danabot | hxxp://youtube[.]com

Analysis

max time kernel
688s
max time network
690s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

10^/10

danabot aspackv2 banker bootkit botnet defense_evasion discovery persistence trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000500000001da64-1616.dat	family_danabot

Blocklisted process makes network request 10 IoCs

flow	pid	Process
193	5656	rundll32.exe
195	5656	rundll32.exe
196	5656	rundll32.exe
197	5656	rundll32.exe
198	5656	rundll32.exe
199	5656	rundll32.exe
202	5656	rundll32.exe
217	5656	rundll32.exe
223	5656	rundll32.exe
224	5656	rundll32.exe

Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 3 IoCs

flow	pid	Process
149	3300	msedge.exe
149	3300	msedge.exe
149	3300	msedge.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0007000000023e0f-1290.dat	aspack_v212_v242

Executes dropped EXE 7 IoCs

pid	Process
5568	Avoid.exe
764	Avoid.exe
5760	Avoid.exe
1896	Avoid.exe
1408	Avoid.exe
2220	ChilledWindows.exe
5388	DanaBot.exe

Loads dropped DLL 2 IoCs

pid	Process
4564	regsvr32.exe
5656	rundll32.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
162	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	3c436gr7je.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1468	5388	WerFault.exe	146

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3c436gr7je.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
5280	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{E1CC284E-26EE-4679-AA03-9BB4C4A96B75}	ChilledWindows.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
2564	reg.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 79922.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 623585.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 551066.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 561355.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5660	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
1448	msedge.exe
1448	msedge.exe
4596	identity_helper.exe
4596	identity_helper.exe
3668	msedge.exe
3668	msedge.exe
5284	msedge.exe
5284	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
1120	msedge.exe
1120	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: 33	4252	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4252	AUDIODG.EXE
Token: SeShutdownPrivilege	2220	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	2220	ChilledWindows.exe
Token: SeShutdownPrivilege	2220	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	2220	ChilledWindows.exe
Token: SeShutdownPrivilege	2220	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	2220	ChilledWindows.exe
Token: SeDebugPrivilege	5280	taskkill.exe
Token: 33	1284	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1284	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
5568	Avoid.exe
764	Avoid.exe
5760	Avoid.exe
1896	Avoid.exe
1408	Avoid.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
2220	ChilledWindows.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 3656	1448	msedge.exe	82
PID 1448 wrote to memory of 3656	1448	msedge.exe	82
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 2860	1448	msedge.exe	83
PID 1448 wrote to memory of 3300	1448	msedge.exe	84
PID 1448 wrote to memory of 3300	1448	msedge.exe	84
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85
PID 1448 wrote to memory of 4016	1448	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff575746f8,0x7fff57574708,0x7fff57574718
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1156 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,3509370746368794144,13349479664953288915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x428 0x46c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5420

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:5568

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:764

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:5760

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:1896

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:1668
- C:\Users\Admin\Downloads\Avoid.exe
  Avoid.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:1408

C:\Users\Admin\Downloads\ChilledWindows.exe
"C:\Users\Admin\Downloads\ChilledWindows.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2220

C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5388
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@5388
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4564
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 460
  2⤵
  - Program crash
  PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5388 -ip 5388
1⤵
PID:5804

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\3c436gr7je\readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5660

C:\Users\Admin\Downloads\3c436gr7je\3c436gr7je.exe
"C:\Users\Admin\Downloads\3c436gr7je\3c436gr7je.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:4852
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im taskmgr.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1468
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5876
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:2564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x428 0x46c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
243KB

MD5
166067ab4e8e0e4360a5ef617a3d9e36

SHA1
b5412c8099e10e7898e877f4a3e9b03582f08a83

SHA256
0573502902ebd67c929cfd48f869ff80dc91f340442dac9dd4099d136fe01fc9

SHA512
af9590fd696a7ded64245216ca22e8d8f39b990a191eb3402c755ec9233515c449b32c976793f15593d8134c1b7b16133bafc00be7a2e6b5a110a8d54977f69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
49KB

MD5
da6e34fae9b3ddef29ffcbbb0912d6fe

SHA1
2a5d74cae10d2a5ec12d5b6dbf042bfbaafd9336

SHA256
5c9383ba24395c1c8b5f9ae51d4290a98e4a6f3910d2c71d91399e7c4c5ae661

SHA512
1eed354367473e403f8ad55e8527b6ffe10646a436abd6b3c81cd1bd17107465bdddfb8a5507ba43904054f03678096780063f254619ac76f5a0c0839867ab4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
641KB

MD5
fbd295b721ad3d5804bdb2a278eea75b

SHA1
a3a9b097f14b9fdf4174d16c249764fc4a4778d0

SHA256
d6ec901270bc92b63f7e074e112541f2eac59e1e8e2fc05c7e8314281b621f7d

SHA512
73e54ed80d1867d318a5cbb6bd552b5ef58dd4cc8a45233796dbd9f5c44f02040761733b0968ffc6d322727f3f16001b943ae124e097904e1a22d5405ba70421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
34KB

MD5
19aae33887c6287c6db80d79cdd34f5a

SHA1
3d453a877bdff0097cf125addc8f5f1b85580362

SHA256
09c5b498a942533c54c94c229aa8129af67b0cdaabeffcf8ee6c03d04552ea52

SHA512
0fac3cf3a46aab179cf054de5544c19ecadd740f87770c5ea92ac665f7ec5646d29ef17ef4d9f4bc7889d8060431319b9fcedd59acb7156bc8c8df3ee99b83e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
34KB

MD5
08f9985e49aab1e6c5e9810ef6f8afad

SHA1
c0b6d51c227bbe3e7ae6151536b633c007d4c609

SHA256
ed2477616a2ca75ef014c2dd86b28c1d9a042c8df9bf72c76a61763d430d7f18

SHA512
80cd2c3133e37db5be277b48a1e3b1a319f305e52bff72ccd73775bed04ed64d7fa0a2ae24ac7ef5937257a31bfb7e19c2c95a851a52b2ce398bbafe4f04993d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
edff034579e7216cec4f17c4a25dc896

SHA1
ceb81b5abec4f8c57082a3ae7662a73edf40259f

SHA256
5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882

SHA512
ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9263ec3922f1b2de2f9d260e36498dfa

SHA1
b09c3085a259941ea053fc9c13d60300f12a7797

SHA256
b18bc43f41b63826e1927ef9bfe4a521654228954b7e629d70d9b86b201ed94a

SHA512
cbd4aec8025ab06891aee8f6d2fd4876bbbcecc819a88fdf391e65a408926d963381c612883c1c83eb231bd7b2c5bc3315d7f094f8081489495bc35bc15e589e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
870f23de0196501a09e753c76cc67232

SHA1
b412a6950caa62742403be7db7d8d64c5b38cee4

SHA256
be0f85cd08a126c33d648bdd0e35ffbc6672dcccfb8a2e9b3fa84a08424fba98

SHA512
63a606476cacf956ff4fd364f1f08ad3ae0019e1cc96940b39f0b5af4a4afe541fa79a55711b06d4cffc47d8aef91824ce5d7352b7f2227c4d92a84b24114217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
28c1170718d948c30d165be0a1adf5d9

SHA1
101f377f4fdfbd2fd29c8c68bd59ebc462401859

SHA256
8e97c1a58137efcb6eb05ca22b9755e2d8c023183dc67e243f0e7c9bf2ebb546

SHA512
dda0ab798ae28c34af166ed6bfb26622f8bd10e74ae53caccf3b771341960869aa9758838846f1a5b386482a60b72238bbfc34926a3256e1c2b7c9465a8b0948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3092db058004228a7833ca393eaf8dc1

SHA1
87515e774e941184880cb0d1684279cf02f2d894

SHA256
a930ec946b5bb4123069c70e4b3d00562b0acfd8ab1f61ac7cf06ffd9d8368b1

SHA512
aa32d553f63dc4483447a1d6f83947b6bb4179a630aad5b620a9441d541c41e183d5be1fafee5084591ea106652d6a5cad9002aa10abb192a665653bf57ec0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d27fe919c21a938f395bc87ba817c216

SHA1
d1dfedf8d1ddef27594452664d432a26589e04bd

SHA256
0c8e9063fec7e58fc1c53aa3f90aff99d7aacefa84e1740eb8aabc7d2fda8814

SHA512
90bb2d14cd7091038361ee9797d0c2e276b8d0ffa7b1d95113ec344352f74bccdc858e3777ffe991d796b8cfba76ec4dc7a1f1dfe76169f9a750390adec5b85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c6ae3b706a471fcc0cb53da7b1934cb1

SHA1
667003f1c6ceeb7f595c2cfd512d079cfada6247

SHA256
db3334f11f562703dec4ee6147d3334a48441be162092379bccbb059dcf00450

SHA512
646b8d33008fd86bd6e81d29f530f5ec8d1f2204517c99fd34c60671ca8503174b2aa5bb6ebc2a405d306c6cf4546711da4b564a62f565d5d0812fe79f529460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
927a27602daab4a6c447f0c307d613cf

SHA1
6dcf2e949feb0427a79cf1784506c66228bd914b

SHA256
b4bd14d16371a08d0376e3f6a2b19a97eea3f5d5466d0df5653344a868480f5e

SHA512
a1ed0af41818abec3c17c51f03a2432201b353996d256688d7acdc964c7a1a8075adccc1345ac9730e767dc248663f998d08c743e8957623ab6a33a1345897fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eef8082f090d166e2b9423e054d0a6af

SHA1
eec604a4acaba45ee62c085daa4834d254ae265d

SHA256
fffdaac96e5db2474a53067829802e9d02a71002cf54b8f57f30ce2b45ad9de2

SHA512
d16e73ac027534683050b4992f794e43de7a3de3e54ae59e090ba3dcfad36997163a14767528f83fe2547f70915d77fa1263a7d884fbe842dca4ef65d6f523b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
958b2c96dbbf8220f5612db0a2af7e4e

SHA1
5d8ab4f1d1f15eca1f58a1cb6d966c05be3ea772

SHA256
f0fadb4ec621f53337c134d8d7a4e24f5af102203c7145bf13a120c65a0429dc

SHA512
b87e6a1fb6d2ec61068e68452b129275a55c2722eca314ee6633bd1ada2e0b6df8084a530711e462b2b2eeec20596faba4835a21b86fb45db14432de1717f51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a34b9d6b586617eb2e1ab152b687f7f8

SHA1
b1a57f9b321385c4a252f80fabcb37b3a3d6aaa6

SHA256
34fff5c4df2793b5d07708b0c7fffa8f923157d16284ad112d806ff6b905cecb

SHA512
3b113df63dcdf3e83a931d4d8e8a6ee16dad917632b6b498007b72ff5e6559499be78d26c686c4d5a38b9d194638347fb06c160c3da37989d93ed6a79d344c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bda4cb0b5f193ddf9a1ead07355a5316

SHA1
7a9a17b809fb2dbccbc88a5a75cd613a66bdc487

SHA256
993cf95909f5e4e7e609e02fce81ea437b522af810c7a4bfcce32bfed8444e2d

SHA512
433dbca8132b2959e4f7f1c82f923d4099f5eebf8acea6c28ba001ac6808b3dd8e51b77ffda53388941d77db237c3619d65bed0e18b592eefc49a592bcf29f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b56703fae52f36c1703678d6200b1c2

SHA1
ce5edbb25e1707e224200875e100af02cd42dd4b

SHA256
8a0065edfb4a11d2bf110d687c66bfbe98c398b710bfa5654c872bb6f81ba219

SHA512
a906ecf39407e33a9d9a8844adef8ce0ebb518b4077f75fc8563f73d68bdcdd2ce199ed80637bfaad212338a0e04eb2bbea0b213986060838003777521733d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c041fabfb637141583f48a7cf70961a7

SHA1
e4af7a4c56098e2cba9fca2a0ba06930a9c41dae

SHA256
76278e7cabb7a89d5a68f4484aef7289bcbc4863dd01b4410bceae985b4cd285

SHA512
61f4dfe6048ea254c50285f9b1395e47ad2d73576d6d0f04af1cb2fbebf2645510db856096dbfd2f4af75f4b09928eadfe87f40b97fb90a87e83b533097cc81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a703c7bbb086d17aece5443b357958ad

SHA1
473de6aff7bda4291a2eb34d80bfdccb160a768a

SHA256
c2294fb41a25bfc4f59b9de2d86f66a3c1587c0cf11cd57d98a500ac812332f7

SHA512
9ce18a6e7c545c283eb51d0442bae3d198438622514745416af29be8d95fb78075f5bd03f13f3c782ef14a748272dee0ce62c286a337d1294e9a6b478a3ded59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d3da7f7a7f34e36860c85d74404cde7

SHA1
17eb7d9fe387dcb322b04ac9c17ba4585c976453

SHA256
f469dfcfe68eb33805748e69923206878c1474187c2c3f6f2d1c9e55ed3dfc22

SHA512
1128b859dc888220a268dd338ae0ddb6d1c7b7f2054d90ca1bc420395781ab8814edaf34cf197c6027ceff2a7581cb5f01452c43932bb73f4c400c81ffd6d09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90a179c159993f0bf1ddd892d3a8271e

SHA1
441a5eea0621ad5c49810152ad734fdd5b4808e7

SHA256
168b686b865567806d819f21a52cc3c0a32adb9a441f75ae6c9d7aeb9e031a07

SHA512
a0ef3433b9c271fd7045934fd4ba70b765eaed36d10a3146db18269dd5158e6a02f7fa70a1cf7a4abfebcc5bb6ecf873f4ffbed4af0f7f0a61cecd37e13735e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6603a5c7df38c814eceed78e911dab49

SHA1
d1eeeae7ffd4d9eded524964cf860323c8b4d25e

SHA256
ab33c3acb2dc93b6edbe4f93b1be8aa35291ecd838a2c67e36aeb06c14908a26

SHA512
02978ac168cdb7ed0ee3f62316d544fc473307f36f72056c762af4c4507fb7c0f08b4e9cc76550ba0742878b611313718ad00109b17d7d567b4b8bbfd18c516b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25f94d8b-270e-47f0-b639-55a5639e2dfb\index-dir\the-real-index

Filesize
624B

MD5
c52a9d3c1a24e9ce1250b6a5655d0422

SHA1
84c2aa6aec23d4531805f82f6886c88cccfb0151

SHA256
14315fc370eff6c0ab86804b40fb5ebbf0315f367d795b1fc7c54397bbd8cfec

SHA512
12bf9781162cd5b19075d5b4f81aec23ddf0372f8e49174ec8379e6c1f6a282f0d0193d449d868aa4c58428736e10c72c161849f391b0a917b105b2fe8bd839a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25f94d8b-270e-47f0-b639-55a5639e2dfb\index-dir\the-real-index~RFe57ef42.TMP

Filesize
48B

MD5
029040d77a0bf5782bc695e126dbd3ec

SHA1
c703fdf96bb06ef313bbddafa4b24d665f9a7ba0

SHA256
7f2dbaa2d364376ca10199a33cb56602b55c91f3f6a6acca5b65d131a3f9feb9

SHA512
70152f134a3c2504d77013342612ed8154db761fa15ca9068b01aa17744b05b56c04cdf534b34e3c28828a9095d0b26fbb7a70d3fe2bcc28423a179fc889066c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68a994b9-cd7d-440f-80f1-d2ee130e5398\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68a994b9-cd7d-440f-80f1-d2ee130e5398\index-dir\the-real-index

Filesize
2KB

MD5
77e3588b391c1d1ad66038ebaf3d0545

SHA1
9d0f633e3d9f59a15baf6b8122af82a4275870b9

SHA256
ff94ddacd1f014f24815258cba68981546691733ecb2516c010244e542c5d9ca

SHA512
4210e1c90966421a9f8dfc23ea5bcc25c356651334be93ca9a51ca2b7078971d774d1d442b626ce2d3244c4168c3edff847095879c58c69650cb19f44e4b7604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68a994b9-cd7d-440f-80f1-d2ee130e5398\index-dir\the-real-index~RFe57eadd.TMP

Filesize
48B

MD5
7a646d7f520fb58b033f8e88126a77f9

SHA1
32e32c5a3f4e7b0908224b1c92cd9a1dab222e2f

SHA256
12b0009c0ce6515b75b46dbdebec961344dceb8778ee4584c997b248a1214708

SHA512
9076bc63dbbd5871a43f928448e49bd50ef846824a807f425305fb81c85692507eb8e1c54ff5fa1a207e025c2db21c83db91cf00d808cfc3869e0d0ab67af27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc2e6f68-64d0-4c31-aad0-dc75c4f47715\index-dir\the-real-index

Filesize
2KB

MD5
210b43b542453969832eaa064d635d68

SHA1
efd24e3ec15e0a91561317454996ad06cd33cfae

SHA256
8b118cb5f2d4b03b10c34a27e1b478a6c63916f181123d0bd747f81c6528b604

SHA512
ee6d8e73963d6d16a11332ff707a36795888970708f7e7434d269a0ca9738c5e779da520b68a0a6e8c42c204bc1d21ebfd9579a8f5ec75a5b517dc1384f41fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc2e6f68-64d0-4c31-aad0-dc75c4f47715\index-dir\the-real-index~RFe579357.TMP

Filesize
48B

MD5
cf97ae2ab816325a8819e92172fcc0f6

SHA1
2f339541a8092a46c19608b6c0bcb00ed30127c0

SHA256
a9131470c2bc7696136cf6edc3bbe98e2682edd65a0bde2a3518dccfccafee34

SHA512
35c963286db09c1107dd5d38554c7df5f4b248d84034952464bce0dbd53e68a9a4d1603ea2e2c44cf40babebfa542d03b2fa3a40cbd8784419dd916c00194024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
156B

MD5
eeee8fa30a60ab0d5946b92a5fcefedb

SHA1
e684d1434a0b638ca986f9cfdaa752abe6aa867f

SHA256
06dfbd770e4ede5ebcefa358e7356d00de9cd9fbb6a2893ac104e335032b2dd7

SHA512
74e15afb27313c66bcecd41d6231c7fd0e181b44d69fc7921853f5c2362a5f1168492a2f6c4d493c257eb824a57fe27cfde42cfd27716cab9ddc8301491d2a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
942d11ae49a1d88e2c087d2b1b53bd07

SHA1
87e6c5399f73188d527cdea2c0f25dff13bfc61f

SHA256
c49c557a1493e41d2fa054d0dc27e2e18fb80cb3fa0a8562eac017ac0ad66bce

SHA512
bd0f8a5cd915d937ceb4ecb3d23f76b0b85a6feaf3f5afd15319a6b743720aae71649f4cbc3620e56b038962ee1c1644bf5cd443df19a547e319606d4c6069e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
093359831ab63978e939167f0ef4f03e

SHA1
746c4f36b4ddd4ef4d39799ab0682950f4b744e5

SHA256
d2e858897925e58b19c1702c055f738bae4c28adbf1ee5ff75fa04d6615aea91

SHA512
e492e8c99795c0d0cb7664f71fe49f617d89f8ffde77e7a914a72d9d697e3c1911f903ef4c908fcbd1a06cd77c85ca340b03c25690e9816304c2fd7eefeb07c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
4bd5eb3216e23ab20a8f0665313fc1b0

SHA1
db89a0f2fe5d41c63c17ccda5d406cb6cb52972a

SHA256
870458b3320ab67796fe3c2e9a382c0576262b1e1ef2878af8d1dfe377d320b9

SHA512
98c0184a2d683c03cacf1955c14420696c45abba123d24d39d2bc408fa0a6a38e76857baa152c17027183b9b98d7f16dad2287bd1b0917089297f7da5847bc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
991f91732407eb3489b750bd75a5c6c7

SHA1
06434aaad6e8c82b117b4535cb64a9e31d536cc6

SHA256
3208ebc3c928b0158d311270c672a3e2b5ed3f5b562918d9e4a6ebfbfe880109

SHA512
4eae293a94fccd5d7ea53aa0dbfe0f213db0844774450fbcd6dc676987b66aaaff842eb488b626645c98fa801d48ecd4bc49d910e5c6e6e138d5a55bde86ea74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
eb08700853e812c318ca9e791d18927a

SHA1
4347dde1ef8dc0ab1ad61501389f7883cc42814d

SHA256
4477d65bd41a8ee506c01b7c9db57ba6d526276b60aa97d4d6020efa3762a3fd

SHA512
d70a306cd4d95c9ed8df6d18ad0b7f7f714d7b4a1d5007c8d86e5a7678e6818caba8636e52719668e8dad53ea5a2375ffc684907e9fa09280c2c9f05c424b85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
28fa9f54c9b358cc65884d66828d7330

SHA1
5b729b246c7c7379f0805cc94d5cb4b87a69c046

SHA256
f578bd2166260f850ac424d5c6935e00beddac2d3884d826ae71c4798f8712f1

SHA512
90ecfcc3b5aef20253cfe553000e384eb409e3e631396626e43ca7cd9f9b3a32bb84f5c18a7c6ae3e184a04c274855293b7982acfcea89012d213e41ddee29d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
460ff5cc242a23d29effe5e0b488d01d

SHA1
2843ff4f523a8422bd870165af8309db675e651c

SHA256
f3ec50fa6182c418d4a666581c4b7522f86e7e89603fdb9a497cb9ba678a09b2

SHA512
f6c34641bb776a3f687ccb13ca2b66e66f0a191091c1ce1ec2f1bfb8328253f402ea361b559859216ec725656e71d8f4ea3aae4a729dac2fa0ec532a4f9e42cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ac5028c34edb63b0ea2477943eb9d4dd

SHA1
464ce8056dbdc18c3b5fbb2a68432c7b598fa277

SHA256
391fa0ef145d9d2712731214a48ccf67ebd7d1283e57b87938fcf943d5eb0963

SHA512
62d46ec9401464c6eb399f1d1b409be666423b104e9fd92280de871582374529681d5484558228c73f958d32ee50e37b60127eba7b1ca91727a4e2adf0dd4cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e687.TMP

Filesize
48B

MD5
5c32d3348c991fb87fff4cc3ef898fee

SHA1
51531dba7c9dbfa3897271f20da1e6e2cd2a472d

SHA256
e75b3fd0396a62e236616457f004aedbb4b7ebe581ec42ca7a43aeddd2eab6e0

SHA512
6fb27f2c02004109aeaf61cf0f5ba3409cf32e7db7d7d3916b051a0748078f022c47c045963b9d7fbfdec8fa0ce676d745c2f50ea1abc1c29edd1866496a3d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
893b212d9424ffc245d85d20b6778c80

SHA1
e0a375b649ada943c021fb6b32333c773166a89c

SHA256
1f80fc4aca9943da7c3ce0febc05f3d78a8d0a25860fc9492d5ff1ffdada531f

SHA512
6d4ad67073711ef8f9125c48752e68cee33aa503d3a29f455c30ea885fe5148e42700cf46a5bc6d7c7e150bca898d45e3a8134535a2218a4ba2d76e752376c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9b30670200c7b1bc2908e90520129be4

SHA1
f8c0da2982b6f098e034896a9ba6382adac6e039

SHA256
05053fd3cb745d27a1ff7089199e164b4b45c4584052098aacfa85909d2eea62

SHA512
579c1b40ad76ba1f041ee11cc95d3037c58db3d18ada9f459b246012e9e7d90806683f357839ee6ec6ef9782d7ee35e02bfd3f2ed8f51366318829821241152b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0f20cdeaaca65a552f740e3a89199c16

SHA1
0cb4adee12431f46566f8002b967d6f6f795c1f2

SHA256
d047c64146b2b925fd09d4eabc30e874e74d312b5aa94d1858aea80914ca958a

SHA512
c86c48a75bd591c6bc0870dfae243db5623f921eda79e35490c0ba3752ca99a6fb3686859ab6e95c62d477af6618ce70aa1951c95db2fd5626445e73a1fa37b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bbc27dc4c86f9dc9039630704b7ce6c3

SHA1
1c0b1a285f7c90c9a65bcb3bd6bb9f8b75b6c209

SHA256
fedefb6129d8f6fa88666e3055abced535dc94813b923854a480956cef3ab432

SHA512
8503af1621e64f9a2cbc1e36ea22062d787ba27b51655c40771c7e9d542872698c0f96e734f7946529e8f74a4dfecb412e88a0f1523acf6514ac0732488f02bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
803eb24a74b6a5ca6a31c19823219dbc

SHA1
067d3a55a72cc7b8d51ae39bb17082775c95da27

SHA256
099db9e854ec8e5f947a7a62adfdb917babfe363bf8268f7461771a44bdcf666

SHA512
64b43198f740d7c35dd2c3c397b654e4f047d8a70710b212a8798128262c9f9b05dab99fc2d0e76a90bac95e21d01f2ac248545c999b36a1ae7fe7a849095982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d6e8076444215fba4fdce0e931ad356f

SHA1
22733080fd2afe7eeb02becda375a6f5f18d5e1e

SHA256
e4dbdd902dd725c2148bc72b4e8fbbe793c27ad5cfc32f70725c51cae7e9d2aa

SHA512
9a0f1e78dd5ff0fcd2fc8279b26d63ee928b9337f162a099f1c11516ec92d375cdfb9bf02506ea843ea746052f16526e00074a34678ccd03de8188705dd0f3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1b58ba74bb8643e235392174e0dfb6b5

SHA1
49c7e693d73772fe57edb32a52358f8b4791e885

SHA256
9478a6ea4d0b1369e9c4e91b9b1dd9024c9dac7f4ff2f1b52f8b1e0c110db710

SHA512
4fa919fe5eafb5b08d29b4be46a184c28c0159aa35a24de1bfd9915ce9aff8c735145db173246863d0895e1f1b33f53a4bb9be758e11c9c2deb0de086c68f7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24d7a3f9e222ed3f2e4184bc1fae650c

SHA1
8f0d527193c5c5040d0defe8f8c4464aea504184

SHA256
d6ece687ed2a80145b326b1b420fa234f615fa6fb6669c9af57a0693740c9914

SHA512
7f1e80d6c78ffd74e890ba11394851145f9b19dfe46b734bb0c554488508738d7b3e05404f86539b7c0dbdf36bcac7100995da422ed5e64a57b69a95f85bda65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97531f3b1b9cf6e88148bb707941a652

SHA1
64a08ed344b8c38c58ccee6664fa5c3f63bb1305

SHA256
1c1f4717819072daaae2405c5c25990da87f0acc759cab1ffe1509c6c1fef7a8

SHA512
aea1de0724e57115adc44f6969638d3b4d4bd911c3a1c7ecff35f4561534198cf642636f73f230ae7c9c46e7fdf9e593e028d24d7ee881dceaf95906e8b8390e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3226bae7b92d2c0b0ce0162747911b7b

SHA1
4fed40db2261aff7ca31b5940896ea71076b6a05

SHA256
43bcad7d9f36e00651c4af1db09c7d11a7ea6f2bff04fcce2609134c849f56b3

SHA512
3d7d3c7728fd93c26aba67a0390368a12c76085c24bcaf06c04e8e0e1fe72a46f9fac7299bb0a99b764647271a634732dd29b6fdd9cf4d65760290d29c5dcf2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c8be.TMP

Filesize
706B

MD5
97aad22c2907747e16b7227088b29b3a

SHA1
88a0e368a46cbb7b43f507254ab58cc6e5c3e3d4

SHA256
500fcecad2025fbc68a1448528f3649d9e2a465339aea76f4fc1395526efd27b

SHA512
5e2b9be45c87796892360960b493999819877aeb92b7a58a2ff69d44c3d58c625e8756ae27208cfaf8f43e0413b38c5b14a9e28fe293577f83521407003e008b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0682a1181c723dea8b0038ba250d303e

SHA1
d0b4ef61f42ac1057a68e69214162cdcedf85be0

SHA256
850491cc0d7ec273cba1947dac1b4d9031a9a2e9903b341c75689b8edbec6fac

SHA512
12aa6e72813f9b910f79431c6ef825c65a399b5594cb38bf908ef9a617e214620a173ff2258b3df732a15f6678bd9e7c36afc6142208fac2a8205c4769aeb285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c55e9c74cbef5fa1940536c57c326769

SHA1
4a5af02859c8231fc60669573376c86ba86f3e7e

SHA256
147e6251f39b0b68a29b6e069911540438dfb8882ec0502f6795a31e2e9abc7d

SHA512
bd9920a4dd309e4959dd0e10c09ecc20bcc76975ab2b7cc4e435c54902246ca1293bd91e5a2049c930ed5478f2c719fd61b53fd7b850e8abf4208cbf8c2493b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1534e28aaa976e73e8878cc436cadcdf

SHA1
8650761d28f39d6e5532d2c9bcfd149c22df2b17

SHA256
51c762a249e9a5a71a90e42053b0fe55311e78b2f0295c15ee2e6c009414fc40

SHA512
397d472edfc12bd4aee666b9b43f8692f5326a32a96727aa0b4ee8d366fc28d1f55c5595e99792c4a7aa448d5819d6e1fdbcf1a9a2ac23f759bb8f108f26ba33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f44d4085c6d870db445b45745bd0fbb

SHA1
9e440d5682781db1384bd505a13c91574944a864

SHA256
4649ea76d76343905279ac368b4e32b71c31605e52861f7249b87e7523c77660

SHA512
ef19eeb0cf24f652961118fd408622437654c91896b01389a9147657869605d2e104056a95bdf05ec03c89de09d69a40e3fb682a0bb7583a040660a363d63c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10fd3c0e800ec8976086057233fee4de

SHA1
b9adf891e9d9b86b65311bf085bef18c942ff3ff

SHA256
4b0455ab88f9dbea59bf1728aeebac1e9126d6803ea10029a4a8239c118501b8

SHA512
7aa31577108b9d120554660c8153195a3302724d35c2bc1ec2cbc5440eeed4b93be8abbde83ab4b1be85a37da63dc9ded83c5161e2201bd63f76f70de6635453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
512KB

MD5
6d37c77b1258c734cee5222fe9f54588

SHA1
1787bf68ba30bff360f599648e3fa703b05ab9cf

SHA256
0bff85979e3b8299ee9f3f89d964e5b16d7c0ab3945ba6396b07295a33cc026d

SHA512
04c5338a8f686aee2d43557258dccab9b57e0086c0ff834e8ba693b81b6058467e6c35206000de6ed847fc51fd2e3a2ddbc1b52586f006d0eb429fed097006fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\3c436gr7je.zip

Filesize
135KB

MD5
2037f1a4757aa1c55ad35a45d117a8e9

SHA1
81f8c30c094f497986ae6915d1ce78df99b61279

SHA256
8c1c784d6ebcfd7e161cb1001dc911b4ae0ecf5a7685ed7a85dd7d76e0fb4348

SHA512
922b5984ccd43ad79b40402fcfe2d93ab534d06c2c33b3c72f7cf5e4fdb90ee1c10c82c6db000170c426b3298710651f3347562171409b08bf6ebba3da43cc28

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 551066.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 623585.crdownload

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 79922.crdownload

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
memory/764-1344-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1408-1356-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1896-1347-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2220-1421-0x00000000223E0000-0x0000000022418000-memory.dmp

Filesize
224KB

Download
memory/2220-1518-0x00000000227C0000-0x00000000229C6000-memory.dmp

Filesize
2.0MB

Download
memory/2220-1466-0x00000000227C0000-0x00000000229C6000-memory.dmp

Filesize
2.0MB

Download
memory/2220-1422-0x0000000020D90000-0x0000000020D9E000-memory.dmp

Filesize
56KB

Download
memory/2220-1420-0x0000000002610000-0x0000000002618000-memory.dmp

Filesize
32KB

Download
memory/2220-1408-0x0000000000030000-0x0000000000494000-memory.dmp

Filesize
4.4MB

Download
memory/5568-1328-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5760-1345-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download