danabot | hxxps://github[.]com/ossf/malicious-packages

Analysis

max time kernel
143s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2025, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ossf/malicious-packages

Score

10^/10

danabot banker botnet discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x0013000000024198-2261.dat	family_danabot

Blocklisted process makes network request 1 IoCs

flow	pid	Process
287	1768	rundll32.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
132	4940	msedge.exe
132	4940	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
1668	DanaBot (1).exe

Loads dropped DLL 3 IoCs

pid	Process
1344	regsvr32.exe
1344	regsvr32.exe
1768	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
132	raw.githubusercontent.com
130	raw.githubusercontent.com
131	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_538947795\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_242008006\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_242008006\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_538947795\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_538947795\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_538947795\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5696_722316457\_locales\az\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3632	1668	WerFault.exe	151

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133885948321541156"	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{44AF5167-DF65-49CD-8D5E-7B41A7565C21}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1356	OpenWith.exe
2020	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2884	OpenWith.exe
1356	OpenWith.exe
2020	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5696 wrote to memory of 2212	5696	msedge.exe	88
PID 5696 wrote to memory of 2212	5696	msedge.exe	88
PID 5696 wrote to memory of 4940	5696	msedge.exe	89
PID 5696 wrote to memory of 4940	5696	msedge.exe	89
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 6112	5696	msedge.exe	91
PID 5696 wrote to memory of 6112	5696	msedge.exe	91
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 4784	5696	msedge.exe	90
PID 5696 wrote to memory of 6112	5696	msedge.exe	91
PID 5696 wrote to memory of 6112	5696	msedge.exe	91
PID 5696 wrote to memory of 6112	5696	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ossf/malicious-packages
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffc5853f208,0x7ffc5853f214,0x7ffc5853f220
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1952,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=2592 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2268,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2564,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:2
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5620,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5628,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5628,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6184,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6432,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5004,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5156,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7124,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6448,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7328,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7132,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6608,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6796,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=5052,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7924,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7760 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=5132,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6576,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7848 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8080,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=7852 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7816,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8136,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8176,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=8252 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=5828,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8252,i,11224652871474221658,12958895944728038407,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4248

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\Downloads\DanaBot (1).exe
"C:\Users\Admin\Downloads\DanaBot (1).exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1668
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DANABO~1.DLL f1 C:\Users\Admin\DOWNLO~1\DANABO~1.EXE@1668
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1344
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DANABO~1.DLL,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 488
  2⤵
  - Program crash
  PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1668 -ip 1668
1⤵
PID:4060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2020

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5696_242008006\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5696_242008006\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5696_609931840\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d70d112ccf3a50f9da100ff6283688d0

SHA1
660bf4a732a00942c3746a93c209bb9611e794ba

SHA256
8e8384f0654c20cc2f4000c5754ce66e1e46fe90a8b91c702d16ada10e28d365

SHA512
a6c8107108254c7431b31f2e06ebdd0aec38ca302642f8ac80c58882db6db4630c4a77bc7f531f5d9b4c1f98da3488b29f6d20ebb4c97d4df511d7c2949db3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
d5d7a539446a15295e8c43bab8210714

SHA1
2cc506daea0d028e057baa7936b52c8ee1d6caa1

SHA256
63f5840ad3b66541ef39997ced96a8ebd09ac360af4bc23f1d9d6a50d4491ea1

SHA512
4d07452360bdc9e48f9ac72b5329bb0890fd0aefa554d2060be7ca81644712216083818234b509fd26f0e79ed813f44f705016062140b65ca3fc41a5c14601a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
71cdd6c8062fa39657de56d66866e663

SHA1
936acfb1e9e48ee4ec934669538487fa46d7653c

SHA256
1fdbec9d9f42636ef4ec4c39e37798b3255b45ec00ce75e9b26e3e52f05de482

SHA512
ebfb0f0e82a0c6d6e01f5326c929e98aaf6d61054ce0f115dfb3cfa04608b072b725e76b38e91a877f6537744d02dccb16fc8c6d17214f1fbdf03a9a668b91e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
5fcef9c5915681c22a0e642a80d3c5ed

SHA1
01485a5dffa6968189ce095af71a73ebdcca37ca

SHA256
dee40bda9ade74003cd43651135c4e50d2583b0e30cf2e2a709424236b5042b7

SHA512
84b482edf2b693f6eacec95a6324dcac97302b82c21891ec47813bd467750bbc552b205bb54474b2ce1b2f2c5bf269139a207aa3ffad308002884bb97d1e1452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57bf77.TMP

Filesize
3KB

MD5
c3f9682a4a396fbe5e020fbe6917bfdb

SHA1
f1e63e5b59055b26f0b9f547f7ca27f6d1576aea

SHA256
ae34eb41620f9d5242f57e4c54c5bd244fbeb3a7024c7cf1ce7b8939cb23c5cc

SHA512
c84f535b15ff7290ddf34c42c2f8a4b0d1a46253b899f66c06d16721931f89df844f2fc75deb44ece6c832d6b320902fd9dc6451f51170d5ef034e0d83222852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8bff3001d726e9eb0b9b9670b5f196d7

SHA1
88aaedc577c43289896b40fcd0465933c72d6adf

SHA256
a5f1c7c3e35801e14b8ecb3b80f887ebda0163a2dc7499659b9118904b2b40b9

SHA512
99eb699e4f3c4eeb26b74ee8287bb50d1b0d021c159beaf154b9b86f5b7540845ad2350048a31f0d987e3b8952e9251befcd12346e03096b4dd66725868e1391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
d01fde0271ca068fb8050ba3d06ba97b

SHA1
656509be2976322eafa1346e71b165347e74b0d8

SHA256
e489225c4d5bfd7480212c68d6c745d72c5e5cb860074103157f77db3d887786

SHA512
640ff47b2c8c8e5066e16499bac474296842a034cdcdead404301f7b747c898e98d2cdb4590e9da35e5df42236dbc0f43097ace6196b4eb0eff4b7ab5ebc7e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f8e0962563fdc2cc7e7b878f1c114c55

SHA1
6e331103d422d349da7be456f107329de6f42886

SHA256
65db641bc48a8b5415de3ec47c72a0f894c1ebaecfd7890c4ee18050634bf062

SHA512
f54035531165eb9f3b6024cba791bc7eb2c6a91012f493f909375c32988e8baf672fc17e07cfb12ceb89e77041bda83ca9c1bdc636188f33b05d1761380dbfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
0d222c7733748c0ce82dc27d73ecad80

SHA1
fca209f4a0346cd2f65c4625fe1173821adc061a

SHA256
37f56cc301bd99c5e2e3cdd87449d662ebce20ca374c1d148eeb27b47b24b25b

SHA512
7549e1bd604c4920b35a471459d0aac4f08df3042d00adc81a1a34362a6ed43a0436000cca10a8ac3758be2fd404ef0587b5d76c5de166fd1a7a6cd989ddae3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
27f1e3f9d14b10383cb22784de876b33

SHA1
fa82f20705e7929c50a70ed6e07236c5f6268c09

SHA256
7e1eea71b7913a946b2dd254d4ab330b6445fdbc91e8bd7beffe70d6eba78bb6

SHA512
d8986dd39e413daf6199eea57f29b137e99acfe8395a6c0cc159fb3191a27b7d32affd8d336c41e6e0a7693a539950c948d5da1d9be268c8ff0f5e843adc04d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d454c30204ab827b66cea60d046a45e5

SHA1
5bcbd10b0e88fc12e8eee4601718139a7765a63c

SHA256
09736485d92c85ca264b1604d4e48d41471111e46dbe12872a628e7df963d907

SHA512
d4a2dcd0c9595d71830706bda9932edc5900b3bde6f6b49a04689f626fe246f44b3abf89e21d4df2566462a2769e017f415043c5fe688a2c8e9c172e01aabe30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0efd31c0-f999-4870-a42f-6079b719f916\index-dir\the-real-index

Filesize
72B

MD5
249e690e8a4981514c558d3ba123c6af

SHA1
ee4485a3b3e4a3c71455be5824cbf1a6edb8669e

SHA256
75c3e25e3613f54c48c47f064d78573ac5560121af54dd0091adb84db368255a

SHA512
31f8ec274e3560c6af5c37eeadf281e590d5d3acbbd2ac6e3dcf9011329d2d82ce697f1045054597c17bb3e81fbbd087645077e3631d58ebd935a04e9dde2c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index

Filesize
1KB

MD5
daeeff68024a7d70efe8405f5ab9c4f7

SHA1
d8efcbeaabb4ac9d7bee43f552e99a56212b9016

SHA256
ed6c85ad0468c7b20aa6a31463affc442b4aaa0d068a187b85ee008496267ad8

SHA512
0c70f2059f52ccd4fa1da5f09212628b067cf6e69e0eba18fa54cf99b0a141880776438d56dfa76dfbc6c4abfebcae7fafc9305990e744e655db29847c2e5ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index

Filesize
2KB

MD5
d53b38893496b725fa459f384f3033fa

SHA1
0759cf1f28be92a145c598fc0a3b93664742ab98

SHA256
3f2e094fe9b046e0ecb80023e6c68b577a9cfd0e6b10b2afc2f446c244c5ca6a

SHA512
735406ebbce9be65d0c78e69ce738b0368ce873d3d09af4a7af24a73cef4e8b6000ec0b075ca09ce33d25544551c676a5f53e2be093e937369577522d806243e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index~RFe581d47.TMP

Filesize
1KB

MD5
0436013a8d425bf51b9527a0b3e4668c

SHA1
a7447b8e1ddd6c3ce80e45639427b0380f7a10b1

SHA256
42a041326e7cf835c5f9526a91ab356fe27e2ba1175c989eeff9d7c5ffe8ebbe

SHA512
6885cb80dbab698114d3495e03c81ea864ce6b96b8d7dffd98764b2d5946ae0e8a961a36e11c68e088ecb5736ce1cf76b7825573fa4fa69f7f917237b54fff34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c1819f8f-0ed4-4cd7-9b7b-c9bb26481d06\index-dir\the-real-index

Filesize
72B

MD5
7fda2574f090f58bd131c15eae0885c8

SHA1
bfad96f4916ab9155f65859a9ca20c6e10940579

SHA256
d104ec94ea91362a84dd96102893867b8cdbe690d51941e7fa49837fa3e430a7

SHA512
3ac90fca457277f8ca697248bd6e555a4434e275fd1622f45c0e0004e2408d69dae1f69b6c44ca1b212ec98ddf71b81ff0dc0d4dbf7a4aae12c25f5d77d9f5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c1819f8f-0ed4-4cd7-9b7b-c9bb26481d06\index-dir\the-real-index~RFe58bcf2.TMP

Filesize
48B

MD5
3c25905694830527098ae2e1b772654e

SHA1
b9d2e27e1e70734a3c29b446736c8e3a2ec1a075

SHA256
272c941f780651693b07ececf1b1af7c405806ff42c7517addc7fc899620bb60

SHA512
3d3d75dccbd5f383bf871a28035dc4a1933b2da1f6f0a23a200090f86fae5e5516ea7c500a444f4e89bd0dda1e62cfef6346769e20b215c7c89beffe92486b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c4b0b60c-a39b-49fd-bb22-9f6720f0e475\index-dir\the-real-index

Filesize
72B

MD5
5ea9f90bf0b25ca8d109cc79310c90be

SHA1
65d07e5244400768fc58235b7f5bb37368700a9c

SHA256
1aaa70a4d2b6747955b409bef030c14570d4cb326f93b029524e6956aec5a5ff

SHA512
d6f7b6d99e58f7add7d4cf2f6343a59c410bee3ac473af91405a00451e2e319335be725d0c07144e2405202bcb07b511ca4dc03a9b7c0ad4433ebad147ee0819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c4b0b60c-a39b-49fd-bb22-9f6720f0e475\index-dir\the-real-index

Filesize
72B

MD5
339d9f24500fd4de8e4256794f61cbb0

SHA1
a02982dac1e0943ba04377bd84fbf203b357c567

SHA256
50b54064962a4f82afe8fb3b9196397ad7244f96bc4ad1971c7c701c59b12ae7

SHA512
ca4ce5c3c2d9b93806263cb7f07a7feb27683c76e1dcd0beca4a7adac4bda17a5bfc922a2ed281f45155012d6d5090f882018919925d63cf20ad0c51d55d4635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
300a21967a2716c3d625848b82f6b40d

SHA1
5cf90d98862b13dac8698865f69f8c6bd2a9ee4a

SHA256
69f22bb7a9de08c7657c069c74af48c43727a020b1140b7a135ccde0476f6dbd

SHA512
6738a091c370c2c788981cd2b8f80df17939e539b53afc13acda0f7b8c953e2a570471722a4fd85a6b8234b9f737f710b26104170dac59033c88494af4883bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
ca7742cd7637be347655009c4a4b10ed

SHA1
544426de519e6a86f83723a83f4c8fe0f1b18830

SHA256
caa0fd0cbb1ae5f8651ec79ad2a9dc07258b0d6b8986f17c86981766a2daf803

SHA512
00f7f753a3da236d41e0a2a432ba04ea8d23d88e6a16123e5f6045695e233e8d9a8d1cf94b22c0251c7dea5ffce672e726b9bf35ba7d996584eea6508259b1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a48d721c1153247e77a965f0067ce531

SHA1
51c9d5464f6524c56f631069e9b40944c41ab69f

SHA256
a0414aaf826c534fc8e4ec3db34bcaa40e848a44fda4658295303b22db288929

SHA512
e4f889f135dbaa3048da83284ec310b33f8277cb9382b56d10600766a998bdae64b72452af5458d365b304b356ead9edf329dce2320a0902f73b358de0c31801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587470.TMP

Filesize
48B

MD5
a8e8fb976ec244af29a8b8442e172f70

SHA1
2729a50942c83e7decadacb9b277f63d68efb3be

SHA256
1ef722b352b65119676448f33534aced68371766e731a8b3b5b96957d65ea1a1

SHA512
5925f1d3a9182479d10a4f247755e7ffacb0dfc9e1180c3615f72831651006c29cc81ec666a99ed6fcb444e32af800638472cc954a35a8e7941652ca73527d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3e7ca9f4ac89b4b20c003cfa701ba6c6

SHA1
18ef7074d6ec412c9e6f49a8f02be2469cfbf5a9

SHA256
75f4e56ca4616ec997dc4918a86a695d3a16f0b0b0284bae2c91cc5d04513aa1

SHA512
20ab61043dbabc500afbf89e22b123d5f4fe32831c9e2d321e3aa32c1388f9a3de09a839bb56ee219298ca4e0dd3ce865349b749b499e25a021ef7b3e4cfddb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
6cc291dcd50fc269365a2ac41c1ecf69

SHA1
259fed99561184505e2af395b165363c950dd117

SHA256
4d765ffa3a2cbcdfae6e59e67beeee7afdcf2ef8688b7270387543d676515ef3

SHA512
6cd3348bc5c2882f381b2ddcf3affae32a3e216d156bbcd449bb62208a8c97012892a8bb37382e8363ff2d302fe3d82e8a156f1b2fb49182fb2ef1725eb3fa03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
32cfdcdbd4d8b2c30e7e10e9f651e784

SHA1
163a0b5b0a88472aa04ebdfd0f5ed7ef692605e7

SHA256
1b105a697bb2c04b32ba900cfe1a47d265e9f0078c88700fb36ada1641f37f21

SHA512
a99aa599efe910e90e37d9e64ae3134b1aaaa147ad6d2eb3b2e240dc77010c1cdd6ebab55318ee7816e9e1cbe41c23db6b79c4aeff8249f5ca639fa86d9f7900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
892B

MD5
6a138a92c21c18089b054d7c6c4c7e8c

SHA1
0929c20ed65b0d2ba2bf12bc258e83297e8e526f

SHA256
029148a6f9d866154269f171cdfae80c31c506d5f0a1770f3a3a28ff39878542

SHA512
45af3e12655ea664c7d9f28541378b15de7eac846ef8c875ed4f0ffc2f5ee1125254e64ee539eb9fa5655d01e5f12a11b8ce25bddbc0dfa49947a6f1e5b7f798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2024.8.10.0\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
32bd2e0ffa1ca01fcebc623e4cb76b74

SHA1
77df6a53044b7b203603408ff553f785310f2300

SHA256
d53ab64eb251907397997ba72ddc991c259c829355bd4d3f631c5c6311779a74

SHA512
7b427c5f3b284905b775e0270599a1d55e752d83dddd9fa30144ab1a86f6afe595f607143695052c40cc1660ec78d8f807c45c3006e974ba580f646c560b5122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
49a5ac5164494b80f6694d396a75db3b

SHA1
e98ff03c184f2dfa0108ae9c8c10082a5f24fca2

SHA256
609e5c02b2ae58bab90af760da69a0fa01c27374d7a755c53886a8be858094c2

SHA512
c58bee1df9468d663fa63e3252b2c8aa88c9cf2c4e6e8e44f836161930bf18b679512f36a4e76696e4bd283f29c58ffcdec2d14b1795afb169ce5de0a73171f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
4628ab054972baf0a22ce6bc1641ea48

SHA1
087d93920b4d6cba64aab209cb05a9ccd6694015

SHA256
2da205c547b84d767f72df0f051142bf587ac84bef446320836d36300de97984

SHA512
52554a5121c283cbe27fe88a804c863aaf59513d5a1189602e62cabaa9bd16fd7461cfd04d10048a2d38dd67e1a36e5bbeb2836f905861697696511f615f1c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
8e36e6105025d497f4abf2628bcb7f07

SHA1
32a73b74b2e9e0d1d104067e6bf4064b692d0ad4

SHA256
e36b3b142a6117ee40411d83be88e12a8e003b60b98ab8fc038c9bd1b53a719b

SHA512
0a5017f5942588ceb6aeff3aab401698545681590f24884176c247e1671f01bf911d2368bb6319617a297f0e91406b9dcbc3369f028ca85e990a5a5d7c179e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
2a0f3f73d88e0e0b3284262af9b8ea99

SHA1
9556715bf79454b17b1819ebe72545948a09859c

SHA256
e869036f884f35ab300a429ac0dc4e708408adf5d7785e907494f3c0abdcb7ac

SHA512
3b841f4d28e6d07360c0769c82ea7cdedc8b0d8aaab15672074c8f24d09386c6d9d4a15e02f831bc0aee7bc275adfc448a1f29c78989e55e298db492dd303bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
2a60ce316540352b0ead59d4eafc40e1

SHA1
3069dd6e83ff262b0b65f6eb17b6aca5c0bd9dcd

SHA256
260568253f2f5ae25e5a977a6e6263e131b29cb7aab5e7f329cc505b66da7852

SHA512
836714aabc8ba4111a3b48187a7877ca0ae74bf4af6ca48b474e82e801ce068ccb2da9a397863bbe18ceb95a7a948d28ae5852f61574dbffd673ab1135dcbd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c25014a1850aef2bffc761781c1d9474

SHA1
77d343ce58b853901180b27cc17c6e427412a4e8

SHA256
5c406d24e185f65d7f4cf509a035c2f4ce63fd9113facdaa1b4be3535a4198c5

SHA512
49fcf813f1c23a83b953acc51a223c9d826080dc54f7659d482ae8d24ae339645e386645d48e303d0db38c1521e5687ed6c2a78f0dd04bd016054421e4efcfbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4605d259c7b669a75ef703cbbd79bfa7

SHA1
3e3ba89b20073ff5fafe526373dbe77da5156da6

SHA256
2b0e64b1415d9962c953f025fc3fa1246d895b3a96e774c68583418f8f48a79b

SHA512
e1cc225857ce63295ea508397caa1a9824da3f06a93f09710e87d7240c61a03569ba492c4f707f6d632d0cb8445b0134d89ee6ef1f7efa57c47e99e7f65db2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a3dcf4d1f4807f0ff2d4b9901b763261

SHA1
211185a0be48be5637415119f75bb0b19b45504f

SHA256
e291c982e992ef7fb2ccbc75b5e86d0a1014c03d7deddee9f0be6f53b85b7cf5

SHA512
0a0bdae7d3fbfcb0f5ca33db831c52f1db73c806bc1760621417d7ede0c2a7e224b484841c5feafd41eb0462cadc21a4bf4490db4ee9c4b69e91231ea98c3778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
28817d57db6527fe052bafb34e99ee66

SHA1
339ed126623b3eda77fc47216df7a463b58237b4

SHA256
de8bf54965949978b2efb61b89761a6b0c7b29865193778197ef7479e9fa5184

SHA512
0b560bafb4195651a2b5ac151d978d221225e8728532a40b0ab754f6c9b94fb6ee1eed021079881da2c168a3506cdd0e84202f3daed651b9f2d706085869dfb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
5d2b0093ff53ff8fc3a855153404d969

SHA1
b2a79dea705cb185a01037a02ed312f3d0137291

SHA256
5dd4a5311b1bf5f6ab76ba97ff75cf1e96e762397beb0515ea490ae31669c0e8

SHA512
a43f9b8e9f147a05222d06793c01cf124a7f76840ce63b4d4c17c5289c851b879c5efef5ffb9ad7151edc5052cc12f8f35127817967e1eac68526dec72291597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe582c3b.TMP

Filesize
392B

MD5
4a94c1531ce64af0ec5b37c32361880e

SHA1
18d65f1332f7d3ec435a53f41592cb49cd4b019e

SHA256
43173f09e0426b3513017a20f08f2c52fdef4be61bc04161c19f337d449d4b58

SHA512
9e085cf416df18ea0521e29ca951953b6c933e1693490686e3ce6e9bf46a2110b6fc214fe7469adeb5869421f7035f14ab1c535c9fa18e4e277c7bff1dd8ffec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e529b080933dd0512b0fa0c6d251288c

SHA1
bd70e2cb2cba207d12d7cc3e17c787386b931ca1

SHA256
0bea0d5fd7d0bf1cbb28b568df8b164e2106ca9b12bdaadd068be62c80e785e4

SHA512
478fcd83f242f13c180a7e7d866ae95a8bd07f38b61cbaf0145290283e35cbdcc1b1a0b862aa59fa9c98768da2d568f2bd764501a7ebadf7ab5061523f47beb6

Download Submit
C:\Users\Admin\DOWNLO~1\DANABO~1.DLL

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\DanaBot.exe.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827

Filesize
152KB

MD5
6164228ed2cc0eceba9ce1828d87d827

SHA1
cea5bc473c948a78ce565b6e195e6e25f029c0c6

SHA256
7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195

SHA512
b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37

Download Submit
memory/1344-2264-0x0000000002B00000-0x0000000002D6B000-memory.dmp

Filesize
2.4MB

Download
memory/1668-2266-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/1768-2287-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download