Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
27-11-2024 14:17
General
-
Target
sample.js
-
Size
66KB
-
MD5
01cb2e0a4f044050f5b4f9969eb2550e
-
SHA1
689dbef019da4e208eb35b57c466cafa61d8fdd3
-
SHA256
0747f7da279d65d3edbbf1b7720ae34447443797964db49c9a8a543e82fb9200
-
SHA512
b4ad1d30432404ea91bb2406eeb56e66379a4e3576efa153e7019fb716fa3f99edd4022b8814e22def86c576abdc19d66fb71eff0350e827ce8eef41fb9136f4
-
SSDEEP
1536:G69UFLCCwNieoupehNFZuSuWtWWxLRoH1r2jSpScNkEAqWRI6ZsnVJr+Y05avm6N:h9UFLhwjuRoH1r2jSpScNkEAqWRI6Zsf
Malware Config
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Signatures
-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload 1 IoCs
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request 1 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 18 IoCs
-
Modifies registry class 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs
-
Suspicious use of FindShellTrayWindow 22 IoCs
-
Suspicious use of SetWindowsHookEx 39 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffe867846f8,0x7ffe86784708,0x7ffe867847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff65f7e5460,0x7ff65f7e5470,0x7ff65f7e54803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9748 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10144 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10424 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6956 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15317756135712258896,7587843864139038405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10316 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@70242⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f03⤵
- Blocklisted process makes network request
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 4962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7024 -ip 70241⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\DanaBot.dll2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7036 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\DanaBot.dll3⤵
- Modifies Internet Explorer settings
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7036 CREDAT:17420 /prefetch:23⤵
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55d9c9a841c4d3c390d06a3cc8d508ae6
SHA1052145bf6c75ab8d907fc83b33ef0af2173a313f
SHA256915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d
SHA5128243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85
-
Filesize
152B
MD5e87625b4a77de67df5a963bf1f1b9f24
SHA1727c79941debbd77b12d0a016164bae1dd3f127c
SHA25607ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e
SHA512000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b
-
Filesize
14KB
MD59e89b6f0f67aaa4f13d6f4008743264c
SHA1a4ae6655ec8b7543d4774b206b50616a66c5260b
SHA2562e61931addb0953967255ee5bbec3e2c1abab4920b38210cc2ed97c3fc441a98
SHA512bf532380e3d9b280aa9ebf14e4fac75695afc2af815f33bf416d8f00dc54af46663d6f1a8ed0653a294c9dd146cfc9edc60f15dc1ee81d71d91d15de88e3e508
-
Filesize
19KB
MD523c881bd9ff24ec1e1c1388e1967d94d
SHA1cf340b91392671812c5d68f70a32b8b0768f4c75
SHA25660eb6975421a62b21622524ea781e64e7892294e65056ad6ca7766e1362b7156
SHA5125694ab40278f68cd46d12a39fd7c7883cb1268b9896f3f09a8283db4a4070147f7970f18902885b119848f532d04f662fb44ab8ad5a7cd47a473578a692da7f5
-
Filesize
47KB
MD50d89f546ebdd5c3eaa275ff1f898174a
SHA1339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA51226edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690
-
Filesize
67KB
MD5b275fa8d2d2d768231289d114f48e35f
SHA1bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA2561b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
25KB
MD5e29b448723134a2db688bf1a3bf70b37
SHA13c8eba27ac947808101fa09bfe83723f2ab8d6b0
SHA256349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69
SHA5124ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c
-
Filesize
48B
MD509245f8ac9b5c4ed70a18cbc96318213
SHA197e967a80014381a82731d1d9a8a3ecc2ec236a5
SHA256483f50e8f0fae2e0377f86e938c10c00ff41b92c5e42e70f945224410eacc0ec
SHA5120db55ffbe1dffb6f8b2314af8a7fb22ab71370c9177fd9f3146f8c4c09c4e15a33f417452cbeaa0c2e2e93b3594638b29ac689b8d5f85e826e9cf99d80370948
-
Filesize
4KB
MD58af14fc60fc7f2313a51056dd4bda212
SHA1b840af8c46476ce77af4a6c11a1e16e0fcb93fc7
SHA2566c03c9b14fd78ebd494494f77a8fab6089977379aa530007debca4e3758cabd7
SHA512e5c88d5c6721160aba1a956860af42f691c9f28ca7155b15aaffe6da82e98b1a7fde59d355f431592a40644828aa5af27436ac88bdda1f2f7581c26b10b1636a
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
12KB
MD5ad6ccbd0f82b365871963dc1b0c3d044
SHA1321cdde8895abfd899508aa0dd416e36f22f19ed
SHA2568a92e774c53d85c2289edeb834a0c8d6149ccdbbbd0f6e214619de50be8b92ea
SHA5129705f10dc68360091a9afbf2e5cb170b94d21b3288b255bed0b47fe9c573399f41aeed2e9f3d817ad6ffe37b3920bd2f57723c67b3f822a1564fac16df00ec8a
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
14KB
MD5713afd4cf9c107d400cd37154384f7c6
SHA1ff4b5007644a07d778ac20f596d7c6e83ab94329
SHA256edb3bc8f4f79f4d2fd34ade34695c5d3b68879a5d1aa7e4dc8bb03a770eb7dd3
SHA512c403195d1194b1074bc7d00c2c1f1d75f75f8115ec0f4b381413c5bcd6b831c9608e29f5e78492d2544cdd39bc5339e8eb879cf618894b92308039218ac402f5
-
Filesize
14KB
MD5e69285ca3c1c32c7dbda3a1b8c2b6cf4
SHA10347db3f3c2c40da94708057af460c452dc89945
SHA25686f210171de1bda8bebda28ff668aed0d3e2c40dc02fe0e7e535d7113e03c8c0
SHA512789576ad01d546ac26790036b1d3c21f9161f085ea2bda85bbb4ccaabae3e199bbc1c40a939d1f84670cf6047b59a3a4844df1ad3662f68f7467f881af0c1d12
-
Filesize
4KB
MD501a53cc2e43351525337f696115ccfb2
SHA119be1a90be792cb52d9f7fc8d2ea166b7907edc2
SHA2569b805fe8fef31f001cb37eb09af0dea4d16aa5dabe698706de9833baf430a455
SHA5124500dceb969857a2b755ffde2250b8b88003376d48a7e841c4a8f6fe605dcd1682b72974da8f73235d6d2fd64b89eed3b7be1a978dd9368cc0fe15c0f2860cf7
-
Filesize
14KB
MD5a08078baa6b9f74f3430734a3a2f8951
SHA15a8065bec2355b63454deebcde58e22e1ef595a7
SHA256e23330349242e937e7e9142b591e3644152b3bc2f8ee2f144b8908685d33e953
SHA51283c3767f1630620ad01f2d339ed86039fb8bcc854ceb7ad2fb62f6458f249b9fe85470f8d30bb18020a001b580ceb7fbe0eb11fd8f1f815969bbafdab30bfd87
-
Filesize
10KB
MD50b698b8809fd23a971c976afda383b41
SHA13f4eba14167424b4576ca5b888beab532791c30c
SHA25686b600fbb7b030acd98bee79bdbc7f2cd7d2708146372ef92334f1e1149920f1
SHA512898baca2443299dfbe38f61efecc1de3d00e532dcb103d0876ea1da39f48c319c4a9a739ef90c792bc2489d593e2f3c682ebbbf2b74eb6274538e9398474c83e
-
Filesize
14KB
MD5e14f640aaaf0cc24b98efb6ee5241cb8
SHA191f03130e1e1ff10449ec58b2e981e998b8cfdc2
SHA256f2ea285c5c2de53be90c700bcd5d7124ec61b526d7967476229cff0b3dee5b9a
SHA512ed2b980eebef80bb551fc4310181053100311b16cce5eed630e332a27274ed9cd9f51e3ce0f40334e0cc27bff9159fafff690c08b043618f46d23cf784853807
-
Filesize
15KB
MD5becbe150a1dde20cc8046c7392f47779
SHA17f9b5cf5a140d3b4657643cfbfc69c192823d55c
SHA256cde098513321a272f3078c4bd88921621cc7ed9c8889556c1d4c68f967315c7a
SHA51299f769e498d3cbc57b014888995911d7436972e4a953bbeb90a70ac3a1cb6168cd0b89f1ca5a3dc8735ecc7ba4c872acee65dc7ce7be5d5aff6a92a1779020f1
-
Filesize
5KB
MD5b48dbbb1b58c8d4ac2062cc76a8dcb9f
SHA1b0b115d136e65593cd0d8b73e556cf09e3b80f2f
SHA256caf2a8c05af71b97b64848beecb6d2b8941e0222d0dd773852f8908b9607de4f
SHA512c183a2c6392c645b71883109391f36621b918e364c34b36de62b4fc2dd7e37c4935aef93b45ac75349b10c9e836c9a353912375eb1eed091bff50b054362623b
-
Filesize
24KB
MD5137094a3453899bc0bc86df52edd9186
SHA166bc2c2b45b63826bb233156bab8ce31c593ba99
SHA25672d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44
SHA512f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada
-
Filesize
24KB
MD5364592d2cc18adf665987584bf528cba
SHA1d1225b2b8ee4038b0c42229833acc543deeab0f6
SHA256bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c
SHA5120e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40
-
Filesize
72B
MD58836f9f021fd6fd1f70b1f6c21711721
SHA1ff9e021c8ad4075fe40c769105eb73e15241b625
SHA2560e1fc523e445af73f24fd1bbbc2c5ab55c8cc4ab2a324dc94c513c3f2972b36a
SHA5123fd2b2249e23cec11401df4f0e837dd954eb9a852901d6cbba395792731282e33974c197cc0a2e9b40d2932ce899cef91ba7af043ee007b83591b3772eabdf4f
-
Filesize
48B
MD5d8d518b95657e600c8037195fc2f4e83
SHA11ef129be8296a1fcd434a26444031960784e303d
SHA25698326c883905e444e2ff3791f96a56ea874330eecd6dcd7ca9988354b9de43b5
SHA512769f6432224ae4813ed6a21439ee2e4cd0deb4b9147fadc09542c7b0d3715365835d895b0469f62e6fc12af1519da015a03c0f82e5e02201d91b2f1150a208a2
-
Filesize
4KB
MD506d69cfce4e99d3264f375c36482e7ca
SHA1671f323d1bd13d97d6306a06df9ecf9bcb5a210f
SHA25642c7cc237deb81d83e0137e3a2b197268d7babadbe349edfbeb037f89f93fa1a
SHA51273d5eec1c2aae4391dc7861cf820be62eb6a4464c84f64275007445fbf65b6b855b8756b7b1fb248b94bc95e332abefa637df865cf268e79b41ec370c77e0699
-
Filesize
3KB
MD57e5a96e8f1b94d8fadb880e4baa9c2ea
SHA1a4de9b8b190676d067a0a810ae120cdaaa2b184c
SHA256533a2532e9cd1fc432954d6498a9acebb9340df6afd1e5370681aa9770af7ed2
SHA51259621d92877b27a038c46341e227331447dfafd5ff5b990d6bf6684f049b15ca7149e75fdd38ac20c09b46bfc75ce6aaea4c0e1ff97f9a0b6b3bc2303846a956
-
Filesize
4KB
MD5a8bfce60356d7cf704260d549451d701
SHA11d6b908639876cc803c452a6384eacc9b2ed98eb
SHA25674b63048e57c9dc8b6880ce379fc860f0423a1aa98af9f334fad62cf04baa6cf
SHA5129dfdb107a237d2e50af19bd04e346f4cc7f4c44526d1e21383409b66ef770dffce8b11faea45e6c607a74978cc9c93b4b9aa553aaa05b032fc153a846c35d426
-
Filesize
3KB
MD5f9de383d35bd0ec68667fb3ccb41fb9a
SHA153f43a345b876cfbb57f22951cfb9de34f45f4d6
SHA256fb4086069cd76f4b6c64fa56167af358e29de9446ad1ffc8f424c029f68072f1
SHA512bb6de2ae0e706243766318e65051ed2939d7ae5d8f97dac0a4fa359b70f32db077536292e5a2aa2f42fa67efe49eeff2f6afeda1987b02f91b0446e6fabb5276
-
Filesize
4KB
MD59e4ec56dd8f694fdd4592b0a08f49045
SHA1ecd897fa2da3b14fe1eb710b30eaf9ba415f105e
SHA256071db36078602b21268d6e4db918055b6b84948ca13496b21e917d418c76dd92
SHA5123206a611ecc3dac24f842520ce6d9118218f90e0324cb2e291a7b7cc55e2ede37fdb45a57e1113f5eed25f4f78f3aff28f411589d70e40607b20a5c319042151
-
Filesize
4KB
MD5425317998705a41eaf5d44548c4938a9
SHA12a63f16a168fdedbfe0ec98e9716d2e54ec7ea79
SHA256b983c8b26513573809f58102aaaeae0bcc028aa57ba2885a02bf9649d824405a
SHA51288523eb7dc50853f9fe7f49b7f0636c3e316edf17c971ff446cf79cfbd0f25d4406c6e6586b507f4a885938ba5e9da906d85de3ce980edd4053672acecd0e80b
-
Filesize
3KB
MD5261a3016ed562f257baf25875eecff1f
SHA133be7c43f9ef3239c45f1d1ef34e437ff589abd5
SHA25612147fb31724b1465bcb1b47df0798f261a34e2a9e97848d159ef24e6cfe1bc7
SHA512229ef213cbca4fa31a7decbd03bfeae59de5b1c4a9a6b7f5bd1ba65602c6d4b430700ba33905da0e325f4b6e04dbb0370bb8d21f314045a9bff320c917b100bf
-
Filesize
1KB
MD5b6360ced0212f3ee024aaf7f754a50a3
SHA1ad1b9cb08783af318f412b21f983a328fd8588a1
SHA2569982621946915152a57c4f8513009362b20317c8ae1b7bad7fee244774e4fa66
SHA51222eda1e563651026349da35edf58ee358b8c899c208da86a4f3492d1bb00f799e5f8dcde14d57081025a7f3b89ec4d47b1c1ca97168f64a3cf05260af2cd3f1d
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD53bd35a21019fd8fa1e99be499ce20fbc
SHA126d3abf4aa5f55d8a5edbbcfaa918d53c314eea9
SHA2565b8bcda586a597abb9ef6f09076a2cbd143289b73147f8394ec59c08f3dbd090
SHA512f853192d242f67ca27b043a92e93209425c86a31d6193977f55e3d4b76643ccd91c6a81dfc3bc00ff0f8a214cb5783ae3ca47da578185c4b83ed0999b152698c
-
Filesize
8KB
MD5d8719d773b988e59deb480e26f067d9d
SHA156fab356167393c3d1d3323c06595685fb395e2a
SHA256c35b9061b0fa43fc90ed5adc5a4760d9089c053bddc3519d058d470160be6587
SHA5124cccc11405478b78d9411ba6c81d35ed06bfdb9617db83d561e7ea6245c85fd47a0d37c1ae09a41142acffe56b19b140953124e500165a669c4551679c099191
-
Filesize
3KB
MD5061f24c4e893e8bc38accf93537c0816
SHA196903b3991211dcdc520105134781f5c523c8e52
SHA256e505e425620f3e9a60601d6216f5f785be74d276b30d0f078028a79bebc48c57
SHA51234096c4ff2e4e90c837b2668e02bc22f8f7ee800a4c8db878d1460f584d7af157ff623f04cd569441b474aa54dabebae299dc9279662afdbe869547126673ee2
-
Filesize
3KB
MD592fd3a89c24d571ffc753d678ce9d4cd
SHA1b97ddd1e28da3ab9eb3d834f35517f6698bf5c71
SHA256f39da8dda985e4bf268347799bd566d8880cd90acda24723c1d7367618331650
SHA512800c5a8293533299ce01b2fb877b9e6844480b14008366230879b0f216cc6d4cb08117ee03431c6f267fb77d5808647584b131b9b7a6a0a932f097b2cd547815
-
Filesize
2.4MB
MD57e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1fc500153dba682e53776bef53123086f00c0e041
SHA256abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA5120318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24
-
Filesize
2.0MB
MD582c6a1a2bfa5105690532715d421d0cb
SHA170243ba420aaa290aff5955773ff9d37a3e482b8
SHA2565a23063133801f2ce463bbe1f3c5ae62096c48cca845422decca8b4f8729c93e
SHA512a23cca111de707f22b54f5386231102482df40a0cd5126a3619e36dfc6cefd5dbe86eec32b946d853b915a0949c1acbe365846fe09e9cd6a2730abe33eb7ee74
-
Filesize
2.7MB
MD548d8f7bbb500af66baa765279ce58045
SHA12cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd
-
Filesize
2.4MB
-
Filesize
6.7MB
-
Filesize
2.4MB
-
Filesize
2.4MB