danabot | hxxps://www[.]youtube[.]com/watch?v=-nMv-HTgL9g

Analysis

max time kernel
255s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=-nMv-HTgL9g

Score

10^/10

danabot floxif backdoor banker botnet discovery trojan upx

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000b000000023cd9-1418.dat	family_danabot

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x00060000000006e1-1692.dat	floxif

Blocklisted process makes network request 6 IoCs

flow	pid	Process
288	1336	rundll32.exe
297	1336	rundll32.exe
302	1336	rundll32.exe
303	1336	rundll32.exe
304	1336	rundll32.exe
306	1336	rundll32.exe

Downloads MZ/PE file

Drops file in Drivers directory 15 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00060000000006e1-1692.dat	acprotect

Executes dropped EXE 28 IoCs

pid	Process
5292	DanaBot.exe
3228	Mabezat.exe
5712	Floxif.exe
3112	Floxif.exe
3712	Floxif.exe
556	Floxif.exe
3832	Floxif.exe
4992	Floxif.exe
332	Floxif.exe
3920	Floxif.exe
1204	Floxif.exe
3012	Floxif.exe
2004	Floxif.exe
5376	Floxif.exe
1940	Gnil.exe
5972	spoclsv.exe
1200	Gnil.exe
180	spoclsv.exe
5192	Gnil.exe
5292	spoclsv.exe
2896	Gnil.exe
3136	spoclsv.exe
4692	Gnil.exe
5464	spoclsv.exe
2388	Gnil.exe
5720	spoclsv.exe
5736	Gnil.exe
1580	spoclsv.exe

Loads dropped DLL 16 IoCs

pid	Process
6068	regsvr32.exe
6068	regsvr32.exe
1336	rundll32.exe
1336	rundll32.exe
5712	Floxif.exe
3112	Floxif.exe
3712	Floxif.exe
556	Floxif.exe
3832	Floxif.exe
4992	Floxif.exe
332	Floxif.exe
3920	Floxif.exe
1204	Floxif.exe
3012	Floxif.exe
2004	Floxif.exe
5376	Floxif.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
286	raw.githubusercontent.com
299	raw.githubusercontent.com

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00060000000006e1-1692.dat	upx
behavioral1/memory/5712-1695-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5712-1699-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3112-1703-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3712-1706-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3112-1709-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/556-1712-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3712-1715-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3832-1718-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/556-1721-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4992-1724-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3832-1727-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/332-1730-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4992-1733-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3920-1734-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/332-1737-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1204-1738-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3920-1741-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3012-1742-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1204-1745-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3012-1748-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2004-1749-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5376-1750-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2004-1753-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5376-1761-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	Floxif.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 13 IoCs

pid	pid_target	Process	procid_target
2196	5292	WerFault.exe	130
3628	5712	WerFault.exe	152
3204	3112	WerFault.exe	155
1160	3712	WerFault.exe	158
1512	556	WerFault.exe	161
5216	3832	WerFault.exe	164
4496	4992	WerFault.exe	167
6056	332	WerFault.exe	170
5124	3920	WerFault.exe	173
2288	1204	WerFault.exe	176
5360	3012	WerFault.exe	179
1932	2004	WerFault.exe	182
5352	5376	WerFault.exe	185

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mabezat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 148941.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 722288.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 279323.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 348649.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 3204.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 467077.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 604253.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 478564.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 708709.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
740	msedge.exe
740	msedge.exe
1268	identity_helper.exe
1268	identity_helper.exe
5636	msedge.exe
5636	msedge.exe
5636	msedge.exe
5636	msedge.exe
2560	msedge.exe
2560	msedge.exe
1468	msedge.exe
1468	msedge.exe
3276	msedge.exe
3276	msedge.exe
5636	msedge.exe
5636	msedge.exe
1940	Gnil.exe
1940	Gnil.exe
1940	Gnil.exe
1940	Gnil.exe
1940	Gnil.exe
1940	Gnil.exe
5972	spoclsv.exe
5972	spoclsv.exe
1200	Gnil.exe
1200	Gnil.exe
1200	Gnil.exe
1200	Gnil.exe
1200	Gnil.exe
1200	Gnil.exe
180	spoclsv.exe
180	spoclsv.exe
5192	Gnil.exe
5192	Gnil.exe
5192	Gnil.exe
5192	Gnil.exe
5192	Gnil.exe
5192	Gnil.exe
5292	spoclsv.exe
5292	spoclsv.exe
2896	Gnil.exe
2896	Gnil.exe
2896	Gnil.exe
2896	Gnil.exe
2896	Gnil.exe
2896	Gnil.exe
3136	spoclsv.exe
3136	spoclsv.exe
4692	Gnil.exe
4692	Gnil.exe
4692	Gnil.exe
4692	Gnil.exe
4692	Gnil.exe
4692	Gnil.exe
5464	spoclsv.exe
5464	spoclsv.exe
2388	Gnil.exe
2388	Gnil.exe
2388	Gnil.exe
2388	Gnil.exe
2388	Gnil.exe
2388	Gnil.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: 33	3952	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3952	AUDIODG.EXE
Token: SeDebugPrivilege	5712	Floxif.exe
Token: SeDebugPrivilege	3112	Floxif.exe
Token: SeDebugPrivilege	3712	Floxif.exe
Token: SeDebugPrivilege	556	Floxif.exe
Token: SeDebugPrivilege	3832	Floxif.exe
Token: SeDebugPrivilege	4992	Floxif.exe
Token: SeDebugPrivilege	332	Floxif.exe
Token: SeDebugPrivilege	3920	Floxif.exe
Token: SeDebugPrivilege	1204	Floxif.exe
Token: SeDebugPrivilege	3012	Floxif.exe
Token: SeDebugPrivilege	2004	Floxif.exe
Token: SeDebugPrivilege	5376	Floxif.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2928	740	msedge.exe	85
PID 740 wrote to memory of 2928	740	msedge.exe	85
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3720	740	msedge.exe	86
PID 740 wrote to memory of 3252	740	msedge.exe	87
PID 740 wrote to memory of 3252	740	msedge.exe	87
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88
PID 740 wrote to memory of 2632	740	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=-nMv-HTgL9g
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcb646f8,0x7ffbbcb64708,0x7ffbbcb64718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7292 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5292
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@5292
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6068
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1336
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 464
    3⤵
    - Program crash
    PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7648 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7608 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7616 /prefetch:8
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7472 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7852 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Users\Admin\Downloads\Mabezat.exe
  "C:\Users\Admin\Downloads\Mabezat.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 432
    3⤵
    - Program crash
    PID:3628
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 400
    3⤵
    - Program crash
    PID:3204
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 400
    3⤵
    - Program crash
    PID:1160
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:556
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 400
    3⤵
    - Program crash
    PID:1512
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 404
    3⤵
    - Program crash
    PID:5216
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 400
    3⤵
    - Program crash
    PID:4496
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:332
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 400
    3⤵
    - Program crash
    PID:6056
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 400
    3⤵
    - Program crash
    PID:5124
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 400
    3⤵
    - Program crash
    PID:2288
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 400
    3⤵
    - Program crash
    PID:5360
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 400
    3⤵
    - Program crash
    PID:1932
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 400
    3⤵
    - Program crash
    PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7824 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3427861309707921673,8157567096689654514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5972
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:180
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5192
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5292
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3136
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5464
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    PID:5720
- C:\Users\Admin\Downloads\Gnil.exe
  "C:\Users\Admin\Downloads\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5736
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5292 -ip 5292
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5712 -ip 5712
1⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3112 -ip 3112
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3712 -ip 3712
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 556 -ip 556
1⤵
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3832 -ip 3832
1⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4992 -ip 4992
1⤵
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 332 -ip 332
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3920 -ip 3920
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1204 -ip 1204
1⤵
PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3012 -ip 3012
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2004 -ip 2004
1⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5376 -ip 5376
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\System\symsrv.dll

Filesize
72KB

MD5
ccf7e487353602c57e2e743d047aca36

SHA1
99f66919152d67a882685a41b7130af5f7703888

SHA256
eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914

SHA512
dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
49KB

MD5
65da8d6932ad74d3b51694b5a28dd0bb

SHA1
aa6e37cdacda153f499c299299a4dacf50c93765

SHA256
309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482

SHA512
bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
242KB

MD5
afdfdba750d77a65fedd390d20a727bd

SHA1
b7948f70661731c45fd41e8be62be134865fd299

SHA256
5d23ab16d09cc8960ceab365597dbb3ae198b10ff61adb3ef2131a63fd8a0075

SHA512
6a7469772bd4815f5836864cb21bbf3d4a3185a7c88ab927107252e4403a90c90ba113dfae87734ff3e3edf8e2320b684fdbf463da2be1cfe816c73d4272ed92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
34KB

MD5
796cde84f96aeb0e7938a6449c5df98c

SHA1
bcfe2832173b772cf4ac08aa90a45550dd54f96d

SHA256
d4bd3e815320447860e0564ac090789168e4b742484a19a05824992d6984f38c

SHA512
ecce78771f99bc03e989abb43f2a10b254aa49bc35faa6d49c95304388ac2b054c3b513c7bbb14730fb14d0563712c1fc0cb376f5a298e8ec17160fa69033be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
34KB

MD5
022b55bf2e87557e4598d3efc85b20c5

SHA1
3212e3e3d4b0adb40d3eb18fce62f65082b260e4

SHA256
1ca0d3ee1af6602ff407b8435f010be0cbbdf2447f8b1a13495cbfa1beaebb5c

SHA512
f9fb708bf3e9771b87f5661d8939649f342279583146c47ffa62a8c29d678e957b283d479666191a92559762725f2e1349de40450fc04d2decd79ac5fb0ecbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
36KB

MD5
423885818d67bfcf00e21be13f6f3a71

SHA1
a79144758af1204bb161fcd79e74c1f692afb7a5

SHA256
5bb552beb00af20a3a39660decabba8520cf53ff43594d1cd923f9217081d169

SHA512
99343f25ec96fe803d57a1787ceff649a5350de6e5624990214d604cdd6cb3a4c5a8c069a024712c83e70ab91424ac1ac1f7d3c7e16f9fd498342c46ded593a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
20KB

MD5
fe6e182c22ce8e0fca04e21242825a4b

SHA1
363fb33914dd0ff41a473aa2fc0f3d8e11670384

SHA256
6648d0b2d3cfade77810ab3e50524488fb4aa8e0dc843c66782c8742149d60ff

SHA512
7442d0b86bfa2386a8712e70a7af21adf0494800d55a518bf3bc1ad55a9f24a1c448c99e4ea5e5a9412105398b68255933a262a8ceab103b676645de039f65fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
141KB

MD5
de8d08a3018dfe8fd04ed525d30bb612

SHA1
a65d97c20e777d04fb4f3c465b82e8c456edba24

SHA256
2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb

SHA512
cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c6469adda0274150077a14f17214745f

SHA1
602aa4b6582d5446c26217f088976610379bdb50

SHA256
5ee2a3fab20ee6ed149cc8eb06b5859221e72c467bd4930a6544ccd56cf6f44f

SHA512
67b031c7d85eba9f9db076942ddfd6896a19d43e26258dae267d06dd5c8f78374481f91b78e98665e4d685559ec276ac6df8cc479b58fc7763cc4f36302b2417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4f56ee234346b0002946380f386d1a96

SHA1
1408da169433c7d17bb0d216eca5c4ed811e4341

SHA256
2582175ce65748271db7a07184ec2371b8a30c98580ab89e72ba9fbb3da08d9c

SHA512
501babcc4dec52386f7d707e700526639e4bd090520ee88f64a3e01344585942eaeb17aa4af12949a1d927f8ec6ce29454a7a3206b0c7527bac378205c81f7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
226ab06d349db5903b8f84269c4a269d

SHA1
9bd77b6c4c30a4c261875425f1035245236a4be5

SHA256
dcafaf058f39516854253ea7999412c3ee823ef67f56d8ceb7e1930ab3cb6c52

SHA512
e04002bf14364061c716094c55356c5979487e33a7413ea132c806add2d9bad6b9a808150b444afb4a77d089bf8a3cd3597ca336b0bde0301120770452be5f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a2c41f21d5032dab166dd10abbdac729

SHA1
bd6b4dee1a673142c6ca96547e49780621967710

SHA256
9a80bcef063b8585f71cf1db7185733892186e1ef942a7990d3b960339b167f8

SHA512
3332eed97c032669ee9c7be2ec8c8ace23e09387235462121f312487838d08130cafe0d51bee24c65e08f0b202cac2f26c24771fbd2a995acab1b9a15d0ac4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d87f4c390ef4ad2ecb97359f0f9b150b

SHA1
36377080beb52c986457c80c51cf02c8e82a0e11

SHA256
a9ed1c56a0dfdf3e11602fb91d8e5ea035492fdf406e6928ede08a36cb842e9d

SHA512
05b3544bff14eb133c99f0893dadd1c2b99c4625b2163efcc4d897d90dbe4adce5e6ab5f1d3106816d8d7d2b9cbabbac443ae76d098bdbaa2c079137fe2b74da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
733f5896e11fd7c40a5ba988bf00fd01

SHA1
da9d7ae9a41959b9be011bba2b1db907db3a2185

SHA256
1e2c0e68a654af4396ffed87ef05e240bc2b20923400b81867dc2f4b9358fbd7

SHA512
21859b38582e35859d1226b74657894bff5f224fff6318c62e31006da5320976b9df3cfb8f35eaaa292e44c1968718533d70634c23d1a731cb0da3e9951facd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cd9cb3c7ee13472e9cc722ba8042ff8e

SHA1
762c167802cc897f146db32d2f3a4222e9d69b04

SHA256
774eaf37310a34f91a443d75b038ab54cd3504821e6fbd22a3d92bb8cd25b959

SHA512
568ecadf483e3abd2badaf3e403246e717cb97fb0516d888d8910072a0b043d2f575cefeacfa9ee3edf52288be661cec97569d49dbc5463a3548ff7f0746f879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68fec6bdbdf01ab613faa4ae83d3cde1

SHA1
7bcee8c189d2c44cbd905d99387aaab8cde6cd18

SHA256
85486f0425423fe31eac6d81fa6dad0605cc8fabbd4f71b75ded3c1c6080e23b

SHA512
8e0fd2d1586fd212c06f6afd6e20ac9e02c480d2a0ad47c41499b459d5bca5a806c5b4877312c90be09ee538dd96d441b72cfbe4e8eae10ed221521a94765c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b8423a12094316dbb9d8a1830bed20f

SHA1
7df41d93e3664d962fd49dc7d5493e76872e518a

SHA256
cea5be49bec4b006284541a13b5c14dcf285896e1ca83bd0c445311a30d86d20

SHA512
7b8b8af0b8b4484c687e75a756fe6d208b4f3107fbe3afbbada01836e0aba6e82cef4c9ad8773373d784f3394d39f4e81fe9113eba18114c4331692260779024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae75bfb102719eee10f3e48219a3ce5d

SHA1
1820531aea72a3c0f29a736b91a1aa13b57ff937

SHA256
1ac4666fe7cdeb3f04582cb16fc21bf17c2b28331c1e74171907969011e38d93

SHA512
73aa593d68fd5acc20bba7cd02a71f3179ccf346daa1f1803146ad2d12411e24c7657e8b9121518bdc1582a54fed8145c8444bd831b7ffa5fc778cd69747edfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
084425b428eecf853d706549010c55b5

SHA1
3657bf9bc8045135ef540fbbe90eef7cdcfd22be

SHA256
2dc5e0be6d5d077663f8987c1fe89760d81b1825bd5c294edd10a43ee855a94d

SHA512
aceccb126300944a73a0f190815db8368bf51ff338f456e5dafa49917753cf93cb1a7de447420822a44c36d34a2c4ef38275df0c732f0dd6187f71869a1e670e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d9800ac-27b5-4bd1-8804-ecea873fb686\index-dir\the-real-index

Filesize
624B

MD5
c803fa227a375f45a8d8106696992668

SHA1
635213fd8b1b2672d211bf7fb395cd144041ea87

SHA256
ba839c31d57a0fdac12fd37ef9bcaba893638a0b557fdb4e937991fa69fa5d4e

SHA512
874b4ab17d1960bc7d9e9a8b249517daf42fdd349dd6b45cb86660530669ccad9a2add5ec7fad384c38fd3a072938b4bbdd057c13ce0e74ef26e7d00268ca8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d9800ac-27b5-4bd1-8804-ecea873fb686\index-dir\the-real-index~RFe57edcb.TMP

Filesize
48B

MD5
b1c1ed10b00a6e427bd53c7c98b0513c

SHA1
8ea163d9977ac58b167a3ddb0863c4544f14b205

SHA256
427a103247e633a6608464cc37803ebdc2045c3c9b30599b6b1a08b7708cc1b5

SHA512
663f01775c91ac0abc954fc0bf59dc2fc6f335230f9cf107fca53f179a6dcbfd94b30437677332e619df2fb7e52f25a4d9ac3cd1c878a7b1ab67452140edd4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\74877d72-e40b-431b-847f-19b91eff7865\index-dir\the-real-index

Filesize
2KB

MD5
7a43ac697ab4bda75a3d399b3787bf87

SHA1
014b23d6887292f29f35db40fafad13e10baa119

SHA256
6704562ccfdf875f42cb1e417dd1bccd6005c40d3e17a8c6e2ea50d7ceb2effd

SHA512
57663b9561f6f6e7769f03167fc53c8fb197ea51f9490f0f6509d0e78074e352bb44c391f711be4783f5a4a654be14695e33b8a297a7986588e0a19e227fab5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\74877d72-e40b-431b-847f-19b91eff7865\index-dir\the-real-index

Filesize
2KB

MD5
85bb350270bbda858f9a3a40d360f797

SHA1
93e90c71c25662d212c64d6a126bbd29b324c777

SHA256
ffe5b5c5e9728e543868a312cbc9787c61cb80575ce0b496a7ad5edeedfc6aa2

SHA512
bad62049a48482794bb66c9fde1622ead9a6f68214241933dba2c607df45ad5eefa06cd05bd81f52c641a7b0a8623b603f09183d3270a102bbb7ab588ec243ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\74877d72-e40b-431b-847f-19b91eff7865\index-dir\the-real-index~RFe578dd8.TMP

Filesize
48B

MD5
9d74142291602f01cdc98fce83066249

SHA1
4c6c560880c171ac63a907804e1a7051d06ec37f

SHA256
e1c912566dd9ca31fa2ce94ab43d33b5623151f399200d57543fd42a934507a9

SHA512
f0d6db982d88837c440e60b768729a1378295be152414ea7e8453ce0ba1d946bdd25ad97d632bfdb5c83b3c7ca842f338c1c33196cf8657e185bb98676ddf113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e46a5c4b-a1b5-4f9a-b54f-7a90915b2450\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
2258beba7db511968c52adde7082ed1e

SHA1
fadb1cffc142773908e25016a9f2a087deecb3f2

SHA256
bdc19a544f687279db6629683bc7627eb9d1ba5ce40d4005b6ae2b127ed63917

SHA512
681b6dd582993b45f3ac53fabfebb65e03d1649c251155c71d32c02b433dd504a88555c4f16d2a9eb602701f6adb3da9d4254684efa1d29de457950963590e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
bbd774cd540162f4a5f204be93e01457

SHA1
719956457064022aac862c5704d801f6c440e8a5

SHA256
f8d04d899e117bdaf05abe3d2a65770f5974b3fe560b4960c5ea02f8c64cffb5

SHA512
fba5c5c8362c348389a011031e9c3ca2307daf943058c4e6a2069b7f7b90bcbbc4450b332959b8982fc45e0b1f0f7157aa6da85853f45ac043296caffbab161a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f17eb4036bb0fd11ba1d8c4b3929c6e1

SHA1
fac63335704d57cc826e5d2dff983b4415065ce3

SHA256
aa5cee34d24a356457cbb1777e092b1910e56e52001618cbe14787ca01310a8b

SHA512
bd7f526c37a0733b7c9659fe119167a9862caa5fc72b19ea9a0feaac1ea6df483bb1a0cf6a0f9d29249a2bd9dfc532401066acfcd117ba77aa2dce6502c3be8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
c75a3fb53ad1a6f361dae42d56dc1973

SHA1
8687d5eab407a132faa786d7afbe46e906f37b4f

SHA256
f7ce912a1f72dd4611929fbe05c9e2b617f681a993b5f277842c59385a01e828

SHA512
3145536a1e1da8679c7cfc095f704d95061ca5fb836ef1143ddb4f0f8bb59b4d6fb063938bd741419ae19b40dbc73cd8eaaac25ec1832916a693a3eeecd9a4d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f4fb255ab5f8d736ad5f6092377e561f

SHA1
2baa5d71f49df5d9be61d2610d8d2098fb7499cd

SHA256
307c3f46592ef7eeb9dfe2ebeec51cb86c071ab2eea803b57edb5264d0301406

SHA512
9a57abb170b6791359b004c9acbb4106ef55da9b3b7c1fab6a7b89bfee0c9451c2c598d735e220f87bf7afd98598c098cc3e69b96d45ce4e7e5d0c42f3a4aa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ec99fba159099b67e5189ad98cc2c5a3

SHA1
55211ea6eb2cade9fd9ae6e11176dcf8347f8cf7

SHA256
1b1a6ea510536c1b233bd55b9a069b9dbd9b45446839e11765888d37c9cac3ca

SHA512
e7352be97686df51b9073b3a6be19ddca1b46f8b47118f978aa499f4f99fb35d269012f96ab4624195d65a6dedcf17b0fb90525969bc849ff8f95a31b99df5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577956.TMP

Filesize
89B

MD5
a622b507120736cc30020f27464c8c74

SHA1
45d87427f072b8359b67e61f8411f164f40a98b8

SHA256
80dd8b89261294807accc2ecb46e528d3e545bbb4c351b2fe581c007dccbffdb

SHA512
2eb246983699ee756d2373d38c317b979403ff926c7c62d4e1492178fa164cca7f2633b27004a4e6526761e37c7e928f0f30d9978c5e5eefd29c0619028ed0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
df7f35a6f2f614c602ca4c4b5596e747

SHA1
20ab633c836923c687c91a80eca7e5b470e786f9

SHA256
82041689c66444beb300098763a21da03d14c9cca7f0ddc4e65bb0ff94598b18

SHA512
8304906d9eaa457cdd9f596fddd97acd12f5d093082086de653f9bca76b76fdebd8b571ff87cf3666c3b5f27797b20d3ae49564f848303d5cf544951b1746a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e436.TMP

Filesize
48B

MD5
5b90d0a9e5ac2f7018c7b761566efbc8

SHA1
ef9aac97b93f847f942a12cf865287becd288a5d

SHA256
42f607ac65e90a11e7f99a9d728ebf44f2d71885639202f43709e647626022d4

SHA512
8196914bc9383b3511506f0d62930c79749eb93912cff3d0d624ce3d4a55e10b59110493a44c85d55114c7b7bea9ee60852419a6d7e82de00b0869fcbc02eed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
70013fe923501f739300204b82aa73b2

SHA1
91405fce2587f071a5a456eaaa787c6ae8e4e9b5

SHA256
5bc8dfcea54e1ce1eaed2f841528310233d565ccc50f77723d8f45b2890ca6df

SHA512
1c9d4eab4c9bf3827956a62d1a686c1f6d5f224bd8f60eae8a1d8c6d1d0fcc9a6d2abc4035128f5bc837f8e961c0652cb84ac4604be8acd72ad3fec1d3c5399c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2c93a9f092b339d0587494e21a41c11e

SHA1
a5684be03963e2546fee2cda30ddaca38860e932

SHA256
562bfbe972e9da70174486117939c24c9a21d9fe0116465781b75aa1013c516a

SHA512
2444ed10323e60f0d14853baeda3035fb11be9fc5e48d0e5aefc0c5c577d9887430e240b9018435a361e2bfcf3952c6c8c19b3d0c5f3ad7a4d03f3f6eebda8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
62e91996a4f385d2e23f89085df28e18

SHA1
caac3ee6c63566fbf0fb25007fecc6a6f9382dcb

SHA256
965b1b0c79bd18eadee4c0e488a906c5eb18727c162f81c44df956eeb47a143d

SHA512
55e56d4a9d2822fcdb052d887f138f8c86433e45a711b42d6c76b0defed3721ffd6aea3df8d3b8efda74008b5fa6faf1a9ff0363921281b3a187e8b6a9a88048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f20f8bbd655b9c1cd15b894c5a15c08a

SHA1
748b3bb584a2e2e6a19431c78973347fe897e3ab

SHA256
2e0e173a05eb4fa33d417b87ad2825e00cf7d9171443e063ba8706724c28ac54

SHA512
c7299bc4971e7e6b8912c2c306ba546b76dcb2041907cf1fe242299f4e41e42e0ea517e36f09b2097199370a951b31397e6fb0217f09b2f959a82a94cbcef845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3cec9f85c808c2fc09d3578bc678712d

SHA1
1de3b245a7c9b65099c643f3bb561b432aef8d5d

SHA256
9c64790fb89dd88fc6caa91fd4f3f245d6c555e4135d82ed79209b00521b4012

SHA512
9b4042f57af1b713da8694470d61f92eb129f50916e9ac4c1c9a05902685364b663f7e346fb415288663309573968ceba5301ab8a43ee76dba9a53a86a20924e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7f35dddfb14ea0d308b6515d05644ef3

SHA1
e3e64349e892da89e4dd5344c8b7498bd6ac01ad

SHA256
37637ee3f81aa4070e655dd29b6f9ce78afddf1792d3f6bedaa1d879803702cc

SHA512
737756fe2e2499901645a8fd69f30f46325c90d9c80ba50090db832f8d3e1c060a162e6db35e06b5614dfb51b9cfa2a4cc7fcb01d8ce54eef22418cdef7587a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
678a24df5a019d010f96ebfd5e6b1144

SHA1
5286579b6a8493db9636b74760bf3a5a1588ae4b

SHA256
9af9dca02f6f361cfe04cb58c6175f52a3ee0b7adf30c83c297413760ce5b5a0

SHA512
16f35edc69835640ecb064fbbe3cd3d18874d16ee5fea30a8ab4177dea2731a5a149fafa73a1b26c90a1520b564429a45f0020f8c86751c0e0a71ff27944844d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
08485f2aa658dbd058d36c9b53cad186

SHA1
44059a30b75d8efa0b041cfcd683ef194db11951

SHA256
47f84d77a8b4312486db9e34cf9fc219487b38c9cd9f500b75e11d097732ea69

SHA512
84dfa3a5155a97e37a425cc6d290ef2a074371681a1fec5c24fb43d0362b75dff08e973d72cd6e24a46e4936f51f828e5fb922e8981727f8eee71c8e67ee8313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6cba22a8f11a616aa01eedad8b35ed88

SHA1
1f2a50d3554f1d0cbeb9211148e7a45a6bc4ac8e

SHA256
c891e12bfd1fc56c764cb93915ea00766dc952ee32ea6e59a70747703cb687bf

SHA512
62954ec6b9ba1fc51ec502f67d2add3ad45ce153b7c09280029d6288c8b3eef04fdc77a53da55e692fc1e78953200e0821a586a6bd882d8988252ad888a04bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0571878a8200c89ebf1e4f98585f4d99

SHA1
c44b33f1ae99594d876cf5fa7d5960beafe5eb36

SHA256
6dc5a469b9dbaf190dd5107fb8761507cd039f5c7e9c59263c66d16f76fc0ffe

SHA512
c5e0df950654a9c65e6eccb9ebe1c985f37d367cb0a5d9de0cce58b52332db35d4e55c55f8d32cf092718674a486572b4ce5287f1409a9e515ad798a127b5dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dd1fec9e41c4460a267a927872403e39

SHA1
deac0836cbf5e5fb0e32c7a6029142d67106f9b0

SHA256
f47c94879bb61a75afceb6efa1330b5acd1666562c11e69d1ad52d2117bc9a90

SHA512
9db6195191086be29e2de0a053138e104a800fadca0802ec19b64347e0267544ecd2bfed287da6b932c9bf1f25ddb820c9e0dd143af856f9da0c4305e26337f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
87a398421271bc73db1a9ad8e16140a7

SHA1
bae279f8893d6aef25d6ecf2af8b8bd821a1dd73

SHA256
b20244db42dbf057b9086b0e73c62aa424690b457664c486a5f60882aa20e496

SHA512
7a83c8a2719b99a67aaca5624e584bb7bbd7544a713e9519655d3bfc83ef01824051891014759eda0e869f5a8f58f3b3e8b2b8aff6f2c0280823b6e466d761e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c091.TMP

Filesize
706B

MD5
f1499e587f98fa2dfa3d1eb71c4771e9

SHA1
3337dd57fb0a28a965148f426c8c3f0bb6ff2fa6

SHA256
9a7fde6ecb08300d28c0cac05c1161e2bc81c38d2ac7ad934c12b2cfcf7153d3

SHA512
082cab930882c7067f1d1144f357ad35e0fd6ddeff5b98d44fe1084e4bdfcd8b8437b4b7eae33ed6f7c83ace595923618be4aaaf5ab0204fb26f9c30a74b0c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4172a10-5f44-4936-a6a6-dbda8ca292da.tmp

Filesize
2KB

MD5
9792623e4af74d15519398f3040c4268

SHA1
f2e9550b352076f5c64941d581b5d1299981c298

SHA256
3e6c11679cc9ece080080d2c1285bb97d63f5369001f59a16c27d8245aac4cb9

SHA512
14ee5f3ee4957fd2e6427185f277fd691271057c432a61e2d7fd2152e286a6b7b5e6c3ba0a0e2c8aa682789cf8321b8d6f74327f0a47b7c8acf30f26a7abcd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a87774f4-47c8-4bf4-b227-10531cfd4e4f.tmp

Filesize
8KB

MD5
faf6e68552eb0d3c946945fc504d4d86

SHA1
8c3e7af578156b8d344d4dfac14779cdc0b7878a

SHA256
80869b131866713c89494d2fc175b3782452a77177cde19e7d165a5677ed93f3

SHA512
d431f5cd497fc31e8a4b5ff0c03e5dbb24b7fb560ae63d8fceb3c439df620c6d4693d5b0833ef3dad998c3c06d24b26c0dd24c94af4b323d6a09a9d595e05031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e194fe1b-2405-43b3-aab4-863047a44a5c.tmp

Filesize
5KB

MD5
d2f3c7a0e57d3fa1b89f445da7a6351c

SHA1
8c9c980006ee4e7fd2bf9c9fb5b31f89d265421f

SHA256
bbe504bf002d86e4228c1356f95317b18e41a6a6babf638e9bfa074d8be6791b

SHA512
a9c3ec0a0444d0ac7b62344d10db569dc7697b9dece4cc1eef6020757797b4db24d910a6f7b9ecd18d2b5c10a502ef173b7791d9d75615daaa7f86faf8a02ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
037cbd5f19baad2f19a5f04d870a0c30

SHA1
bedeedabb3cfdad2e3c9a16525965716fba2db8e

SHA256
a058dbbca38a670ef19df31312701bc2b342b02bcd30031b11c1e0cb1abe2350

SHA512
56c5e9d37a27beb3a4a194cddeaabd0b0d887763b05ea310a45e789bffd7705622ed60fd433c58cb7d94f4659c823062c8b5e37329224388e15cf493f51edd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
376a0f7f0dbc7d4a125e3536162fbcc7

SHA1
c4362098457d6e139b9655f2666b3bb988af8d98

SHA256
9560fef45593462c5743de0a0d0a4f542e88879d3038acd99331e4d898293dee

SHA512
b3d6cf1d3237063edc396adea6887616e514515b0a5dfc0e2227e16b4f83e77612fccb25e35e277623ecb6c26d6de09bee083d0e0e98f23c29fb2148e1c9a8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0587628616046fb904e868908ccfed27

SHA1
6d2c7253e170bd1bd67c85da4326a659ca445ecf

SHA256
2c16bd2b521303ed5d1645309fb2f75177aceb05dbc0bce7c7f47e74137d3030

SHA512
0a5ef8499fb0fabc3d294f2f25e4717ca02aa4f38d69da0f4b8f2138181a2cca1c7401ac6db08c33110091405c00c1c1bc0fcaeea24840a0b7a90dc30958a8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a7ec73ced2cc0ba9ae773fd961fd90c

SHA1
f9d424cb5291213263c305f38125f51e46e1e5be

SHA256
2e70c56d5d99c245ddf5714e371a4fda262179c4db905c3af6368db014f78cb4

SHA512
a7ef270b0d88a579edc53c89d1ec7c587f417446fe8767e089715b73e6065e5ab8615a2ca3cc39aed10c267899ab0b10a8c1954537b202bdd92e0d8892976b70

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 148941.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 279323.crdownload

Filesize
532KB

MD5
00add4a97311b2b8b6264674335caab6

SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 467077.crdownload

Filesize
73KB

MD5
37e887b7a048ddb9013c8d2a26d5b740

SHA1
713b4678c05a76dbd22e6f8d738c9ef655e70226

SHA256
24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b

SHA512
99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 722288.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
memory/180-1882-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/332-1737-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/332-1730-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/556-1712-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/556-1721-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1200-1883-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1204-1738-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1204-1745-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1336-1458-0x0000000002290000-0x00000000024FB000-memory.dmp

Filesize
2.4MB

Download
memory/1336-1514-0x0000000002290000-0x00000000024FB000-memory.dmp

Filesize
2.4MB

Download
memory/1336-1424-0x0000000002290000-0x00000000024FB000-memory.dmp

Filesize
2.4MB

Download
memory/1580-1907-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1940-1863-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1940-1868-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2004-1753-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2004-1749-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2388-1903-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2896-1893-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3012-1748-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3012-1742-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3112-1703-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3112-1709-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3112-1707-0x0000000000960000-0x00000000009D5000-memory.dmp

Filesize
468KB

Download
memory/3136-1892-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3228-1624-0x0000000001000000-0x0000000001026000-memory.dmp

Filesize
152KB

Download
memory/3228-1635-0x0000000001000000-0x0000000001026000-memory.dmp

Filesize
152KB

Download
memory/3712-1715-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3712-1706-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3832-1727-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3832-1718-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3920-1734-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3920-1741-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4692-1898-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4992-1724-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4992-1733-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5192-1888-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5292-1887-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5292-1425-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/5376-1761-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5376-1750-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5464-1897-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5712-1699-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5712-1697-0x0000000000960000-0x00000000009D5000-memory.dmp

Filesize
468KB

Download
memory/5712-1695-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5720-1902-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5736-1908-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5972-1867-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/6068-1421-0x00000000021E0000-0x000000000244B000-memory.dmp

Filesize
2.4MB

Download