834233dd992b449e339769e4d4e4 |
| SHA256 | 4764fa52624e83b46405cf8935ba3e39d34bf3e3c97a5911c024c8fc7d13a443 |
| SHA512 | 2360d36bf6a8ed5482ee54508047504226d54eb349270b38d4c35f04ff74d1be951743f372e9aef5d763fd06e731877c15a00631782c1d823a4588f95b5824c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8546dacccf31a68dacee82b5bf66c2d6 |
| SHA1 | 42cea9e15eb1ae2fa80e883252e2c9d3760a0dfa |
| SHA256 | 4dc81785f19cee37f23a0354891eae09a73aed4a4c50ab3c4c21ae6951d9ec43 |
| SHA512 | bc4e15171dece6405ab539de0fe854e1f00a3c3d3c495736fd050755f8921e76f67f7a97250283c00ff099ab667d3036102a501ebaddc0b1f5a0dc1418354cf5 |
memory/2088-1549-0x0000000002370000-0x00000000025DB000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 808676.crdownload
| MD5 | c850f942ccf6e45230169cc4bd9eb5c8 |
| SHA1 | 51c647e2b150e781bd1910cac4061a2cee1daf89 |
| SHA256 | 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f |
| SHA512 | 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 995e5c769b9a3033c48287939f5a3130 |
| SHA1 | 4288df5d8ff1f2b354a60ffd9c024aebe80ca122 |
| SHA256 | 9ded69197aba1737ad55e4188d5c62a580c4f25c65f04e0be90fd5dbe9f1ccf8 |
| SHA512 | 38601a598ef4a2ebfeb68e2c388fbfbdd7aa9223cf4f3930038f6b6b15a408acb80155ceac0514c023c3f914f49d75159b73f43ebe1ba8c3e6605fa06f10e0dd |
memory/3440-1592-0x00000000003E0000-0x000000000044E000-memory.dmp
memory/3440-1593-0x00000000053A0000-0x0000000005944000-memory.dmp
memory/3440-1594-0x0000000004E90000-0x0000000004F22000-memory.dmp
memory/3440-1595-0x0000000004E60000-0x0000000004E6A000-memory.dmp
C:\Users\Admin\Desktop\READ_IT.txt
| MD5 | d845190db42d07b1f4a34292d8f335c7 |
| SHA1 | fa97f5c6d4aa832a0a1451730e8ba2a32b2f9339 |
| SHA256 | 6bd70f8e5afcaf2bac76a5e40649be7ad4d59fb10d37e4f18ed3b1027b714b9a |
| SHA512 | 9d9310f6885084665a54cba5c33ce55d2de89978b82d59c70746f1e9ca2abdd094713e562f802f5e723654824ab872b9ab453cb32e279b5960edc196f683a08c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1767e6ff7415f8ea5eb0750b38d0b96a |
| SHA1 | c6c51e4d76818030917efb47427d26452acc9a23 |
| SHA256 | 7b727339b6068e6bb6605e86a313e81d74a4817d39d94a3dbce056ae47bda7df |
| SHA512 | c6f95c47a21c882b696c5b7f152079fed2a0dc688be962041701572df9ae93b21765ba52b719af237ab09005abeb22620a48d2fbedf4a2c95b0b8ceaf9b45203 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ad16d0ab4e3999ec402b9b9589c7fdb9 |
| SHA1 | e09c911e7262619cf4031481febbcba499022176 |
| SHA256 | 26945d26745509abfd5e1e2270ea73b8092e0fb0a833db2c20d652bb89cd5755 |
| SHA512 | 9d437dc4f3425ff50d9c226d7524ea9422f887b48d44bc5e6596bd571026f61faaf23865645de10f25576d190ee5607b73120d8c4a873c145071a48f50229f71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f67d883a57baca39cdd732477604dd1a |
| SHA1 | 03d321180376288176ff1ece625be590c009f8b0 |
| SHA256 | 6d72a6d847d1659a2cec926e189fb25e6054bd95bed99a2196843976bfd01b87 |
| SHA512 | 50ee19210695a2558a36a767d0ce17bbf42ae4a3c8accc1e2ca0b325492fdbb32637b4b430a6929a2c85e3d2406d32f2764bc2b6db2b2d3585f734e1d2bc9f34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75bb60e65c1e46cbba48cbb5ebcdd81a |
| SHA1 | 890adabdea9deaf9a55bc30331b4b2db60f7857d |
| SHA256 | 272ccde972d87ac65120fc915e6b6cf559af75ceca2e1bd299e44242fa03876c |
| SHA512 | 0d005ef2599021ec89f160a86e134f7e3cd4734395728555edd0d7d51c2aa9fc5f9db9d99d31094253377535a2845cdc1a3d089cb743d93cfa35a2fcda33f8fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8117f1a74efef36ec0b05b55b966986a |
| SHA1 | 4d5ece8e9f4dedd0b362339fcfca51e5688bb4bf |
| SHA256 | 867bb739f2bf2ccaeba0b02c3c6f52cc29f3f4b3a818e962042e8a5d6efe0547 |
| SHA512 | 1d6a553aa9556c2bdcb6cbb877ed2ce89d02014dc6b505289bfa976ca970d0b4f02f56a2c88350db762697a3bde1d274277a0115057c0cacad85a37a9b1fc2b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a12d4a986082832c3fe549c799447a42 |
| SHA1 | 68732cd50b1e0ba1b27386efa2adc2722d882cd8 |
| SHA256 | 5e18b9061283e70e28cc8b3a06a818e6e07e22bd75e08d72dc468b06b4e53d63 |
| SHA512 | 145498e4f3989df75979d745233237a0934a20f2f2565a07a9de9401af0fd85bcc2643f332171eb2afe97efe69bc4c8aaeed0f7d6a3e35cb5b600aa4bafb5437 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e3bf2bfbb28df11650a5f62bc1517f8 |
| SHA1 | b689bf0d591362cad988c8d04b6c1b15596cb663 |
| SHA256 | 2a667f9f047ea8db82c24a53e6f9227a8359df3c7ea731aa5133255ce7054c15 |
| SHA512 | 124f8acffe33ee2047956108bcbd683210bccc18e76639ce696f4a96804f8e1047cbc32755d538ef14502ceb08e2a6a475703a7b0e44f99d52a25d71384fe755 |