danabot | hxxps://github[.]com/Virus-Samples/Malware-Sample-Sources/blob/main/README[.]md

Analysis

max time kernel
600s
max time network
534s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Virus-Samples/Malware-Sample-Sources/blob/main/README.md

Score

10^/10

danabot banker botnet discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000a00000001db56-784.dat	family_danabot

Blocklisted process makes network request 10 IoCs

flow	pid	Process
129	1552	rundll32.exe
132	1552	rundll32.exe
135	1552	rundll32.exe
139	1552	rundll32.exe
140	1552	rundll32.exe
141	1552	rundll32.exe
143	1552	rundll32.exe
144	1552	rundll32.exe
145	1552	rundll32.exe
146	1552	rundll32.exe

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4044	DanaBot.exe
4836	WinNuke.98 (1).exe
5060	dismhost.exe

Loads dropped DLL 8 IoCs

pid	Process
1184	regsvr32.exe
1184	regsvr32.exe
1552	rundll32.exe
5060	dismhost.exe
5060	dismhost.exe
5060	dismhost.exe
5060	dismhost.exe
5060	dismhost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
32	camo.githubusercontent.com
33	camo.githubusercontent.com
34	camo.githubusercontent.com
35	camo.githubusercontent.com
36	raw.githubusercontent.com
126	raw.githubusercontent.com
31	raw.githubusercontent.com

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe
File opened for modification	C:\WINDOWS\SYSTEM32\WINBIODATABASE\51F39552-1075-4199-B513-0C10EA185DB0.DAT	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4896	4044	WerFault.exe	130

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 39 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\NodeSlot = "8"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e00718000000000000000000000e4c006bb93d2754f8a90cb05b6477eee0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 588555.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 834412.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 598966.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 877854.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1708	explorer.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3504	msedge.exe
3504	msedge.exe
3024	identity_helper.exe
3024	identity_helper.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
3188	msedge.exe
3188	msedge.exe
4740	msedge.exe
4740	msedge.exe
1036	msedge.exe
1036	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3504	msedge.exe
4528	cleanmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeBackupPrivilege	4992	svchost.exe
Token: SeRestorePrivilege	4992	svchost.exe
Token: SeSecurityPrivilege	4992	svchost.exe
Token: SeTakeOwnershipPrivilege	4992	svchost.exe
Token: 35	4992	svchost.exe
Token: SeShutdownPrivilege	1708	explorer.exe
Token: SeCreatePagefilePrivilege	1708	explorer.exe
Token: SeBackupPrivilege	5060	dismhost.exe
Token: SeRestorePrivilege	5060	dismhost.exe
Token: SeTakeOwnershipPrivilege	5060	dismhost.exe
Token: SeSecurityPrivilege	5060	dismhost.exe
Token: SeBackupPrivilege	4528	cleanmgr.exe
Token: SeRestorePrivilege	4528	cleanmgr.exe
Token: SeManageVolumePrivilege	2592	svchost.exe
Token: SeShutdownPrivilege	1656	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 4988	3504	msedge.exe	84
PID 3504 wrote to memory of 4988	3504	msedge.exe	84
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 2004	3504	msedge.exe	86
PID 3504 wrote to memory of 3520	3504	msedge.exe	87
PID 3504 wrote to memory of 3520	3504	msedge.exe	87
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88
PID 3504 wrote to memory of 3020	3504	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Virus-Samples/Malware-Sample-Sources/blob/main/README.md
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc80b46f8,0x7ffbc80b4708,0x7ffbc80b4718
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2132 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4044
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@4044
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1184
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 464
    3⤵
    - Program crash
    PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6840 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15860134639097868929,15045856598017702029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4044 -ip 4044
1⤵
PID:4380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4484

C:\Users\Admin\Downloads\WinNuke.98 (1).exe
"C:\Users\Admin\Downloads\WinNuke.98 (1).exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4992

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:1708
- C:\Windows\system32\systempropertiesadvanced.exe
  "C:\Windows\system32\systempropertiesadvanced.exe"
  2⤵
  PID:4924

C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /D C
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4528
- C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\dismhost.exe
  C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\dismhost.exe {DF29CA38-4B30-4142-A723-E757B9BDAAF2}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:5060

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2592

C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
1⤵
PID:3952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup -s WbioSrvc
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
37KB

MD5
56690d717897cfa9977a6d3e1e2c9979

SHA1
f46c07526baaf297c664edc59ed4993a6759a4a3

SHA256
7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e

SHA512
782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
26KB

MD5
73fc3bb55f1d713d2ee7dcbe4286c9e2

SHA1
b0042453afe2410b9439a5e7be24a64e09cf2efa

SHA256
60b367b229f550b08fabc0c9bbe89d8f09acd04a146f01514d48e0d03884523f

SHA512
d2dc495291fd3529189457ab482532026c0134b23ff50aa4417c9c7ca11c588421b655602a448515f206fa4f1e52ee67538559062263b4470abd1eccf2a1e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
20KB

MD5
b9cc0ef4a29635e419fcb41bb1d2167b

SHA1
541b72c6f924baacea552536391d0f16f76e06c4

SHA256
6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf

SHA512
f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
58KB

MD5
6c1e6f2d0367bebbd99c912e7304cc02

SHA1
698744e064572af2e974709e903c528649bbaf1d

SHA256
d33c23a0e26d8225eeba52a018b584bb7aca1211cdebfffe129e7eb6c0fe81d8

SHA512
ebb493bef015da8da5e533b7847b0a1c5a96aa1aeef6aed3319a5b006ed9f5ef973bea443eaf5364a2aaf1b60611a2427b4f4f1388f8a44fdd7a17338d03d64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
40KB

MD5
8dfebf27fc5a0c7b08a68b6b8c760d80

SHA1
ee63301ac2a3c51993bd9dedc973b9d1ade705f9

SHA256
f80fae598b38c44f3d1cb93512b405802d3e40a24b679cd600a7edb8744d3791

SHA512
65b81b920a0da9d6fb4874755c8842d552aa9c42a007cdbdeaf464f8c79ad724d97c9621c84ecb3cf9b9163f12b45c6e2a67d466b18b60fca52ae9bc30e6fa49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
65KB

MD5
82250110fe0a75d666d49a2456e1bbd9

SHA1
4395134f2ca06eb1b175c2b90ebe36a5b79bae61

SHA256
f059625c74478dcd9f60ebe2b513dfb9ab5157e4fe9feec26256d7e668ce9bdf

SHA512
57164c32200a2b1387dd16b269cff36585ec017880142a5b90ccfd96ddbb5816f6656ae021f53a3ff51eef48a04f83cb0646947fe7df2daef58278e52549b599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
105KB

MD5
b8b23ac46d525ba307835e6e99e7db78

SHA1
26935a49afb51e235375deb9b20ce2e23ca2134c

SHA256
6934d9e0917335e04ff86155762c27fa4da8cc1f5262cb5087184827004525b6

SHA512
205fb09096bfb0045483f2cbfe2fc367aa0372f9a99c36a7d120676820f9f7a98851ee2d1e50919a042d50982c24b459a9c1b411933bf750a14a480e063cc7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
16KB

MD5
cfa35eb916108c25cee62cfe1c13c087

SHA1
7fb0a039b591610029243c9f5d569a4e4674a99e

SHA256
986387f306783662f401ae5a2641b1ff1403efc91887185a8ae09187b91495bc

SHA512
356fcfc8fdbc7914734f5c6e057f15e52bdf35b8e626b46a0fffd2cd18c1e4ba8f11948f8ca656005b9d6e5007fbbd3d18b77699e00866a289bb0521e657cccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05b101c1e20df222_0

Filesize
6KB

MD5
ee7f60935effad2ea12d0c573e92eabb

SHA1
44658abb9f7214acd3f945d15d1da737625fb4da

SHA256
5b7fb70b3259363b5b511b24409cebca22c90fd3d7529f0a6702be551b82a8ca

SHA512
8252108c8b459560b09fea952ab90b38d093c3e1afec84e615e51a8790a6644b7062758b539c10db19d791a2bb60f9363198590f2d1944ced58b0abd2f40ba6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17cc4188e22fd9e4_0

Filesize
2KB

MD5
e0788e633bea476733a0bfe2ecd039f3

SHA1
9cd0f84b44e33f25b0843417401cbc5f5de8879a

SHA256
3ba5acee963d40e011badf8baadb1c58140b34a3ec517f63af9651e18b767424

SHA512
0fd4dde0e6ad0f88b9dc4cf9df74c9f5d4fdb2840dca81f7a58798e4bdbeedcdde00e5ab825883e3fca4024741b7bcdc4fdba334f7561d7d8d0922c29fc2eaab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\216dc9407ec6ec5b_0

Filesize
1KB

MD5
106d89a2bb3d31e3bdf699172ac64b06

SHA1
2e3964c8a8e9cf21b5770f298de0f4160853c5a5

SHA256
c5bfa88d86cb77c0e628fae92f3c95179c6ede20f70a9b8c38f182b9c30510b0

SHA512
f271b04c4e212195bd274c472e3460dd81bb22f3c955fd2ee5af907bad66f51013d871ad3bdf2b4e2913e83fe9927324ebbff1c1ee505bdd7f0e59a18ddeb3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5123cd40cd30b29e_0

Filesize
1KB

MD5
5a59f647521cc7f2bb4a0ec3c19312ca

SHA1
db6821444d82727ab305f894b3372da27123d82c

SHA256
5f9b7306c47757f31772dadc8ce3933f877371687865aad7c2c211f57ea9873d

SHA512
c95abc95dc9a51dbb36a32c9d9c00d2b14e9ddb9a1f2e5cba580c51a41d57d4912ad4b1b7b3e6ec656d06daa62e65a261315add4ff460f0c862ff585bee94067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f9bd0d103e1c4ea_0

Filesize
1KB

MD5
7967928307a5d1aa658d1ef69c45e2dd

SHA1
9d4e0aeb9b9664548cfd2c10e1aee18957c3034a

SHA256
2c4d44dc66b3e37627a0f9299cc85197e52ff5e3efef2e82f65ff531b9fd1c33

SHA512
cf2325dac8e686cfaf36b4a16d8bb34afc31c5112b2a6acdbdaafecc42133bc610f8d1483ca31cb3758079f450b5f991631d0c9293ff1a19f5d4294166017100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67978ba7df192b35_0

Filesize
1KB

MD5
730042e716c3d5a2552a61a79b244ac4

SHA1
712def0c97a9db63b5c183ae1b1cef57f125d45f

SHA256
c353d99817b12c92fdfe02178c2d1234e0661dcc8169c7bce12d6a80076c555e

SHA512
1c876010c156c66f8b91a677b44fee6ba6e264233c3c2216edd19c56a48c7aa40955e3282e2e94cc36627545eb34b5dba28465f208a58eb44e023983d60f3f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b4311b2387bfb57_0

Filesize
1KB

MD5
c74ee09d03bab7648c81e2be2a50fa03

SHA1
3744b89bdd4ebe083e57403a951c1c95e8d240e9

SHA256
bf847a7f99e4ae0213e60ffd655afcaf62c15b7f841119b5f48810762c460634

SHA512
4c7880eb8ed559bc5b6db0392850ae732b38664a65e3a4b4142d290472309b6473cd2ed6fc73d27484716cb6f91aeea9c70aeb6511eb48e8cd9cf1765e2da237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88f32242cf1da472_0

Filesize
2KB

MD5
82f2e10102d8a1d71ad67ec3cb466644

SHA1
ee43e4cccecddc51d15c8f729d6542657dd9dd9a

SHA256
5f4f8517d3868a7352e5b9701c15faa9aab5e17372a7d58f4d2c8eb78ebbc235

SHA512
a7d31be708a3f57ad4210f232ee70c28722a0dd656196cfb01f312d519606de7d54fba3581ed5101e9f91742442dc757a73f7d69668db1ab1783a608f7d73d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8af44c22dcc8d4fe_0

Filesize
2KB

MD5
11d3a76f13f1f9b0233b33117a40f4d1

SHA1
5a1b9f2019e3bc43122d85b031d2952699c0d3d0

SHA256
f6d33036c677d1ddb1f20240ce2d49bf0a29a2f4a0d45c71e05e0aeea424420c

SHA512
230bb3d009cfe8ddb5525e52fbddac886ac0aa3f1c3fe3419072bc522cd6f4e935517da6c97fc7fbf7091780e01017bff7c8099e822148260bb104370fedbb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f9fd988dc5ea5bd_0

Filesize
1KB

MD5
b47409a9557ef5a9178009c374b4e4dd

SHA1
0b0d53885c6af65bff8303709872be23e3ad262b

SHA256
f394ccffa81fa0000c80cccd89ed8f62302d3798b7533282dd81ca64dfe2b718

SHA512
1fcfc56aa89ea004f6582687fb4092838fb4f36498b98937e9146cbeeeefca7672ac69d14db53ec9ebf10c9dcc961493dcf3f7e3c256fe230bb338add1226aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94133c491567ed48_0

Filesize
2KB

MD5
b600c9f639b226a5844b44775504483b

SHA1
cd7912a443112bb4b68913e74721cc816411608e

SHA256
4178b3bc874b01d716503f0093411a5e5bfd5120060eaab7f3f3dd92bf498e7b

SHA512
0cddc909ddd8bee310926a8feda6a7a8516480a07e8d8bd1e80e31cb0e65ccc852e6d194075ee504232db1823800ddc37779232442780491ad04516308aa792d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7453820c35f296f_0

Filesize
5KB

MD5
9dc2c802626b2ecce80adc991e7293bb

SHA1
823866e2f77a37635afc8adfc1829f901a258fa2

SHA256
a44cd761b7c81d634014877f45d4ffccb15e25018412994c85fac034b1b615d9

SHA512
99c5e814245c2a248d116c61f1f10e249d49148cdea045d4ae4c17a179fe25df649f0b31fc69c47ab07ee7c175ff36a88af2a84c50530835655c7a98e6855eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a90b546f97b297b3_0

Filesize
1KB

MD5
447654043f26d3e28dde7bdabbee30ac

SHA1
e7dfd5df33a903d1480ee45e497c4fd1d97bf576

SHA256
3c2e9fa350844cbc96c8e10d51c29762ba92610fabc283a12b2f2bb0385c886b

SHA512
561aa3fde9f894928c67f7ba63866d43c7130e90c3a7262abb2c818653c83487b6aecb6d8804d76b268c7621573d63f8f4c647a75d7175b40d840dbcd70cb10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b17300b737972628_0

Filesize
1KB

MD5
789f67cc1fd5a1b02cbc95cb52c601c7

SHA1
3b8b622f47d3cbd3d0cfc718eaf6e73ec3461d19

SHA256
62890d5c0988cccaaa97828128625967e011ecc15be5e8689f42fef1ff38d1ec

SHA512
1204e5ffb15bd48f5c51b5ba8d5f54ff9d93062b7acca97a49b559861be03e35c6ac2ec33f3a0c815da1d6b8afb272e006d79a997896097652777754c8e2edd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3aab5a8dccfb4ee_0

Filesize
29KB

MD5
436b459f60a66c3544fddd59bf3217d6

SHA1
e038276756e7278d3e4be5a95a63f9b5aea381f0

SHA256
1ec016de8efd53ad2e800176935a3ad652ab2b846bf1aae58b07c5661925598d

SHA512
4563f3e75195827a172a14a8e8b627c0d124ee8cfb1a8fc64aba5a1d0a07d5b2cbe0c26cb3c57ec7b19648ac03bcdf48ba679fde7899400ac74f5bd673e25b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3f51dc4e02a4d1d_0

Filesize
16KB

MD5
14ffe1f25aa56004e599111a7cc02723

SHA1
0135cea150027566afdfaeda4809e3e2c4814c1f

SHA256
af2ba38c7ab1dc8875ddd0ce2bfcf09d254603ffb76e0e21d4e7fba24fdfd369

SHA512
d1cd7afb3876add0c80c11ff3ecf4ddcbbac3abbffef027c5065caafab90671161489835e2c83bf6323e974d53f823c56424f3d5834f3bb075d597a62756dc1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db80d672a14a2d79_0

Filesize
1KB

MD5
c5f555988e5e24a81a693ccb1bfd95cf

SHA1
31ac22a72197fdb499b67290de39523916a610b3

SHA256
1c046f7f732777a28dfab350df683b5cacd2937bbecc9e316927d8617f59e89c

SHA512
2412cca8e0a32938284adadcd68d5b0b93fd1b82ad529836d50dece58a95a92154027f90259a01f85e01e9e1b135cf7b4f416fc86e6549213b25bf11760f6fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e603bf1802f018fe_0

Filesize
1KB

MD5
dc92a89caae7f107d1210a9a4cbc5457

SHA1
3a2fff64e9d079e4bd4e14210f6f5d46dfd4507c

SHA256
f3ec46ffd7e8c8a682ebf0ae90131c40b7d041e4829fcb662ceae127bb185dbc

SHA512
6aa75568f6bcf71cd0d428af3472974b10af087916257aa01282345bdf6476e4e1f4c9fb625a23a6aa39a3dba08ac40fde144fe8f2f128c827e9a2a40a7268ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5c5b9cbc406ca3f_0

Filesize
850B

MD5
eeca621e553b8402204e094921788633

SHA1
687f1c05eed859e85dfc8975c58b02fa31f8dfea

SHA256
962dbbdb7eb0aef9e3b4c4dd1a5aecbf0763fec3235f2a185dd3b26263738c15

SHA512
77a4f71492ee93fe741d20f0240ef1247d8a35a419d5aa5c066c1f7b7a9f230d0b8dfd0a51fe9593fb45c18ad3ff784215a82d395c437c17de23d1b1be405552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee9f2c88bcbcaa20419d40508c6d9ea5

SHA1
3849f07650bb50552a28f810077fe4c5a939815e

SHA256
679c9f08aa365304f45ac73a669745579f8acd540c9e8ee7f7c1c1c833141a6d

SHA512
1238fe48887795106979aee1451d8509b32f60cc5bbca248599a80817b4b8e0d48309b492fcac4177c48b657f2b5b478b40cb9e8d1f1f21614623d54e2777ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0471fd435c9acfce9c1f6730a5c2b496

SHA1
08492009f4978918670388b12a711dfb2a14a53d

SHA256
02d9517fc788b3eb2c471e1374dd7afba79b0c469751f97ab383689660dfabec

SHA512
1cbc83220b0e42a17e2ac7421a86f83f5ddf29c177d195b0b358db3dac35b8418af5ad783e9871382193ea2060b3f6f082429f122543a083948f1de93bf9ed60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6642f7e8d551e8c0078e8591e400eb06

SHA1
19a085b476172f6a94763a3c99f0062102ccb0a0

SHA256
20dcf0f4473af0bea7612434084d77094ebfb4fa6682e1382086cbb88a9bd17a

SHA512
3bab52f033b520c5378ff29c39c87cec18e587185acb1d42d84dce9e4962fd657bf52224163febaea2f226c875288854bed26312b9a7c6ab5acdace3a24f5202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe521320dfedf43a23eadb24dad7face

SHA1
52184c31f4e023940801dd2d4e7b515f875d565a

SHA256
1a1e3bb2316f08aaa790f3f631bc1597f6eed85422c5935c210f1dfcf0828b64

SHA512
e37f168abe7ec296985deeff97487930926262e422b78fa6a203e1a145dbf28647ba56d8e5f7364ef3a953888410a011f2e8faa217c6470356bb72d7860b2fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b4ba46e17eb9bb41867593c70d916204

SHA1
6ddedf1e4d9f95d943816e2eb0e806b647bb5999

SHA256
111f6a961d9d02d7db9d79c05193e2a59aa351c9b1736c5cc81ece27fb97c8ad

SHA512
32d5f7c464d6726e4ea72765abe8b5810450cec234e71bdabe5d1ea65f3f8b5ce7d34e3556e7d98802e150bf1b9b3d63960871efd242dbfd2e9828de737cd8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cf5843d1af545c20d62693a08323e30e

SHA1
bf8aea796cc105a29f15ce9bd5c9ace226d1a879

SHA256
8962c6d2af28ff833b80fc39598c2e67d610b45a34e415fc5a121efda665ac1f

SHA512
0806a53b9edf3071a6b9e300adeb0ee0b43e219ca6ddb4dadf51231a460aa8a95542101d2049f215fca75332f5de46793e64086536e0367504dd339ccdbd7d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cabf35954e93f0e00e95e086602c8ec8

SHA1
16d604e3ab968bed5b5efdb849beb18636b5122e

SHA256
6ee4ff4971bae8c512c76489ddc33632c257b252608f3751639039a6400cd2ef

SHA512
43327b0d7f4bc108181bc7abeed91c1d072cc6fe4d4bb8fb6a25d7b414e6e3a9511f7fd6e8d1026ddd69ff8d2257fb24353a892411ecaed57d41ab79495dedd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
663B

MD5
0708057a28ebc3a75334988d12aef901

SHA1
bc868eaf68e3b45dec2df409a6ea40f701c60b9d

SHA256
84ebf656870006f0a37478b920439e6731e129f90129bc4126ab71b52a71e4f5

SHA512
1a8446f1685a0e76fbe1a8d34b2ff938848dcf453f883390629ee8fdd0a6ee75cb35371b649080c0496e47e0dba503fa471b556ca7e95d8e04d389eb8e7b98ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
63338af5fbecacb3d72fdb7af8d7c029

SHA1
c99f38e0d0e80027d1fca8ad4233649f753cfad9

SHA256
5c3f8edb1a235dc0d60162dd66f569c4201557c38500a5646b065f78aeb1b97c

SHA512
ed5616173958613088725e145c934daaa0b775df5c994cbb981a8c757cafed0faeb90dfed09e9666041f2f678523d1fbc01b2c0cf1d75205fbfb23f013811a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2e116e0d165c059107b095c7c9fc9b6e

SHA1
5d8474e4c48ea2a9f30e90a8265732f53d91ccb6

SHA256
3109b6cb7625eb60d19a81b5734dc82664c6c5ce375aca9ba2fe4b08a76d15f2

SHA512
caae8da3527bbb056fed1c0c918dc23e998b752e299ebf05bba4277e82eac4f69c76715b61162b19f5e2d951b072135fc47cddd5487eb6053948331627145e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a55841ef0d25cb24faaa94b0e1e1fd2

SHA1
fd51abe08df7a2e9ed017fe2971caac5699367db

SHA256
990ca33f9936e0d966e774e7676376c803870e8bb9054c1144ac613bfbbc5d6a

SHA512
7b4eaa30825536606ba2fc6a6afe06d2ef1ffbd56b1d95a387010d91cc9a8bd6924f029e4899eae327dc83c8fe3f282cafb395181a751991a86249f7f318b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c7cc90ad81780e2aa569340968b0f03

SHA1
ed2bdb39b24f1c091f48537648bbf609c650e1e9

SHA256
6c2ecc8915079bc3d070e320d15199a5a529724e693f27788a93cc02e1c48b29

SHA512
75e8572184b46f3ece35d8704c2e8519927b960127b05dcb26c5b1701f8bf480d1dabe70a44f13f4f91aec5ad8cce599b3932eeb537c3c5e2e407eb1e66b524a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
025f22cf5746292ba182bbc1038d062a

SHA1
9c55160d4f4df75d6e9f4890dd4a6593c029f4b3

SHA256
0e8d60847e7db5318bc5e8dab1d68f047ec7c2cc77ea5eaacb86c772aa70df89

SHA512
3750b3e9a811620bfe3b9be7b7ecea039f4353752e7207f46856675a9f8f21ca50aacfa2b5611a2f3445ae52220ec25fa5c8c9ec80c9530d3870a6d19c438aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b24c9209d2c583e1a3c9afd3332cd9a8

SHA1
5b932670e1ea70c9581999efe2ead79768436bcd

SHA256
6033486375eefb4d4c92a6ea623a172abc1a3d47ecb393c666f4a81642ebab53

SHA512
17ef045bf9606b80319bad3fa3ed27de2d4e935afd80a7e29c091d16fb97458de70f3ba1e7a6268591aac80cc80cc84ab5f4b74221258ba649d79977d2972477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d334aec4b9a6010736c298edf51cbd7

SHA1
26d7d2d5fc24d047e166acc5da111cf7a97ce464

SHA256
afde52cdbf6a4252826cb612bc445d62a8953eed4e015aef238d2aa2a246a7f6

SHA512
c7cf5e6d03e1886a5fda234cf39875629ba2813b66d0987fe61c03981d5a41f34876ecab0a515ae672e33a9a95274e0e247c6efc2e62166864093104ad579983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b80215490f4b88c3b3f0409c8dee1bf

SHA1
aca9d08a8327c8b28170fd4e8418e2f7dc7634e3

SHA256
e38a0da11c48d29c2388f2c6f46df77d6174d533f83b95d29acc67be89a01aa1

SHA512
9230f581d39bd543023e59513854d27c485a50c5418b23d31d06a887ced64335f064bc05f7f96ea857d32a11bab30d87b6e5f43015f189487e5215f65a353b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19c8975f9341b6368d3e6ab33793a98c

SHA1
e2e6768ff7ed24dfe2af613b91bb051029e3e919

SHA256
4cd14512d29e4e8569bf95d07ed794a2c093d33c01fcb2f0f9ea0ce1383dcdb8

SHA512
baeb07fce3b2759058ef5dc20a8f5954e0904d4541c957fe562d07bcc9bd48797c5a0399f989e408030cd1c1f163a9fca66ded5f82da3776ebb005b8d460ae1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa8c7f66feee42b267496e4c98cc61c2

SHA1
b3d0b57acfe4f6957ac9fd3d6fc265195e500a96

SHA256
fe8bceae5d9bb56c51b202a9bb322f5ed5fd8c2355e652567dd28b74a2e3b13f

SHA512
ce4550a402e37e07a5e76223c3bc4dd25cf4e8c154cddaf631ec280fa40333b73806048b74da464784d35b73a6dc8fa5c5942f4e3e6f1939435bc243b9f88779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b35bbfe28118177cf7fd96aa4f5968d

SHA1
04db71219fa45605676c8aa47509463ec9c68e1c

SHA256
cc170eec2e28c95be72d89325e028d61abd3aa9934c6fd7c553352b9aa487abc

SHA512
c79bbb55741c03a6f0f1a2cdafaeec0650fe9c4f96214f356bc1fa39f1af0d1dea1a2bb984d01ad25c387bd63356d3e1bdbea4d3b062e234eb3f7f0db27e97d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b47d4485602103f7227c98ca4982d3ef

SHA1
079cf37555d7a070f895c02c629bfc362e49818a

SHA256
5259b5bf0e1cbd2a0b044774e8127842559c820e3d06ad4fe01fc45e12db16dc

SHA512
04c28277141a77b73b0e94be980b08f4d1464d3a703435a5d37bc4cd1e72be2bb1cf19e99a6f4eebfe8c6d9f292b2d20858cac8b8e9ed58df1d2fa4e398aa638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c84bf7210f17cd966bb08035aa1c92df

SHA1
8890b7a0246d3039c1525efcf25c7736418421f6

SHA256
0ae630d859041c2cfbf1579c0a1ce9eadbea3899e52f77cf5f1aa66ef5251859

SHA512
649d227883db079cc0bce38cd9b301b84db75bde09b02c91d7a8fac12c9461241059fa918db7aa815fac6bb30bd62042564f4f1b7e036a888349d8d7f0541b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5206adb36511d0956e7fee705448d8cd

SHA1
5647b5ce66a2659da5a6623df51aaa66415d49d3

SHA256
3b455c71f55db40d358f47d938d77101f6dd0df6b20ab8fc7b5ede1b7da1edf5

SHA512
ea4f14dddff56c2c052e47523f96480767edd38cf37e2a895ed3e6b43a449ba035c2afc0d42749c3cf82ce8898cdd01923b97d8d152ced2c045e79f6948bf128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d22b2ddf838d0b6f553d3c44acbd2bfe

SHA1
3cb7ca9f57c824d30f37ced8f39f21d189ae88a5

SHA256
c9bd19c2359b9502a28ca049bcfffd8306a9d956bc7557d8e5c30b76d2e2145c

SHA512
6113dae223854e8d0c86cedd5d83ef3c6aba8069d4d9319a5e526294f194bf7618988502d35359773d6fdf8337844038e7f65e925ec26dd666f2710a3b2618ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb669ee91304de7416292c33d1ab112e

SHA1
4ea3bb8f397543a81c197fcd63c98048132701b5

SHA256
b207b564b74643450c3eb8d972f451cd220cb54fb81bb74fbc552e299b6a4f46

SHA512
abffe45c481a5e4a6c300035b0646940606b56db553d9554a22be6d1cc91bc33402cd580f8ab0bafe54e950f9d8751c303b18a57886c934877bf570f271ea060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35e2299c5b67c5a89fab92ec764b69ea

SHA1
850d871c77637d21dc03e3849229c2c5debeb879

SHA256
71b1598b3a4d4b40db57bfcf3f5c10b676af73c1674f4bd181b50ddfbdc3591d

SHA512
fb8bfaff6813c8200644136870d57076f271aca33e8f0e27d644a1fe2b2995b513012386ff459c4fee7d4e50602bbdbf1ccfbbdf67143e82f12be975a3b98639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bbf1b137251e232da99eb8d760816064

SHA1
b804a51ce11c03eae20e7ca910f3a07f71640d7e

SHA256
d98d5792f314497403577686de10d8cc524a0dce7e5bda377e23a3006b6058e4

SHA512
606e37f81009bf94c9733edc5276f09f302f12bbe00012d420a05880301e14e54d2f333074772f24318cff65082dc932ab38aa1db39595df5447ace3474c9434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
169b39296f3d21d0cbec182bc6b30f58

SHA1
c0ae8cd817f1c0c33612ddd1bee648d08da20348

SHA256
6a1b97fccbc435751f0acef958182280039dd9e830027895ef34573c14c12a6c

SHA512
cdfd04d7880b704048cfc964db569112b082286edd3864de4aebbba5090301596172dba90e48da967d9687fae000c3a04c1d36767d3d4d8c8335b7f94a15e44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca9dc95d8af8fb85e2010c8785a1e6e6

SHA1
134b7541aec6e789a5365b16bb701d4c0da67d46

SHA256
95b65a00ce0174ad73e9d3ef5dd0bc13eb9060ab83927092fbf4499a1ac46aa5

SHA512
04acf8e72d5e03a5eda3a742da8413eb8a336b22bbca01e35c3d6568f87576b8f7123dc4af5fc201f176798652f6cf7097ea26d8c08b586b64b588a95c27b3ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7474530e69a1f1a0ef037c21f2d4732f

SHA1
79e6bc91e69612c5513008dc4bd1eebc43579e34

SHA256
76ddfc2525ba12298af02f4b479a65c1b31be7334bdb85dfc254d98d4d8c26d0

SHA512
7c226f6895ee27abd2aed3d049a11492067c1b3b446fecf15037127226ec39d4fe22bc27fd6dbbc77c3c3602fa9e94a6529ae7cef261c70fe424f77faa3b8438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
604a5bff4db16022c438d46389b73e02

SHA1
b11039caef945544f072a9acce5fdfbd3b02ff3f

SHA256
3a2473a32aa432b486a27181871e44c6208ff90f6a6f8eee5c5b629e1dec4d36

SHA512
55f809eda9d633aeff2de79d98cc016d7c90caf20f67fa51e634c10dc31ca08a62b67cd23e25724aa6af6648207c546b264b15136ef868501a71af3915ebab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a997a31c0354b7a829f85860cc7fb3b0

SHA1
8194a54b66832b4981f2757bee1e3bf0d6daa72b

SHA256
634c651163173a357f6c5ae0ff5d55ee87c317de48961a51611483b1017730ce

SHA512
524ca72fe097bc9a61d439fe3bd673374def147726efd2599ae5b724919c9a562b5046fca81f30ae4806af901ff65ef6bf981685ff75d4b173d9025645ecac6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
410e25157b12f4d67edd646b51bc3dc8

SHA1
c5fad0e42c6818cf2a09d3d6197ff4f9a7cc3713

SHA256
dc86c14eb5b8d3a9920cd84c8852c3e72042648de5c10d73fe6c305aaaa787c4

SHA512
273497ca2950792a0ed7332ba9901ffb72c23306b3a089b86f2f953d1be0f61581ac654ac21025233ee29c0ff67d22444cea1d2d6cc6904189ab7516a803e3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8be0a5e8ba4fcbb9ad0e2d7820c59816

SHA1
e1933a51c5ea7597f1146a5f5b6671207d0cab6a

SHA256
852e859a310b7bbe199721d44a6da5bd80e609ec48e2517a21624bb90dba6bbd

SHA512
b6fe07b86aaf6f7b02b3e8e204e484a8666622a2e254656581bbde921b92dfb973789a7e78f7c5d844521987d6331f1b899b4eb6b21c1a8229a83ed444986022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
283e0d9244c7cc1006a4d8b3071202e4

SHA1
9864f7364538c3343a4f0b1448c43c51a6a4526b

SHA256
34ca715d4e29b3af99ec2339acd689067727d88488d70c1cc94e32db279a5f5a

SHA512
7af0249a567542ee9c6fd063ceeff1b8c6dc6feb3daa36b624d8bf3feed1a01b704ce607780a293eb419f46aaec0b684823c9100d494093dc1f67c401cb3339c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfab22a13824d6701d9c3b7d94c6bac1

SHA1
43c3429e8640710999de265938243e5312f68156

SHA256
bc8781e9f966c689f6708909bd3dad8315b1b4d3858625b8c91e37845d7a9ec2

SHA512
bad699b79263c0c9eb3028af939e1e4643dd7f486c29c57debbec99ba36d329c5130f7d0284ab1e8d19586ef519768f5b8a125a583ad03077fa64b2df21d70f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af462767156af33fbf33d3412f5914dd

SHA1
c59e67128e7603a1018f0c4332fb8d8fd395ab5d

SHA256
1e87d4404aa9c91ab7fe18cb8c998f523b29fffe58f62ba4c927e52c7d58f0a6

SHA512
37e5d96bb2ed69df909fd9169aa0381faf57443d4230f10ea34cf1a404c9180beca13bcc8426b055136046eb9d2a3bb5342203ce78841cd088658fdd10e8038a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7910a67bbd9291c3fe3cb0c46ea952f9

SHA1
1cf4bdcd336dbfec78a3db9549a5628d89a670ca

SHA256
167a2354cf57203f79cddcffe8018dfafbdb01515811fca2812115eb236b806b

SHA512
daf4a6defed19cd60d2a4b657878e2b9b36646205f12142455db97db78669c169d3423e8a3fd4f28d9b01cec39e250a638a3f504e28527731ff1448df8ac6c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582cb8.TMP

Filesize
1KB

MD5
67879dc34dc3ee07a378dff1cc5e9b34

SHA1
bd8567fc0a172a15ed6a88d082616189fed9dd3f

SHA256
401f8a75c4415e0fb4b488f5d6e576884c4757f714a631a213b0d6e495cbc15b

SHA512
e42ff1c574d831a4769d56ec765059c7661beb70a7bd13a1e2187064a44d5eb35572f2e6416941a7239ef9113e6bc47e473c42802eb6626757ced8fa5c65623a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ec142244236092094ea087128b7244a

SHA1
09621b43f24a61ef35878bb6572148b3ea713378

SHA256
f0a2d5aeefe216024154349ca85e31d46b8b6959e3ee24ababd94f0e177ef3eb

SHA512
e310ce6a4d107056af0eb114c95429e8d547f444cea4987b2c4b0eaafbaa1743dc103ea5e2df9c7efce9e87b0d3b33b72dc680cf00db79f4138a3c5ada2de5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
52d42103b7cec7b38c99d8aba0def38f

SHA1
498064aa6c119a8e9609da24f741e0643b67209c

SHA256
6358161a9ebef1bf2303359636de3a791ed52aac8f4bcecbdf34f922e31cc1f4

SHA512
8db841c221554676e952af508a30b56b9ac41ee1d30ca0e53b0838e8a8cdb25bf4b35a0891862abd95a4f99aa74c7075652e6df1c4a4b1ca20172b1676b0fe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7f559c0edcb0d7cea6f545b23b733f0

SHA1
02c7b3e584e326d2efa4c084b6325eb9e2b7ae38

SHA256
27e9a847be7c1a2cae9a6cc35ef4717e1eb4ff5adfa59dbf9622bff24f10e728

SHA512
87919993f9855353e08234f883db3592326a2cb5896fa61d235dad481a9c86a1ba6501de93c07c764d4e2a64a24d374d12d8eb780c1873e42064bb2bcb55d380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2898abae2b393ebb565903a176388f1

SHA1
0977c83621124aca967708e35305fde595b419bd

SHA256
8862a1bb8ef61ffb644f715ed3572f9662a738eefd11fd4a4697dfd8dd132606

SHA512
08c6bc57f2f5ef09eeb904e3494253ab092730a58e8b6811860e689e2dfb77cfb94624a806b1dc88bd7d00ad63310eb0204d9e2f47f7c61a7097072649932079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13a3ef1f01f3fa360a5900fa96390906

SHA1
e848023b9a5896d9390f04b4b29f5eccb4af0d65

SHA256
9b75c07194c675451b1fc75654f2ec4a3ea84dfd2df07350eb3393c72b3c4b43

SHA512
44d15ed532fe33df6bf871e9cffb8b2b7f7a29e74a6e3417474f3420b260dbd65910773c41a85abc0a4d783148bca8cfba154258b936fada4034dcdf4a2fcd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56ab5fd65a8e3befaa7bb7f89e9c4ad6

SHA1
fd7295f28d9e21e3905fc746cfed9b59192d0cf1

SHA256
40c7bedac6ddfbcb3da24cbf7ef248981ea596d5533541c99c741e8d540633fc

SHA512
4e11e38e58152110b8fb757f491837cbfc572354a7aba0cd8debd5d34a10494b28dba41b599fb860451f3ff9e3e550b50d575ab533171239d8af174ad1b7f61f

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\AppxProvider.dll

Filesize
554KB

MD5
a7927846f2bd5e6ab6159fbe762990b1

SHA1
8e3b40c0783cc88765bbc02ccc781960e4592f3f

SHA256
913f97dd219eeb7d5f7534361037fe1ecc3a637eb48d67b1c8afa8b5f951ba2f

SHA512
1eafece2f6aa881193e6374b81d7a7c8555346756ed53b11ca1678f1f3ffb70ae3dea0a30c5a0aab8be45db9c31d78f30f026bb22a7519a0930483d50507243f

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\AssocProvider.dll

Filesize
112KB

MD5
94dc379aa020d365ea5a32c4fab7f6a3

SHA1
7270573fd7df3f3c996a772f85915e5982ad30a1

SHA256
dc6a5930c2b9a11204d2e22a3e8d14c28e5bdac548548e256ba7ffa79bd8c907

SHA512
998fd10a1f43024a2398491e3764748c0b990b37d8b3c820d281296f8da8f1a2f97073f4fd83543994a6e326fa7e299cb5f59e609358cd77af996175782eeaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\CbsProvider.dll

Filesize
875KB

MD5
6ad0376a375e747e66f29fb7877da7d0

SHA1
a0de5966453ff2c899f00f165bbff50214b5ea39

SHA256
4c9a4ab6596626482dd2190034fcb3fafebe88a961423962ad577e873ef5008f

SHA512
8a97b2cc96ec975188e53e428d0fc2c562f4c3493d3c354e316c7f89a0bd25c84246807c9977f0afdda3291b8c23d518a36fd967d8f9d4d2ce7b0af11b96eb18

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\DismCorePS.dll

Filesize
183KB

MD5
a033f16836d6f8acbe3b27b614b51453

SHA1
716297072897aea3ec985640793d2cdcbf996cf9

SHA256
e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e

SHA512
ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\DismHost.exe

Filesize
142KB

MD5
e5d5e9c1f65b8ec7aa5b7f1b1acdd731

SHA1
dbb14dcda6502ab1d23a7c77d405dafbcbeb439e

SHA256
e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80

SHA512
7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\LogProvider.dll

Filesize
77KB

MD5
815a4e7a7342224a239232f2c788d7c0

SHA1
430b7526d864cfbd727b75738197230d148de21a

SHA256
a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2

SHA512
0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\OSProvider.dll

Filesize
149KB

MD5
db4c3a07a1d3a45af53a4cf44ed550ad

SHA1
5dea737faadf0422c94f8f50e9588033d53d13b3

SHA256
2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758

SHA512
5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\dismprov.dll

Filesize
255KB

MD5
490be3119ea17fa29329e77b7e416e80

SHA1
c71191c3415c98b7d9c9bbcf1005ce6a813221da

SHA256
ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a

SHA512
6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\en-US\AppxProvider.dll.mui

Filesize
22KB

MD5
bd0dd9c5a602cb0ad7eabc16b3c1abfc

SHA1
cede6e6a55d972c22da4bc9e0389759690e6b37f

SHA256
8af0073f8a023f55866e48bf3b902dfa7f41c51b0e8b0fe06f8c496d41f9a7b3

SHA512
86351dc31118fc5a12fad6f549aa60c45ebe92b3ce5b90376e41f60d6d168a8a9f6c35320fc2cdcc750e67a5751651657fe64cf42690943500afd0d1dae2cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\en-US\AssocProvider.dll.mui

Filesize
8KB

MD5
8833761572f0964bdc1bea6e1667f458

SHA1
166260a12c3399a9aa298932862569756b4ecc45

SHA256
b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5

SHA512
2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\81199781-609F-4663-978C-77D89E1FC0AA\en-US\CbsProvider.dll.mui

Filesize
53KB

MD5
6c51a3187d2464c48cc8550b141e25c5

SHA1
a42e5ae0a3090b5ab4376058e506b111405d5508

SHA256
d7a0253d6586e7bbfb0acb6facd9a326b32ba1642b458f5b5ed27feccb4fc199

SHA512
87a9e997d55bc6dbd05af1291fb78cd02266641d018ccfeb6826cb0de205aaf8a57b49e587462dbb6df2b86b54f91c0c5d3f87e64d7dbb2aea75ef143c5447ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RQMCFBIWDOZWI8WBJH5H.temp

Filesize
10KB

MD5
916db49a8bc5571fca926158160efd1f

SHA1
85dea056e6702a78202b80c6616dd035e7da22ff

SHA256
199763d25b59ed1314c0e16186c1e440fe3c3865258bfc79cd54ac7fd7297979

SHA512
bd8b33aa1c84ace75907be2dd5963a8b81a15473a121b337b644e78b0432b58f44bf07e04ea8a3be5ad3288c4fad71108ccc4551832e2e86ed6315d05a3fbd11

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 588555.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 834412.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 877854.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
2.1MB

MD5
d2ee573f27476c728c55d39f2b68ba4d

SHA1
363627843de93afd9007fedecc750671e3b1496d

SHA256
671aab2b4b60f4dad7cdb424da86d396e7f05496c964a9f1e9e3561f6def8289

SHA512
e4eaa6a36fb95a021351296b3f8d20bed81d4b968d3f1663d8bd92298ea095e8d0f2085e2d8083e7e9ddd5d87206da04e75be1b975f0378cbde845a6e96bf2ea

Download Submit
memory/1184-787-0x0000000002400000-0x000000000266B000-memory.dmp

Filesize
2.4MB

Download
memory/1552-869-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/1552-817-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/1708-1572-0x0000000005FC0000-0x00000000061CC000-memory.dmp

Filesize
2.0MB

Download
memory/1708-1566-0x0000000005FC0000-0x00000000061CC000-memory.dmp

Filesize
2.0MB

Download
memory/1708-2029-0x0000000005FC0000-0x00000000061CC000-memory.dmp

Filesize
2.0MB

Download
memory/2592-2031-0x0000014E9AB40000-0x0000014E9AB50000-memory.dmp

Filesize
64KB

Download
memory/2592-2047-0x0000014E9AC40000-0x0000014E9AC50000-memory.dmp

Filesize
64KB

Download
memory/4044-789-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download