danabot | hxxps://www[.]googleadservices[.]com/pagead/aclk?sa=L&ai=DChcSEwi--Jm-17qMAxWCmYMHHQwHJjIYABADGgJlZg&co=1&gclid=CjwKCAjwwLO_BhB2EiwAx2e-32kQLcfFNTItEmNPREX50gmIyx-Z7yGQNWYFpTH8fYzqfdblIeA_WBoCxzQQAvD_BwE&ei=j-DtZ9n8FvWmptQPx43wwQ8&ohost=www[.]google[.]com&cid=CAESVeD2UQd7Umjo-XHqsJ9cyPx1wc_UIY0HlY4QzSlWOZ6KHpRF_uh9nVZp5PKtRQFrI7ZW_VxRDbXnjd_c9Ux5b8dH88oL3gQENhhxXfac3ZrYhOoz6uM&sig=AOD64_1GGwJRh6ev0ObO5gmlAhs1AG758Q&q&sqi=2&adurl&ved=2ahUKEwiZgI--17qMAxV1k4kEHccGPPgQ0Qx6BAgKEAE

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2025, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi--Jm-17qMAxWCmYMHHQwHJjIYABADGgJlZg&co=1&gclid=CjwKCAjwwLO_BhB2EiwAx2e-32kQLcfFNTItEmNPREX50gmIyx-Z7yGQNWYFpTH8fYzqfdblIeA_WBoCxzQQAvD_BwE&ei=j-DtZ9n8FvWmptQPx43wwQ8&ohost=www.google.com&cid=CAESVeD2UQd7Umjo-XHqsJ9cyPx1wc_UIY0HlY4QzSlWOZ6KHpRF_uh9nVZp5PKtRQFrI7ZW_VxRDbXnjd_c9Ux5b8dH88oL3gQENhhxXfac3ZrYhOoz6uM&sig=AOD64_1GGwJRh6ev0ObO5gmlAhs1AG758Q&q&sqi=2&adurl&ved=2ahUKEwiZgI--17qMAxV1k4kEHccGPPgQ0Qx6BAgKEAE

Score

10^/10

danabot banker botnet discovery trojan upx

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x000c0000000240c0-1363.dat	family_danabot

Blocklisted process makes network request 3 IoCs

flow	pid	Process
259	264	rundll32.exe
269	264	rundll32.exe
281	264	rundll32.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
254	2072	msedge.exe
254	2072	msedge.exe

Executes dropped EXE 3 IoCs

pid	Process
3748	DanaBot.exe
3400	DanaBot.exe
3656	BlueScreen.exe

Loads dropped DLL 2 IoCs

pid	Process
1260	regsvr32.exe
264	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
251	raw.githubusercontent.com
252	raw.githubusercontent.com
253	raw.githubusercontent.com
254	raw.githubusercontent.com
249	raw.githubusercontent.com
250	raw.githubusercontent.com

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000243e8-1476.dat	upx
behavioral1/memory/3656-1486-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/3656-1498-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_932813446\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_932813446\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1600520691\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1600520691\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1600520691\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_425736439\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_932813446\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_425736439\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_425736439\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_563694752\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_425736439\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_563694752\LICENSE	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_780_936967212\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping780_1714169496\_locales\th\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1652	3748	WerFault.exe	145
5940	3400	WerFault.exe	154

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881163962776837"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{5B07BC8E-15D8-468C-99EB-5DE1EAC2DA9F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 5300	780	msedge.exe	87
PID 780 wrote to memory of 5300	780	msedge.exe	87
PID 780 wrote to memory of 2072	780	msedge.exe	88
PID 780 wrote to memory of 2072	780	msedge.exe	88
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 1772	780	msedge.exe	89
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90
PID 780 wrote to memory of 2432	780	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi--Jm-17qMAxWCmYMHHQwHJjIYABADGgJlZg&co=1&gclid=CjwKCAjwwLO_BhB2EiwAx2e-32kQLcfFNTItEmNPREX50gmIyx-Z7yGQNWYFpTH8fYzqfdblIeA_WBoCxzQQAvD_BwE&ei=j-DtZ9n8FvWmptQPx43wwQ8&ohost=www.google.com&cid=CAESVeD2UQd7Umjo-XHqsJ9cyPx1wc_UIY0HlY4QzSlWOZ6KHpRF_uh9nVZp5PKtRQFrI7ZW_VxRDbXnjd_c9Ux5b8dH88oL3gQENhhxXfac3ZrYhOoz6uM&sig=AOD64_1GGwJRh6ev0ObO5gmlAhs1AG758Q&q&sqi=2&adurl&ved=2ahUKEwiZgI--17qMAxV1k4kEHccGPPgQ0Qx6BAgKEAE
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ff8ad1ff208,0x7ff8ad1ff214,0x7ff8ad1ff220
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1968,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2168,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4952,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4832,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4940,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4964,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3620,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4896,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6512,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5660,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6420,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6832,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6996,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7216,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7372,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7432,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7716,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7764 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7752,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7892,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=8184 /prefetch:8
  2⤵
  PID:5172
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3748
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@3748
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1260
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:264
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 460
    3⤵
    - Program crash
    PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7172,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  PID:5392
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 148
    3⤵
    - Program crash
    PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=772,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3816,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7184,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7228,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7248,i,5341444532634315005,3474549301927227722,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:8
  2⤵
  PID:5560
- C:\Users\Admin\Downloads\BlueScreen.exe
  "C:\Users\Admin\Downloads\BlueScreen.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3748 -ip 3748
1⤵
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3400 -ip 3400
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping780_1600520691\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping780_1600520691\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping780_932813446\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping780_932813446\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
81332b0b0030e3cbfcf5802c7d97ba9a

SHA1
b62d774ee15c7ade878c32420abafe75b24d094d

SHA256
396ab56191951f8a001b3fa8406d68db327c0cba873ab11ba92bdfa235e86972

SHA512
c29df10bd5cd95a4e8837ff33e8e56348456b70bb3fe7158401872d48051020d876ff66d33f9af8a1625b64f70e73b5c7b2f4cb4fb954b64875993f448e9478d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ec214777bd712eb93bc97ad67aa3e3e

SHA1
2a478806d2cd7ab67e6ce0d3f312ea6775108def

SHA256
cdb6beed6e3beb3ce297d5326ed2247b614e9cfc4ade9acbc8c7d5a1e61eb890

SHA512
851f3f6f577812a150a29b1abc729493c0fc1df6e3bd13b1f52f9e79675d5f953dff85e29aad68d0c1481b8773c4ea2644e4ec990f71bc345e5b50c8d8a49134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5814fa.TMP

Filesize
3KB

MD5
330f461ad9274d0d24a0a84d976f6c00

SHA1
6e363adafab49c8b246db5cc49e5d3dc3670e551

SHA256
f46d1c97dbe73edb569c3da009930441c1102f483073c1b805689ef07328f335

SHA512
8b7025e14eb465c16477f1db9e7d072ca3e9cca5286d54e3e7aa688d39b34857b78c37d1e958838cb49bb9793a3120a55eea32ea926a0ea11c4056f2800bbaa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
968b39b9b8756a7240a6b3da58bce0f7

SHA1
9bcd3fbd3d095826edf014272737d8128690dfb0

SHA256
b860087ad1dd2fde820cf10bb2b04d0baaccbc7803e8a6300e1b40738735cca5

SHA512
9c88795d6674ecb391cb6f8265613641d6adc38e45b3e2d0af070d372701e1d9d3b2af6ab3d9c4c4b5d1f3d54666daf8772f3a2b45165e42aadf7c312b69fe26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
210B

MD5
432d32c793a033e378a381ea935a84f1

SHA1
f2cfa3796a9e291267466a8e3bfe6e15dd48df0e

SHA256
fc73d60220ab1e701153dc6bfdbde68d9aec31cb9857860cb32cc2da643c7850

SHA512
61e9a50ef75786bb6709517e311a225d05f3bdac1fdef102116c9a8c5e2cee3a682606d64fa8975f3cb36634038728a97949c71989900431ea68b55a6ed7b511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\f174e70a-4fec-41b9-a632-c6da19a2a797.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
11247d1c2c2ca5a1eb58e3e8a8ada998

SHA1
d75f22ec02c6a88dc18108150adc149effb1efd4

SHA256
99087b9d2a1b492384df6774d8abf27e02f866b275cb0f030af53b09fc3a784c

SHA512
19354a2818a98c68f4a0a538b2b061158f2e1b661330b3f590bf3936c8e6d1d5e263ebef542cc9468db6286b80f6f61aa3362f96a52a72980f39921e76d12c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
3812d76b1bba442500c6a2169c038311

SHA1
ddda47a2ad561ab3b44b35cbdf083fb35b936255

SHA256
651ef3577e9c94d4e2d080efc0eeba9179dbab9b99a918874c34d397d2214212

SHA512
b30a0a6219fa74245625443b8bcb9c58617af5ef28aa48fa5feb58a83e53ac307acd28a097f52867d78f671e2a8d441e8c3b54eed944bb129991188398e98c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
63e0d6a1aa04574ef47e9caf7b80b157

SHA1
ccd9098fa44be3cc60772cd1ff2700ea7f188fd4

SHA256
0018d181e5f87ab8209667e035b78b108fe72bd2d9456135de2cbf93ea75360a

SHA512
16db18d8c2ffbc8f0134573dd030435e03a535de8e9eb9e39b4c709935bbadc45ea69a76d148c3d6affb62a79660b56bf48043d91df8c0e58da0890b1f43786a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
46aedfc9f087adae06b92ac197e1177f

SHA1
ffba77ea7b937377999850f7626098cb829be2e5

SHA256
95cecc99b27d81d63218ab1eb47cf1be62a080c5aa0722ed5fcbeb7202438a8d

SHA512
e1117de800b98dcd4b53e86d90f3f617fe93890e3d0b9fa96754e0b37284028f75075c41aed4c0a3a105a37d9e18209db635ddd51b57d2a82db0d486269a40b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ae718baa3e3c95e5076f4e38904212cd

SHA1
137b32790fcaf9fe6c664c4d25aa625c9320db86

SHA256
3570c31854b73025076108262aad3e5c4bac266e9f8e3a50173692f9411a2212

SHA512
e8b4b733208421d1f4c4057a5790be1f0d1efcf5b18e879b8d2e4fe3263391852824a377cb2f1725157a9f7f0ddffc9536b7e6415f26a4d679195aedac036bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58023d.TMP

Filesize
48B

MD5
c36af5145e29e87e049643352ddbe8f5

SHA1
64159bdf6836f4bc9aadddc707edccd45677c5bf

SHA256
f65516275d74cf949bc8eb0eff2c396bb9801b77e7780c6949652b1f2e7a6ad8

SHA512
4adba1331b3f12d22b06750775ed32ed6cfbe6a8748ecfb116df9afcfb4eb34e7f31cdb52e0f7a7417d7fdc5a9d5aeb71774468345e253c67e521cbcfec5f9e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
2f587f80cc9cd0508099a3cef249f853

SHA1
32b7727c1736ecc72169be7747b6e3e3005d8337

SHA256
6828ba916d67603e65418a408da086e7c0cc6d85e8651627c240b1e1d947d105

SHA512
c347d095995959ed03814bafd826f68bc30fccca4f1eb1a1f9c000800df1dbe041486df8d636518ac4ae28169bc34ff808bb0ef144442d80d0653cbcc885364d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a90a7c5a-7f41-4aea-8476-8b29fccd8669.tmp

Filesize
17KB

MD5
923ae6caded5cceb4526ef4a38f78ed0

SHA1
8981423bcb1ab875bbf8d2e68be8c6b19f53deee

SHA256
81cd8918b2d5052be2ff1fe1d1332a034a1015c5cdb855470650da76d6d641e4

SHA512
bb055b3081155d99908382f57d6c3e1f0c2f2499d04f790e65c53bbc3aa3e0b67d448190e5e616dc905f37948058b2e27bbc1975a57a7c0a6d2228e9600c7c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
6d97de2ff42332b592caa21d1d08a909

SHA1
6958f9329b4a227fce44f7e1aa21bcfce4e8ba72

SHA256
2635bf72c71e5a2abdee238c15f4b7a482b9b6980e21e5718eaddcf32cf1441d

SHA512
fa9f340dc00c89bb99e8ef02677ad09cdbca6202315ca2ed5133bf52f4529f78fb3842c914e1294af8c34f0243a6f0afeeb0372357d0b0b963dd60965265eaab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
f9e9096feed8b66072700b887a4ec973

SHA1
7ba2dcab41af7cc818e12c3c2c39a87d892af287

SHA256
0fd836d84e09ff8b298b9cd5bc4bee72907bbaefb502a99fc7edfaa6b6c73cfc

SHA512
90d1121359d80df35ad37a7c4bd0bb0a5174fd0994fe73d4351ba35d906ac29ee0efc793d3ee231c90feece9c7c3eb0e480acaafad116d000e6c92017dab0ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
448f3ea3fadb0a7b63abaa1247e620dd

SHA1
3a17cfe56a8276c4b5b965cb5101b3170be89e9f

SHA256
12bb2b4f8e1a2a4f8696e2efe852349d119342bd9a5de6ac8e7cc73702a1d112

SHA512
910371430d209fd7b20b2b245eb25b9099feb63418ea6c6bb9fbd3997de6d9f544b98ec95018fc14b5a008fce6e4d969d14822b415add9a55aa826c1f25b01f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
bf59c44cbf55b3f49fd141040e70778b

SHA1
21b386b2cf94a52c8603797a8f53171d940034d4

SHA256
8bab705e8176e1eff90e42cc4b0ba32ecef1214a986d4f91ab5ad5d6f008a8db

SHA512
63b9c93500a9c7221c8665926bc0672074c0fbb75e3148eb6c0bf314c973fc7c2aaed12fd254afd3224c385bc3deff86db5a44bfe77709665eef2749ec948869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
a30b276ea3876144dac50d33b041c43d

SHA1
d708f6619fa533ac99f01de213fb38f64bd565d4

SHA256
d0f3878cd7758edc1d2d868f654d4c9f809d19c3792386b3049376bb2c2f1be8

SHA512
fe29de2404b78b1d0455f84454441fddb3843a238f7c7ef563dfd10c690b0042ec7a787efbcd2b28b6adb79f6bc2ee069439000e21ff9bd086a9bc8ca8517ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
7eb708c30d8864648b9681bbe9eb12f2

SHA1
07f34c11b19e727373981bddb50f28d6c68ac423

SHA256
313553124b52d4ed56cdd93119afc3853f6174454fd152065158ada3c92efb7a

SHA512
5255bb048986e71f23875920f02040c50d3004461dd4471444e92587f2673c1996f34a48af4e45728523ad260d4c5957393dbd1ebdec6b9f32a31e50b06de4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
0028432e4376e1fe8f44bd8eb67bd2cd

SHA1
59206821ea62d39e1dcc5e5521ca1c63f44e907b

SHA256
28c2f7f42c9c38b529bc5ff24a51b4a1e83dc1757fd17ce23860db02a89cdb98

SHA512
bbf2f4cf569e317bd5e83da26ae26e4879152d781fcd203ca5ed3fd8d6e46f0d3a2e7193637ccafd1c0cff5afe93a3e597422d7b17babe049e8682af2f1f1df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
65897796f19bd55f21ec561791a617e3

SHA1
3d45ce58db101df61fefe9f9c5106e4b5829ae52

SHA256
ff6160564f99529172b0ad6b330708fc890a28bef79c5cdceffb64e9331eab23

SHA512
fb84f4bf11102d2761fd5da05512b2c02911282ce40e9f105295634474cd44e116b2f2b1ef64dbfec6c7bdc4fe933df04c24c069d8a45f6aaa63ee55477446a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
5d65b456923df2d5ae48362040f7a3aa

SHA1
8685c19164b76f5034625c09014e06bdc165b7dd

SHA256
db9a9ae56256d417332fca8a8b9b201b1b943f95b8ef21d97a2e96f80a40acdc

SHA512
497bdc1c9fe65bc9e9ee257bbba805348fe39950ce38ff0f61e684974e0a74040d35601e2fe03090c005daeb1de1b486f45d7e82f8df45289482aae520f80d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
125d553d90b1487cf7135d1c124c5679

SHA1
97ff3407cb6e24feb8142a800d98ebaf23e0ff0b

SHA256
d66d0d949a26fbc36c638d02124990f7003d832398cff592236434f890ccef0a

SHA512
78a44bc0c4568dfddfff6b01da7475ac480ba97080664944357b877f7f9a523ee56937f1b1324f583b1de1e3b91b05ee44cf84462942c3ba3bc6cb61ed2aae0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0e73620efae9e0d8d8a484f3ac6184de

SHA1
40631f73853d9741fdde62b706d4ac563a90f7fe

SHA256
1fe988221f25f2edab541f1f3d40d984b981be67c23d3f79cce26ec2cb014807

SHA512
dbf16233605f8fe96a7e6dd1e61cc7f0e8668e979b3473a523bd8989261de6f68592c4b9acf962b1a695dcb10fb7390d0b670a023ff9d4eb91483001c80db8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ea1751219cca5d9d1c95353ef1314c53

SHA1
f1f0d7074c44e398fa2cc3907dd70989a81353d8

SHA256
3883c07dd72459e6ea2a5e7b6aa17e97ebddd6486e413c18a1cbc2068a4c2260

SHA512
3b34d8e5e874f1af24e63c76079c52b8862f8fcbc0cbac9299618de5cacaadb8f1fc8df9d27d789143d6a9913d61f677665214b804783257173541967eae0ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4c621fc372d3f2af0ba8318f81864950

SHA1
2f666c8cb9d3c83e38b591dc83a183a3885cb0f2

SHA256
d396633eeca8bc447dc77f85f6a883d9f666b27cf4708a7c4d7c42e75ee77e51

SHA512
c21600dd3f5db3f7ecab2f46803232f4583d31b3626e7fa645b754846184c758da9835387f7886762275633d23a8c5f0f50e22c6907b54753948dd3b81a53ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58cd2e.TMP

Filesize
392B

MD5
42418dd831dbdd5794937ee4af59f54a

SHA1
28097d8c7a27b24949118325a548c73f8d5779bb

SHA256
40e104f436905f989b852aeb2c1d5c230814619aba83361400abf5d5ad075c2b

SHA512
60625424823ad0e6faddd9665a1ebf9cdbeaa4b0f1cc188aa4ec716de5c56038c19e6e877bf24898b205911bf21dd0496d2ea0943b97603cc047ee772b441f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fb59fdf8ebb893fa18361843b0c72a21

SHA1
9a8e4ed59d107f8f0c5c5481ccff5be8c53ae492

SHA256
e14e643348d8cc9ae1212969c55793150219872401f481319d9de1412d735e4e

SHA512
429d358abd4b0ee901d6793193914111b88ca122bba8b833d1e939bc0d43ca6b3ea3097c0c79f561d7da092b83eaeb1cd0607e34191dc595b15ac592fcd10d65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\BlueScreen.exe

Filesize
9KB

MD5
b01ee228c4a61a5c06b01160790f9f7c

SHA1
e7cc238b6767401f6e3018d3f0acfe6d207450f8

SHA256
14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160

SHA512
c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140

Download Submit
C:\Users\Admin\Downloads\DanaBot.exe

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
memory/264-1462-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/264-1416-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/3400-1417-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/3656-1486-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3656-1498-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3748-1366-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download