danabot | hxxps://steamcommunity[.]sale/giftcard

Analysis

max time kernel
116s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2025, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.sale/giftcard

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Blocklisted process makes network request 1 IoCs

flow	pid	Process
173	2828	rundll32.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
165	1992	msedge.exe

Executes dropped EXE 2 IoCs

pid	Process
4168	DanaBot (1).exe
2316	DanaBot (1).exe

Loads dropped DLL 4 IoCs

pid	Process
5068	regsvr32.exe
5068	regsvr32.exe
2828	rundll32.exe
2828	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
164	raw.githubusercontent.com
165	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5992	4168	WerFault.exe	144
5248	2316	WerFault.exe	151

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 240153.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 294453.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
2384	msedge.exe
2384	msedge.exe
3500	identity_helper.exe
3500	identity_helper.exe
1992	msedge.exe
1992	msedge.exe
4512	msedge.exe
4512	msedge.exe
2196	identity_helper.exe
2196	identity_helper.exe
1428	msedge.exe
1428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 536	2384	msedge.exe	84
PID 2384 wrote to memory of 536	2384	msedge.exe	84
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 920	2384	msedge.exe	85
PID 2384 wrote to memory of 3468	2384	msedge.exe	86
PID 2384 wrote to memory of 3468	2384	msedge.exe	86
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87
PID 2384 wrote to memory of 2792	2384	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunity.sale/giftcard
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb09046f8,0x7fffb0904708,0x7fffb0904718
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1066305582037198693,11287120449153135057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffb09046f8,0x7fffb0904708,0x7fffb0904718
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Users\Admin\Downloads\DanaBot (1).exe
  "C:\Users\Admin\Downloads\DanaBot (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4168
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DANABO~1.DLL f1 C:\Users\Admin\DOWNLO~1\DANABO~1.EXE@4168
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5068
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DANABO~1.DLL,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 464
    3⤵
    - Program crash
    PID:5992
- C:\Users\Admin\Downloads\DanaBot (1).exe
  "C:\Users\Admin\Downloads\DanaBot (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 156
    3⤵
    - Program crash
    PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9669647840170379639,9407807303675295387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4168 -ip 4168
1⤵
PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2316 -ip 2316
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25f87986bcd72dd045d9b8618fb48592

SHA1
c2d9b4ec955b8840027ff6fd6c1f636578fef7b5

SHA256
d8b542281740c12609279f2549f85d3c94e6e49a3a2a4b9698c93cca2dce486c

SHA512
0c8a0d1a3b0d4b30773b8519a3d6e63d92973733da818ca9838599a9639e18df18ce31ebf56f46f6bbb7d89d10c726f4d73781e154d115a6068a3be7dd12b314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4114bff967842ae3e2aa29e9f5301f2e

SHA1
bd91eb58d577ed4f2425443ad1695740e06cccec

SHA256
45f10159373242f55ce2d849146c2639d9eb5216a517041c8cb315694193ccf9

SHA512
560152c18692bffdbc354ba64917171ac4ed93ddd8855b1831605f5f6cc0d4647e0203e9dbd150025016c7b0081f422d5f33e9374250c03bbdc6021de8008cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b242221a1e4d2c06840ca1a92385c2c4

SHA1
0a49dbf4afb38e4cdc64d0a1290d9258e1fbbd02

SHA256
4b612543103ebe7a12ad35ae4f0e0ca60adfb752a89c9633772a664d2c950757

SHA512
dbbae951122a6e4caf31079349cd59fa65a16d270e93f76b9daa9f2e1ab068210642b872cc1b4caa241e054d4a0341a58e0cc5281b0de087c3218a610bc49250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94bd9c36e88be77b106069e32ac8d934

SHA1
32bd157b84cde4eaf93360112d707056fc5b0b86

SHA256
8f49a43a08e2984636b172a777d5b3880e6e82ad25b427fef3f05b7b4f5c5b27

SHA512
7d4933fae6a279cc330fde4ae9425f66478c166684a30cec9c5c3f295289cf83cbdf604b8958f6db64b0a4b1566db102fbcbdcdb6eca008d86d9a9c8b252ff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
6ce4fe95408c1e17e64e1eda8bf0209f

SHA1
5bd37293982e00bb822055a0edc7bd6bb0129a1e

SHA256
14ad43a9ae5d9ebd157f82ab45b7b452cc02e9405cd235068103cdc66349ff7f

SHA512
cf6d6cc23908c8df3bcc4e8abf31370d2cb5992dcb05b1a948dfdbb0f972e48c2042c5c8c55fe776013b5da0b1a6b21b06a31eac27b6da0d433a113a3df8a6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
11bc6b105ee4693d30dbd96873acc2bb

SHA1
7f6e494766c7e88c50b5be575665e053b4e9630f

SHA256
b341be8aff7ed5d500db55e7f91bb99ed4ad1f41e121145c3b163e0a6866bac9

SHA512
9f2c7362d64778d8ea23b6b26949322c251538b5601e8a7b99dc2598df70f4e91fb3e696137cffdfd65c8c87a377cee6b9e9c38b8cf01b126a58172ffe11171f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
3063d898b38311a9f450b0b65d91f352

SHA1
7d679764bbd326c865e7783eb8347a01c2a06dce

SHA256
32dfd2b441c78f9dff62cbdafcdd3b01e9988442b605ec3f9f3c65a5ff67e61f

SHA512
9cfcf2dd09154270011ebb5941e27f7ed48cbe272b1ea9e87bc8d79e7ca2ab9bdd781ee7a960a23d19e089a061b774be2b8f7e8fd7de5d0aa88e12e6b68e7b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
cc9e0fddb9559ace430127d219c232dd

SHA1
92a8a6fcae6f77846fd19c6043de19537af78a76

SHA256
cc9a751cd16d28f00c8e161b3e2c40aa9019636df2826ca7fd4c38ba4b356ef7

SHA512
3b93b099c46a0e9191dfd5b6fe2a41ee79f049d1d9d654df9a965a369050c2740533c0df07fccd276988498a1e2af5de86a0a41802fba46d61677f234628949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
26KB

MD5
1fdc7d5f60f441782b608e81738dbef2

SHA1
74f699940fb527aee9bf21e8d6172b769c549ff4

SHA256
a1538cf05238cc6c7b0ec08ccda41ca1326209b03f3942dfc49194d79942c738

SHA512
7e481bba26d4662c714b714a78e5a002f43803d50637983650b1827237dd7ca0d773fa1b8b016092424d1f7910e753993a8f04fa81d791f98425f0c5cd5c79da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
e72755e0f853e7a8ed11eddccf8346fd

SHA1
6e2362607bf7bd909753c9c62bbb7bc6f5405ef7

SHA256
a8404c8fc8d370d16884f7f71daa12c69a975627ba7a1241ae48d59e7194465a

SHA512
c9466a0dd7fe81cb4fd9a0e6ffffde51a007f70d186edf95f3499d6e413183b947f255995ab34881de9f9c980e25141cca424ff210a267d0c997b3932c223c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7fcc7be65afd16c86a0f3fab4619f333

SHA1
ca5a777303a572b23e7d4b2b92a842313920d993

SHA256
8b6a69ee7dbab621c20983de8b073a4beeb87d4931985955c0608bfe0d92752b

SHA512
b3b1a10c49333655ba7f92de6a231865200c1fbfce46757f118efe1094c807da549c8e68a998534fafea53aab8d289d386a4acec85e436f647ec99a2470e0c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
31368d06c345a7cb8597639b2f0bdf3d

SHA1
1751f0cb1c9a6ea96e8908a6ba5f0e0d3dea49ec

SHA256
ff492310e1886dd2da55b278088a8ed61c76dd17db1b3f594fca7a4d2e56c59a

SHA512
7ed0d62177e6b5663800e74a51f24c2cb810599af1c4b3fab214e369dfad932b54d09803c9515c34e5b4cb5301f2507afee88f1ce9f9b5ef1fac800792eb493c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
3ce29a01c36ba6f0c556152c887e699d

SHA1
9359b3d7975f2ac6ecfc1b226d2a7cc93bb31903

SHA256
28a4390019631703755344980517470d97907cbb5b417710c6eab2d74e3fb266

SHA512
421a1b0caa9e6d030c2d0d94d6b96ccc27bc3c7a35bc7e7b7c8c9f37537e97b73941a7e017e296cb456b8c45d10bfcb87383cc2d2ec91afa985049f4acb5ba8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
d72d7e6cfec6c5ec8a8f9c163066988f

SHA1
f685bf5adf491cf671a7400bfd3f31a580b4a451

SHA256
2707a1ce70b3fa61cfd55b38de109cc5a7688478f82f102744b58b4404af3006

SHA512
940f50f5d44e9e21f33fbe6ee5dcc418affea61cab6c7de489ee3ecc1ab3d598c9150dbb44e118bbc7225d8d352118874dc507a37c25c0ff7f59979e8912e502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5487ed5c7fc48044ad0fce2b08e7d4da

SHA1
81e939c54a64eae2144a7429b48a8ae7e1060524

SHA256
055d671bdfc82849953402e10cbc7407ee4c977ed689555822f9508637ca8ccb

SHA512
e2f1697ce71c5f1311fb5a0829991fd47979c92a109c8229739eb09e23cddca039f8568d125cde836a03ff092c0eb0e34fc3ad41ed997465d77ec06eb35b0a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
572B

MD5
1709f94a4066ed2a693ff8c795eb498b

SHA1
2efc9a2d1d92cdc0635d83cfc18102ccbc75c7a3

SHA256
fa581b396281f53ef908765a6b1c2069bee8805554f4ac3a3d17d07afcd094b5

SHA512
6a66732618391a7a55a679715e2a71675df6ecfc065ce43abcc2b72b8b3ba1bb0902e6b8f0835edcf4c48ec289a83ca0f9682139c051a750ff45be6591da4ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
148B

MD5
65a429f60140cad51440820fa71012a5

SHA1
5a0f6e7ac34270fefa557ef404d81bb889ea25b4

SHA256
ed4c0987b9463f4095f0fc5cdd1436bfb07776a1e8b81e79c0bc9f6daf9b7013

SHA512
d6ab1b911f5a3b63a927612722ded8376c5da4b1f1cf4f00d95ade17b422b4bd908d6dcd7e1a200870549433b79ac1bea01e7c2adcb45321ff2f1e0069d56ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
83edfc3d7c0805331f76cf46844a9a63

SHA1
759ed45c29e184c6e5592cce9aa185d506be5f38

SHA256
58a0b6df155fdcde8dbe899fef9f9df220f20bb3bbb79c0a568995a8e00f3a31

SHA512
3b95951ab1c24ae7af7595d5d1eebc06ee5499237b8c6d6dd5432effa2d699496548664e0b256ca36126472a11aaf86224f4e496985349896b9af61da892ef8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
785B

MD5
d8d89620c527de19089899f5d4ff0911

SHA1
52cb2880581007b30abba3a6c5c3b10f21b8a357

SHA256
7d44ffca6bfed879639d901944311b7705ff32eb0fff085420e9c63650378c06

SHA512
81756c0477430a76824b18fdb68f60c3037f7d6c56b5921fbb44c3ffde278f103403406af3f3951f6e9ea84d886b7e6bbe2c005898f4a70268915ab3be7b9978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
48f2c7617593dce6ea1cdbebac58e8f9

SHA1
52eec4de45ea88e5fbc4ec0d2a0cce45f358445b

SHA256
fbb64c917f4866f3c405464dc7372661d33f3d3a39707113e715179437700a09

SHA512
f9925556a5ee77257340a44739a1094577f13dc1d16833c532c841142271ff849c3e1ea2ece2b0cdff298658fdc791dd901a25e39620c9c0c19cd76a6ea991e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b65f50a6d3a3d7992192800d90f03d75

SHA1
f29126213b580a8ccee70e7da91cc15f6af44575

SHA256
bc156c46029569ceb0ec81c60ee181741814db375ce5b88458bd20c58a6f1b44

SHA512
d7dea7501da9d9550e35aa37721e8b126a9b526f130fc6685c465cf5f6fc8456687ade4124bdc33d13d2063c3ebab71b3c01d7c70bf62f6d8425925177ce00f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56b6b6e0eb92781e98c15111fa7b470d

SHA1
85c74c8199488e1b2d0e54281282a096a7692a99

SHA256
82b63551c165674350e8a8bbfd5a889b8a8adf5f0c652a6e486bcb0cf6afb979

SHA512
21ceb17711ac1c84edc4f752600c914fac35136ed4d16b272df98827204aaa7d7bd0ccf6e80d4b5a9fd13dd09195b2127e5259c570f8cf23e68fa3f8ae28f7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4af1cd09751ebcf59f784beca2217fc6

SHA1
981a1e3cec3d3da98e924c78b29abb4487d657a4

SHA256
2bf90d741f6ffaf82eec40e1c4196d20b897ea21ea411648dc822129288fe249

SHA512
bd1d3df40f9a0e89de57d1b872810b674e91ea68a2d5607f47f1842043c0b32ae99b232c521d6516a37e290df2d3501f6a62cbcbb9f997d49025b7d443bc1c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8cd4221ff5e11466ca02a8de270abc4b

SHA1
e844481d42057bc6dab6f035e7d3f7f1d9ce33db

SHA256
05273cf6353e008259ff37b3caf2cb824c36d21f8a4dcb087bcdb56415dd5fb2

SHA512
af4ed4c1c02486e45d2599e0c049386df0bed75597a74ad26c903bf1877f40975f382d20161e70a28ac63b5681d004336ed39bce3b567c44f1d6f6e20dea1ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43084508643a5f675852bbb31c40b078

SHA1
2c3732886b4acaf642113eabc8d7731d32304439

SHA256
9beb94d970a63f4ca56c797a6f0337b79b117ec563d6449c8fdafc33deaa7539

SHA512
984a1a07512d56e56e78f651edea1574fd15593e956b775fc2fc8d8740abf3d88fb7b1ba904fb430a768550ee7b3e947f61d99daf6cec5ad639519c38e2a4214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3851e9fafa179e753a15feddf4760b3

SHA1
0a36b733e5285c78067a3b60c395d135a6b99247

SHA256
9689158bd7de6aa708ee38f3a87d91c4814a223b7e639c92ff0447cdad186ed0

SHA512
ca4e67ade7d6e99fc61af7f0e3090f0b5c8eedf493c446d2374d6bbf1a9af0744f2084b34c72fa3828d315c53c0f5dcd0f8926d0cc3fe443bcb26fb144705f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b6c3cfe43028b3b813d54e65c463d65

SHA1
edffbb937d3a629a5d012fb44e055b7ee93622d6

SHA256
827f6b031da85f54acfd479cc380892651c1e83eee8741f7ec1852a02cf7df90

SHA512
5244cb4b494d879b897f0ef1d487369def20d760e8b55e3d960b6ce7b5d4ae3aacb6bb5bdf01c634f2350bfae98a7d7e014a909a522916454564e5ee9ccac3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6d257d764ba568a3744653caa324af3

SHA1
f5c59345388ab9fe5f9a16444002ac37dbc7d7da

SHA256
949f15b62f369c361dd05e70dadaf4a8f10fd71ee019f5c79407851780e58cf9

SHA512
d0aa8b72927adeacebe497fed9c8c66e43eec521eae55fedeb62ff7fadb1cfd121af47b6599cafb94e1640e458de9193e835aaae40d266eb88cfbf13cb42400d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
acde108eaf9988926e932e9e692d0bdb

SHA1
397a2c8ac3bd2ab65493604b04fd16a0cbda37c4

SHA256
9e0004bc037b4db90fcf582a708ee71048ddd768063757b4d5d818675456ff87

SHA512
e0aced9273e7598aa7f590798f2bcc9c4bf6d5a049bafb98814adf5aa1da07d75e8fef8e7966b19e3958efb3071c03b55eaf96cd04c5364ac7a130309599c581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
8e68382aef72ba0fd470e46f3e8498f6

SHA1
2b0c1f176cfc847919ae84d6e41dc64a35fa93ad

SHA256
551716ab012c97a62fcb7ab0363b4e5b56a57eb82067bb78a9b0f3d97180086d

SHA512
916a476fe3b90edeb756533d69ca99d1539c6e3ba56c2871a637a2e1bda963e30d19d11a1c05b2f12376cc2e6f1befbd7f5f3cdf57388dcea70d91ee81588de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
5d3eb98a0e865c8fed9b5afc0dbb4f5b

SHA1
b5fa306964c6e3904c2b01bb490cd3eec2cef095

SHA256
076990b727114f258e5107a88b03b4a0a9ea187d62ab251e5b7faeeb12b59e61

SHA512
6ee0fd7ccdb340583b9f3f594478dbf91f66a3fc3b3304e1b5fa6950cda1a712a52f77afb3a4c028fe8001bcf07dbf5bc101b14c3b191a63ce2d4abb0cb9f39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385805460207278

Filesize
4KB

MD5
9758f68cd162f6e213b879a9df1d900c

SHA1
975374306279bf3b8b3d5ed85a260388c4c63758

SHA256
2944c3dec4442e9c9ebf7d84bdce5201e3273177b69aeef43ec3040feca2e2be

SHA512
b791b02d1b09a4babdf3378d1cb382467630b12f28327653e5d32119d9cf0268451fa61600f47aedc958bd051260d7b93cfe62df91e6cc1c9ecccd036b957973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13385805460472278

Filesize
2KB

MD5
0aeb85db8c371816c5eb8925133c8f0f

SHA1
978e340fb64ce0d5940cac7cddcd97f61884bfca

SHA256
74c39a5d597eab186ebd9d80561e6f7a5aaf57c0b9eb58a822e8bc97ee12a601

SHA512
9e38470f9de5e5f44cf5e18cdf314c6cace015787a08cc4e502e986c7c8cf6c237a821fca37f68bd4780fcbb0298075e70261baffefb4d57dd546a977d7a0628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
9e22e599724958d4d4cd50a7decc8d32

SHA1
4bd97c7cccccccdd1ace41c7da7d6512178c8b16

SHA256
2d72479ed82e170255bd5f77dc46456126f120439cc0bb28b0f7a8e80e4a7c1f

SHA512
8e5918e27f00bda7914915440586e09973e2462684bbc9346b90e914d1282929563f2dcded7fd502ac36ca0bec165a9d8c3f2ab0ce7d2b53e79c2fb92a0a6bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
36147acc08157e16f34fc59ce554aba6

SHA1
d3e35b294eca3f299a6d76bf63e04a215ebb0840

SHA256
8d5c8164fa1790a2a0c4a0d9a85e0792b1ef40352cb3ef087d607af99819e9e3

SHA512
3d0d2ec313a08a2d73ec84fc5d18ee9df4040120083e61324509fb97b59f0b82c3e21be48d4cb3457c3e5fe9ae37622a19aa7703adbb9e5242d57fe37712ca39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
c966b32b15c3efd6fe30a78bed3a2767

SHA1
afb4100e2a6150d8807927e28caf8edff4e833d8

SHA256
d4bfbb5f0185ebce4d5ffbe03afdea0ccf713b98aec3d42f8278e3df3b773c8a

SHA512
ce580235f974214460517732cabb25e3842b8c09a254fcedd36cefa12877bc89a7926492a72657e41870209c984b7ed4ca04f67ff35ca14fdac819f17ef83a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8b808a5505c38eb2eae74609f48b96d9

SHA1
1712c11c4d87f82aefb38192fe42f21b8fe5c9fb

SHA256
294e5e0c977c016d5bacdba3676b9cfd1c9febc4998295c162b92ec857db1be2

SHA512
8ad8ec5ce725649729675aab4a579264875a66e712c87d8eda429cf0576331d23efff63c76e52c6057c496bf325ec919093b5a76aee3426899beff8534b55532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1f4a433df82b46df0b6133b1cf281dbe

SHA1
bb95cc3b2ab82ac2ba7bb5a5f15d2476a79ba940

SHA256
d269870287728c8ebae8b1e9541f3f5f19e45b215e8d094ea2541246c83f0cf8

SHA512
f6a601c7007641df880e5885457bfe170b5fb25b04ab60a145015b46cf06784b84f660798d2302f07e19470b213e553172e824b54f6af0c5affeb7f74dd66bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72063ba707e1cc8e45daa551d0683ce0

SHA1
1b20d496edeeb55b8e77ec29b8252fe98c5b41c8

SHA256
50a384a69a6922e41484cf8ed66ea5602842686b68c855ca6609741e59531305

SHA512
117c86e694aa9edf7dbf5f0f1bccc850b7ffdaaa4e71de940df20a8a3104022c69590a0a24f1a744528a5e6ccc302ccd8c933d0cc87f6cf23dafb1d375957a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
b1b496095acf07515686421e77e3c818

SHA1
547959213f296cb65b4e187d057a4c5e16a477f3

SHA256
fe9be51a6ad5ab3265a142b5c885af9d9a6e668aca8bfa59e177c1f7aff6b51d

SHA512
3f526751591e0825c47fcd188b1feff9828134b8511d1af11f39719b04fbadf5a485b580c8b24556294e6d6fe68b9ae2b572eb645a1884adfab5063ec1bce898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b72ef6f4ba801ceb493b8318114eed4c

SHA1
d815abcdca824dbc04dcdb9101395bbda483a92a

SHA256
1e94ca8e2d555dd7502ad729f79227711977a0eaa35803b37ab5e769128425c2

SHA512
47126fb3360f6792b7770115cfdef9af03aca3d1ba22eae9ebb3adab82acadd10c9ad9ea980b74519cd58b549b6ab2a1640a7f5d7632196c4d5d685b444157eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
999f92d841bf9d2227c2761927571e73

SHA1
d44d271f7af7c2ef0e16987449afc19cf13c4df5

SHA256
576648fe155a720415000c12f0c16be2f28ee8216fa3d1ff50eee4f0852afbc4

SHA512
4c34ac5c384e09343bd0307275173c45374368b7ca1279791ebef5db39cbc2668e1026e621cd1016e7e0e7bd29a06313d7caa08879d78aa5eb045ffea5e146a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
387bfac73541240f24e9effb9b17d8a3

SHA1
b3bfaaeefab2d9bf1392ef06a0e0baefa72ae855

SHA256
14b051885247f314edfa4fb66fdb9625208de0758e69e9381ed654d7778e0aaf

SHA512
255e4bd9abe0745eb51f4f5a6a77e93ce904ea1836f257e03d44c72175b5a15b7355ed9fe0cc1a0722642f1ac718e393823e8b01ec6ab7b86d8aa73e133ae504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
32a65da8d8c358c0d06fef05c1a90465

SHA1
c694138af8a24088bf1ac230eadec4165ad11e88

SHA256
5668047f16a69eddb3d1f2aedd366e199468e7a1f3634e5d7354cc5dce61c160

SHA512
8df58eaed32d29d9a9ec641fb0f445f47f352dac54271928ed8340ed95b389a1717553614e284bcc6a88e8ed7f05b44663060a565078d5586572c36f072c3910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
67758c5b455da720ee1788fb99e3f4b6

SHA1
96c6ae90f4b0eaf426ebdacdbbe018a0f36fbb09

SHA256
b981f14d741fe97131e385ea24cd46fdfad2e83e90e548f9fd4025516c2c0e50

SHA512
9a2de1654e25825db57addf61b08c0ae9aaa5dd912d46079d6748d2a2bfbf5e72cccc4e0b3580c617e191dabf3c870a98464ed0226552d82151902a2a3c4a90d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
68KB

MD5
bd376605c42c94c782195a3f1eac7706

SHA1
07dc5787886a10e97c2d52f03ece4f6e3d1f1b6f

SHA256
381146f32dcc92a31c40b8445fc67d9f828cbd02667da081f2c1e286b4cb34b3

SHA512
e983ac390658d0e18e20059fd4c11d6467e14d1621084a0c0e4bad77acc96267ab7c2d15d83687da73d29fc76ee0a34fa5559dda8609621b5a55dd09ff80ba06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
ceef7ad5d8196a522ca6f6f9087281cc

SHA1
9b314a41b75ccdd526e0e45f6fedad6743ae98db

SHA256
c21a9116d0e2494c6fc5c3a4b3b5db89c2a5ffd56042dddb2a8e68a31a2584d1

SHA512
4d3d133e081d55ea158dabb15fecdfc7d96fd2b098af97eef808897b77517a8efc5b7ad79fd19e44088f653edd6445b5247786fdb3976bb45bf74f18bd10d269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8b3908b62256e2593f1bedd4b17b4af9

SHA1
364b9a79ddbf086a61d850e5c82d98397a342b99

SHA256
159f063b3fab56ccac0df15d810fa64a2a1326e0c2b4959a1d0025a768a9f485

SHA512
5f6ffeb41b602c783e95869c17a248f2cd16fdace13a22c9fd03c3ed7e959ee19da7e9c6399e3eb08dc60d6e80df6fd2cb5c416d59a9e86c93058ef1d7129b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
97fd0ad7c340b38a8a965c24b1096913

SHA1
496e20d5520cdc03c886b74e1e497eb3b74ff6ba

SHA256
2970c3e0511980f800e1ad62e78909fd4702c25b4a08a2af68b31f5362d220e1

SHA512
0279fffb8381d2ba4323b7a2172a8fe86fc8b30e07c18a343887fa57d71fc61efbd16c1df14836d516db7508edbb2cc17e99d7b3df3d90ea0e1dded6e08b5414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d829b47a423896d5e3e9cef14f6e65ad

SHA1
34c43da22f6bf87fcfdd20b1bf5457c3e67af1b0

SHA256
7a64c18c174a945e7b20a4c77696de3937df1e97913f5f6bff51ca3d3ff4c4ad

SHA512
5b3e0d98c1e94d489c93d53d7923a292f6437e775f3e5968ea726bee76dd2da29a7275e4c5d25a78cd11833061adaf2439da48541cba610946097ecdda25c33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
6f4cec879e8e9ea042aba6be10e8fb9b

SHA1
c23cd85389ef5cbfea40e7bcf4c769eef400cf01

SHA256
be5739ede891362cf09d65d57b81f447b26e9dd47ea701c99b938285ace29ff7

SHA512
551750541b2eac7236557bf41c399ea6e209fe0b612ec8685769effe32248d9fe7ef7be2097a75003c01d8a6e2f63a93aa62b54f60e487e629e713230b238147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6f4dc55f9c54a428b47fe669fd823b4a

SHA1
22a4839227574e7b0a555bd2deeae2c015264412

SHA256
a89d0bf21ff86a214fc15daa758c4290d529e7590eebc3bec5beca196ff1ec75

SHA512
ec7728e522e4e175952ba27250ca45009b1258f9ea6204fec8b8ca29fb33143953d289cb73c96748c7b6fe036f91412d43f0d9e52958f34bd94b1d8a732b4a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9c8ec5804f70f83f36e9e14daae9d73b

SHA1
4aa5059708b49b350a001f0eee092fabd235ce09

SHA256
5ad5842948b06fae5b2653bcbccca47bb9921e65166ce6819583fac54bbefe17

SHA512
aa43f6dddcfc37fbe0e99cc62067c361a7a6313e974c117f06cf2312f1a230ab55029c65753e74b52885b4752c79996d926d1ef5f38fc93cceb5e46e15b876b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6cb1002dfd07443df9bb655622e246e

SHA1
65eea5417cb1f9351c0d0871c47c0fdf6c556260

SHA256
e3eb3c29697c121954c6c0c292497f2ae8c0b8b728589020ebc1666aa081dc57

SHA512
c19d0192ad12c678495fd33124e20054b0fca72ba57a83104f70b1762288ed80d599cd13e2a644dc374751eb2e4d6c6544478796fb2bf191dedb6d7209b9944e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0400bedc8ccf2dcb8b2c082b3d33549d

SHA1
f874ddd778cb3124e29320626bff4889dedb2cc7

SHA256
b38afc7921570be660c74d490d7b38f2f087183415f466899558d604cdd58594

SHA512
ed049bab2d3c0074edf5b759d098599945a6f0319c502b74b5b5ca4c176e0b1c6dae90f22d6c012dfe274890813fedb4cf400f30a25ad517a441534392b40ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
2be793d2233e389f39298592e31de29c

SHA1
69a764f1577f9369cf78fb076126d98d79070dce

SHA256
1283f83094b788ff6096b54e8078e3e673faafde1a5719954ed7444f5f2b29cc

SHA512
fead0d6d701bf17d753deffc51af4889b25aeb089a441c4c86514a89894c23e9a96dad6a95f8b05d9fcdff99c80dfddfef530a471f77512b4d79287e97c42a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
362e29752afdabb6f1a3a8cea6e00332

SHA1
e9fc8c682eeb8b2ac14a8785a8dcf9b85e39c14e

SHA256
69d5497bafa38034624ca7dd4940deebae51431e1d7811050b9a53344495e01f

SHA512
36860c59bdf861e64092e94b649e022c3d00fada352bf685f8a8e45665a6e2ff826050b7046a89705eb41bee5541cb0828c2beaa42b59cca906333ce12109074

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 294453.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
memory/2316-1019-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/2828-1004-0x0000000002390000-0x00000000025FB000-memory.dmp

Filesize
2.4MB

Download
memory/2828-1018-0x0000000002390000-0x00000000025FB000-memory.dmp

Filesize
2.4MB

Download
memory/4168-1005-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/5068-1003-0x0000000001FF0000-0x000000000225B000-memory.dmp

Filesize
2.4MB

Download